SSL + DDNS on Synology NAS

Last year, I picked up a Synology Diskstation DS412+. This is a great little NAS.  It’s affordable, consisting of basically just a backplane and a chassis.  You supply your own hard drives.  I bought it because I needed a local server that could stream media to a Roku and it fit the bill perfectly.  One of the cool side benefits is that this model supports NFS, iSCSI and VAAI primitives, so it will make a nifty target for my VMware lab.  I’ll talk about all that in a later post.  In this one, I want to talk about dynamic DNS.

Since I’m on Comcast internet, I don’t get a routed /29 like I got with my old AT&T DSL connection.  Dynamic IP addresses and servers don’t really mix very well.  Unfortunately, the DDNS client included with the Synology DSM software doesn’t have support for my DNS registrar.  Luckily, DSM supports third-party packages and I found one that works.  It’s called DDNS Updater, written by QTip.  You can find it by adding CPHub to your package sources.

Unfortunately, DDNS Updater doesn’t do SSL out of the box.  This is a problem since my registrar uses a DDNS update key that’s sent in the clear as part of the URL.  On a shared medium like cable internet, that means if the kid down the street sniffs the line, he could arbitrarily change any host record on my domain.  Including the MX record that he would need to hijack my account.  That’s bad.

DDNS Updaters DOES support SSL, but you have to hack your NAS to do it.  Here are the basic steps:

Follow these steps to install the bootstrapper.  This will allow you to install IPKG.  The page is pretty long but the whole process takes like two minutes tops, so don’t be intimidated by it.
Next, install perl and perl-io-socket-ssl:

Connect remotely to the Disk Station via telnet or ssh as root and execute the following commands:
ipkg update <enter>
ipkg install perl <enter>
ipkg install perl-io-socket-ssl <enter>

Lastly, install Init 3rdParty (prerequisite package) and DDNS Updater if you haven’t already done so.

That’s it.  In the Options for DDNS Updater, you should see that the “Use SSL” box is no longer greyed out and you can now secure your DDNS connections.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s