Standard

Posted by

Posted on

April 4, 2014

Posted under

Networking

SSL + DDNS on Synology NAS

Last year, I picked up a Synology Diskstation DS412+. This is a great little NAS.  It’s affordable, consisting of basically just a backplane and a chassis.  You supply your own hard drives.  I bought it because I needed a local server that could stream media to a Roku and it fit the bill perfectly.  One of the cool side benefits is that this model supports NFS, iSCSI and VAAI primitives, so it will make a nifty target for my VMware lab.  I’ll talk about all that in a later post.  In this one, I want to talk about dynamic DNS.

Since I’m on Comcast internet, I don’t get a routed /29 like I got with my old AT&T DSL connection.  Dynamic IP addresses and servers don’t really mix very well.  Unfortunately, the DDNS client included with the Synology DSM software doesn’t have support for my DNS registrar.  Luckily, DSM supports third-party packages and I found one that works.  It’s called DDNS Updater, written by QTip.  You can find it by adding CPHub to your package sources.

Unfortunately, DDNS Updater doesn’t do SSL out of the box.  This is a problem since my registrar uses a DDNS update key that’s sent in the clear as part of the URL.  On a shared medium like cable internet, that means if the kid down the street sniffs the line, he could arbitrarily change any host record on my domain.  Including the MX record that he would need to hijack my account.  That’s bad.

DDNS Updaters DOES support SSL, but you have to hack your NAS to do it.  Here are the basic steps:

Follow these steps to install the bootstrapper.  This will allow you to install IPKG.  The page is pretty long but the whole process takes like two minutes tops, so don’t be intimidated by it.
Next, install perl and perl-io-socket-ssl:

Connect remotely to the Disk Station via telnet or ssh as root and execute the following commands:
ipkg update <enter>
ipkg install perl <enter>
ipkg install perl-io-socket-ssl <enter>

Lastly, install Init 3rdParty (prerequisite package) and DDNS Updater if you haven’t already done so.

That’s it.  In the Options for DDNS Updater, you should see that the “Use SSL” box is no longer greyed out and you can now secure your DDNS connections.