Qnap has the ability to run as a VPN server or a VPN client. Let's say your Qnap is on your home network, and you have a laptop that you take with you.
A VPN server will allow you to connect your laptop to your home network remotely (from work, from your friends house, from the coffeeshop, etc) such that your laptop will appear to be on your home network. The Qnap running the VPN server will facilitate this. Your laptop will be running as VPN client.
On the reserve side of things, the Qnap can also run as a VPN client. This time though, your Qnap connects to the ExpressVPN server such that it appears as if it's on ExpressVPN's network. This is how you are protected when torrenting. The companies monitoring the torrent sees ExpressVPN's network rather than your home network, so they can't identify who you really are.
That message is telling you that the Qnap can't run as both a VPN server and a VPN client at the same time. You have to disable one to use the other. In your case, you want to use the Qnap as a VPN client, and disable the VPN server function. Go to Control Panel > Applications > VPN Server, and make sure the two items are unchecked.
> How do people with malicious intent even know my NAS is there? MyQnap cloud?
Possibly - or port scanning if it is exposed to the internet. Check your IP address in Shodan to see if it is visible.
For security reasons I highly suggest you don't have a QNAP exposed to the internet or MyQNAP cloud. If you need remote access to the device - setup a VPN on your network and access it that way.
Open the QVPN Service app (may need to install), under VPN Client (left), select VPN connection profiles. Click add to add a new profile. This will ask for a file that should be available from your VPN provider. I logged into my provider's site, searched and downloaded it. There are going to be two files needed from your provider (at least if you're using openvpn). Continue filling in the information. Once the profile is added, right click in the list to edit it. Fill in/select more options and sign-in credentials as needed. Test to see if you can connect. (Also be careful because each port will need to be set up independently if memory serves.)
I like to ssh in and use the command line to verify this is all working even if it says connected. I've found this command to work (this should match what is reported in the GUI):
"curl ipinfo.io/ip"
Using this setup and choosing the option to allow other clients on the network to access the VPN, you can point the device at to your qnap server (router/gateway address) and it will get routed via the same VPN connection. I tested this using a raspberry pi and it worked as described.
Anyhow I found it pretty easy to do.
I have the 653D and have no issues running 16gb. Considered 32gb but felt the CPU would limit my ability to take advantage of it so stuck with 16gb instead. Running these: https://www.amazon.com/dp/B07TP6XXLF/ref=cm_sw_r_sm_apa_fabc_ntP8FbMQ2JHJ1?_encoding=UTF8&psc=1
If you have an Android phone then Foldersync has various ways of doing what you're trying to do. I used to have a daily sftp one way sync set up using this app, but there are various options.
https://play.google.com/store/apps/details?id=dk.tacit.android.foldersync.full
Very nice solution at
Change to match your tun name.
As for the "sudo start" parts I created a file "sudo "and put in it
stop
start
Should be enough to get you close if not do all that you wanted.
I could be way off here, but I'm pretty sure when you login to your Plex account it authenticates you against your plex.tv account which then redirects you to your local server address/port. Which would explain why you got redirected to your old Plex server after login. By going through the local configuration, you've registered the new server address with your account so afterwards it knows where you redirect you after login.
nice find!
My generic way of finding an answer to a question like this: go to "AlternativeTo", search for the programme and filter by "Self-Hosted".
Seems much overlap with what in above thread is mentioned: https://alternativeto.net/software/wetransfer/?platform=self-hosted
> However, because we need to keep two QNAPs in sync across the WAN, we need to be able to safely open two additional router ports used by HBS 3 (RSYNC and RTRR) on both ISP routers.
I would suggest looking into installing routers that support firmware such as OpenWRT or DD-WRT. These firmwares provide the ability to configure a VPN connection and only route traffic to specific IP addresses via the VPN, while all other traffic goes out to the internet. Since you're already using OpenVPN, you're halfway done!
Here's an example in OpenWRT and another in DD-WRT. The general idea is that one site will have a router setup as the VPN host, while another router is configured as a VPN client. Both routers are then configured with static routes directing to the other's IP address via the VPN tunnel.
Oh good question, should we start a list here? If so...
Sideload Plex server from Plex.TV the other one on the store is way behind in version (though it auto updates, side load requires manual updating)
You can use virtualization Station to create a vm and kubeadm to install kubernetes, following the official tutorial I hope your qnap has a lot of memory and a good cpu as kubernetes vms require at least 2 cores and 2 gb, anything less will cause issues. If you have enough resources and your idea is to learn kubernetes I suggest you to create 3 vms (1 controlplane, 2 worker nodes).
>except it feels totally unnecessary to have the Google Drive client running on several PCs just to sync KeePass.
You don't need official Google Drive client. A KeePass plugin is enough for Windows and Keepass2Android has support built in.
If accessed through VPN, you could safely disregard the security aspect of FTP, WebDav, SFTP, HTTP, SCP, FTPS, SMB or any other file transfer protocol. Double encryption that SFTP would provide (along with VPN that tunnels it) feels too paranoid. Just use the easiest one to setup. For me, that's Google Drive as it does not need VPN.
Yes, QNAP used bad coding in the programs.
The Internet is continually being scanned and scan results being updated all the time.
Just look at: https://www.shodan.io/search?query=qnap
Ah, yes, that's fine. However, if you have not made the NAS accessible from the Internet, then there is no need to change the ports.
Most people change the defaults ports to something else because that mistakenly believe that doing so is a security measure - it is not, and therefore can keep the NAS accessible from the Internet.
If you want to see just how ineffective Security by Obscurity is, just run a search on Shodan.
StorageReview recently tested Qtier and SSD Caching, with both methods yielding about the same results. Qtier seems to have the disadvantage that it can't be removed from an array.
I believe the M.2 slots can only be used for caching (not data or app installation). They're SATA, just like all the other bays.
I have a couple QNAP's with large (10TB+) emby libraries, and caching does seem to speed up library scans.
For a music, maybe take a gander at Airsonic.
Hey figures out the issue - it is to do with the temp folder being full and there is a fix for this. Third party package can cause this issue as described here https://github.com/Jackett/Jackett/issues/5929
other people encountered the same thing and directed the temp folder to a different location to solve the issue. hope this helps.
I know you only talked about a folder sync, but I suggest having a look at this https://www.macrium.com/reflectfree .
I use it to do a daily incremental image of my whole computer to the NAS. You can schedule operations, create a USB-Stick to boot from and restore via network (which really saved my ass one time) and have a backup of your whole drive/computer. First backup takes some time of course depending on the amount of data and network speed, but the incremental ones are really fast. Plus you can define a ruleset how long backups should be retained. So you never overflow your storage on the QNAP with these.
I strongly recommend this software to everyone looking for a backup solution because it is so much easier and complete than a simple file-based backup. The time needed for it also isn't that much of a hassle really. You can also adjust, how much processing power it uses, when running in the background.
Only drawback of the free version is, that you can't do differential backups - only incremental as said, but that's usually not a biggy.
Have a nice day.
I dropped Qsync. Tbh, is a fairly BAD software. You have severe restrictions on what folders you are allowed to sync.
I suggest a free, open source instead: FreeFileSync
Much more customizable, and you can make it work with any folder (external drives, other folders in your hard disk, etc).
The crashplan app is not available from the app center anymore, at least not in mine. I did find a thread that mentioned it working on 4.3.3 but I'm not sure about 4.3.4. I was able to find the qpkg here but it hasn't been updated since November and it mentions Crashplan's older plans and encryption techniques in the description. I was hoping someone might have dealt with this before me and be able to share their results :D
>gitlab
>server has only 8GB of RAM
lol good luck, or install gogs instead like I did :)
Gitlab pretty much comes out and says you're gonna have a bad time unless you have 8GB of RAM allocated just for Gitlab.
If your QNAP has only 8GB, then obviously it's not all allocated to Gitlab. I never got Gitlab to run well on my 251 with 8 GB of RAM. It would eat up RAM and crash within a day, and the whole point of having a repo like that is so that it's just up and ready for me to use.
I found gogs and have never needed Gitlab for my purposes. Maybe it'll be the same for you.
You may try this adapter.
M.2 to U.2 Adapter - For M.2 PCIe NVMe SSDs - PCIe M.2 Drive to U.2 (SFF-8639) Host Adapter - M2 SSD Converter
https://www.amazon.com/StarTech-com-M-2-U-2-Adapter-SFF-8639/dp/B073W65QX6
On my TS-h886, I added this: https://www.amazon.com/gp/product/B07WSFYGQN/ref=ppx_yo_dt_b_asin_title_o08_s00?ie=UTF8&psc=1
Works fine. If I recall, my NAS is pretty forgiving on the specifics of the RAM used.
I don't know exactly what switch you're using, but you could always use SFP transceivers like this if you wanted to go the SFP to RJ45 route.
This one should support speeds up to 10g, but i'm sure there are cheaper variants that only support 1g.
I bought these two with no problem so far:
SK hynix Gold P31 PCIe NVMe Gen3 M.2 2280 Internal SSD | 500GB NVMe | Up to 3500MB/S | Compact M.2 SSD Form Factor SK hynix SSD | Internal Solid State Drive with 128-Layer NAND Flash https://www.amazon.com/dp/B08DK2FB7G/ref=cm_sw_r_cp_api_glt_fabc_FWWY23QXRQNEQTPS5QJK?_encoding=UTF8&psc=1
WD_BLACK 500GB SN750 NVMe Internal Gaming SSD Solid State Drive - Gen3 PCIe, M.2 2280, 3D NAND, Up to 3,430 MB/s - WDS500G3X0C https://www.amazon.com/dp/B07MH2P5ZD/ref=cm_sw_r_cp_api_glt_fabc_EDPF3QJ41WPRXEXJ61A3?_encoding=UTF8&psc=1
I just realized my Transmission wasn't working and couldn't figure out why, until I saw that just updated everything. I managed to get it working a few minutes ago.
Go to and download your new ovpn file from whatever location you want to connect to (click that you do not want a file). Also, copy your VPN username and password from this page. It is different than your normal login info and will be needed.
Edit the ovpn file with a text editor and change 'auth-user-pass' to 'auth-user-pass ' (that is where the container puts your OPENVPN_USERNAME and OPENVPN_PASSWORD variables)
Change the new ovpn filename to . You'll need the path of where that ovpn file is to build the new container.
Here's the command I ran to get myself connected back up with haugene/transmission-openvpn (you'll need to change the path to your new ovpn file, put in the weird VPN username and password, and you may have to enter different subnets under LOCAL_NETWORK depending on your particular config):
docker run --cap-add=NET_ADMIN -d \
-v /mnt/datalocation/:/data \
-v /etc/localtime:/etc/localtime:ro \
-v \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=CUSTOM \
-e OPENVPN_USERNAME=trustzone username \
-e OPENVPN_PASSWORD=trustzone password \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.1.0/24,10.6.0.0/24 \
-e "TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false" \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" --restart=always \
--log-driver json-file \
--log-opt max-size=10m \
-p 9091:9091 \
haugene/transmission-openvpn
Hope that helps.
I bought two of these - Crucial 16GB Single DDR4 2666 MT/s (PC4-21300) DR X8 SODIMM 260-Pin Memory - CT16G4SFD8266. https://www.amazon.com/gp/product/B071KP8CGJ/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1
Appreciate all of the advice. I just bought two of these, https://www.amazon.com/dp/B08FNX4KY4/ref=cm_sw_r_cp_api_glc_fabc_3G-9FbBSTCMD2 .
I also got a 16 YB Crucial RAM. The NAS is brand new and I haven’t taken it out of the box yet. Saturday is the setup/install day. I’ll report back with results.
Apparently this single rank bundle is okay according to another recent post: https://www.amazon.com/dp/B07TP6XXLF/
Edit: I got the link from this post: https://www.reddit.com/r/qnap/comments/kq08s4/ts253d_max_ram_ram_typespeed/
Okay, enough people have asked, I'm going to reply here, and direct them all here.
I'm going by memory on some of this, so some technical and linux know-how will be valuable to you.
First, the x77 series doesn't have built in video, so you'll need a supported video card. I used this.
Second, you'll need to follow the instruction and install Debian Buster first, then install the ProxMox on top of that. It works well because ProxMox used Debian as its base anyway. Instructions for this are here.
Installing Debian first lets you set up partitions ahead of time, however you like. I used the built-in module, which is shown as a USB drive, for /boot. I then setup the M2 SSDs as a mirror for /. I created a zfs pool and mounted that as /storage on my HDDs. ProxMox supports ZFS very well.
I used a iodd to boot an install DVD for Debian. I don't remember which key gets you into the BIOS. F2, F10, F12, ESC... it's one of them :-). I just pressed them all in sequence until I got where I wanted. A USB DVD drive, or bootable flash drive should also work.
Once you get the boot settings updated, it's just like any other computer. You might have to adjust the boot settings back to the internal module after you remove the USB drive.
I have a APC Smart-UPS connected that auto shuts down then restarts after power failure. No issues. Been running this setup for 8 or so months.
It sounds like you may be combining/confusing 2 uses of VPNs.
Using a service like NordVPN allows you to use a VPN client on your PC to connect to their VPN server, for example to mask your activity online.
In order to connect remotely to your NAS, you would run a VPN server on the NAS (or router, or another computer on your network such as a Pi), and again use a VPN client on your computer/phone etc, to connect to that server. The guide in the sticky is for accomplishing this.
https://www.amazon.com/gp/product/B00CQ35HBQ/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1
This was the exact product that I had bought and used in the 251+ - I can say with certainty because I actually went back to my amazon orders history so I wouldnt have to open up the laptop. You'll probably notice though that the listing is only for 1x8 GB stick - I had already had an 8 GB stick of the same model and ordered this one to match it.
I dont know why manufactures make the claim that it only supports 8GB, because it certainly worked fine with 16 GB. Just a heads up though on that note, I want to say I've read that installing anything over 8 GB can void the warranty if thats something that matters to you.
I ended creating an ubuntu VM just to be able to run transmission and JDownloader with Mullvad. This is pathetic.
I could open a ticket, but sincerely, I no longer have the energy or interest to mess with QNAP, so fuck it.
Yeah, it shouldn't be that complicated but I've found that not only does it depend on your VPN service but the reliability of the particular server you're trying to connect to. I use QVPN with NordVPN using the nearest servers for OpenVPN and for the most part, it's pretty solid 7 days+ uptime being quite standard, but I've failed to connect to other NordVPN servers for no apparent reason. So do try other servers before you give up completely. Assuming you've got the correct ovpn config files for the server of your choice, and you've entered in the correct credentials, all you do then is set that profile as the default gateway.
I'm not in a state where I feel the need to be ultra careful, though. 15+ years in running bittorrent I've not received one complaint from my ISP - famous last words, I know. However, I'm still looking at the Container docker solution and I know there's a Deluge with VPN that folk are using on QNAP that works well. I will install it - eventually.
As promised here is the documentation of how I have DownloadStation 5 working solidly with NordVPN. I experimented with a few combinatons but this has worked well for several months now. DownloadStation runs 24/7 as I have it searching for several rare torrents. Every few days I get a notification that one has completed, and if I add a well seeded torrent it will download at somewhere between 2-3 Mb/s. Otherwise I don't really think about it as it just reconnects when needed including after restarts (which are rare). Might be disappointing for people as I didn't do much special on my config... most things were set back to defaults in the end.
I've put together screen shots and notes in this post on Imgur.
NordVPN OpenVPN profiles can be downloaded here They are just text files and handy for getting the IP address of your desired access point.
One final thought... I don't know if various Nord servers respond differently with long term connections? I have had connections to 4 different Nord servers set up over time and in the end I stayed on the second one I set up. No particular reason other than it has maintained the best throughput.
If I can provide any other info just let me know.
Less time than it takes to get the hard drives out of the way and install the ram. I found the swap to be kind of difficult as well...really hard to get the ram modules to actually click in. Are you sure they were fully engaged in the slots?
EDIT: I have the same QNAP unit, and I did get it to work eventually. My first try, only one of the modules was fully engaged so I had to go back in and fix the second one. I accidentally snapped off the little thing that holds the ram in place (why the fuck is it plastic), but it did engage.
The ram I used is: https://www.amazon.com/dp/B00JCRZ6XS/ref=cm_sw_r_cp_apa_i_.JSrFb2YJCC3F
Scenario: I can only have 1 Ethernet cable run from the router to my working area. There I have my computer and the NAS. I would like the NAS to act as a network switch.
RPELY - NO NO NO. You go out and you purchase a nice little 1G switch
here is a little Netgear 1G 8 port for $22 dollars - is that cheap enough ?
This is the GS-308. You take your 1 ethernet cable coming from your router, and stick it into this switch. Now one port goes to your computer ethernet port, and one port goes to QNAP Ethernet port 2 or Ethernet port 3 (the 1G ports).
Now take your thunderbolt cable from your computer, stick it into the QNAP T3 port, and we are done. $22 dollars. Is that acceptable to you ?
​
​
The NAS is configured to have a static IP. I also configure my computer to have a static IP. But the computer can’t get online. I can access my files from the NAS but no internet. So I figure I need to set up a VNS (virtual switch) but I don’t know what I’m doing wrong and want to know how to set it up. To learn.
​
REPLY -
you will follow my instructions. I expect you to place an order with Amazon as soon as you read this. In your next reply you can say "I bought the switch, and everything is DHCP , and now it's working great" - or you can say "I bought the switch, and I can get internet on the computer and on the QNAP, but I can't get the QNAP to connect via T3. -" - then I will help you . However, if you refuse to spend $22 dollars to solve this problem, - well, I will hunt you down, and kill you.
Bob Zelin
Haven't solved anything just yet, but this is a much more comprehensive answer, and I thank you.
Does OpenVPN work with my Private Internet Access subscription? Is it client software that runs on the computer trying to access the NAS? How do I know which port to forward on the router?
You can always connect to you Qnap via SSH creating a SOCKS proxy and use something like Foxyproxy to use that proxy to simulate you are connecting from the Qnap, for example:
ssh 192.168.1.23 -D 2309
Will make you local port 2309 route traffic trough the NAS in the IP 192.168.1.23, you should now use FoxyProxy to route traffic to your local port, something like this, and voilà you are now proxying your traffic as if you were right in the NAS.
Hope this helps.
It's much better to have your VPN configured on a router, and then specify the QNAP to route through the VPN only (called policy routing)
If you're networking savvy, I recommend PFsense. If you're a beginner to advanced, Tomato firmware.
Advantages of having it setup on your router:
Transmission is the best torrent client for QNAP, however Deluge is also a good choice if you like fiddling.
Install the entware-ng package, and install the transmission package (entware version as it's the latest).
Oh, I would also highly recommend ExpressVPN over PIA, it's WAY faster and they don't keep logs.
You're pretty much set from there, let me know if you have any specific questions :)
P.S: Would not recommend the use of the inbuilt QNAP VPN client, its likely apps will not respect routing rules and traffic is likely to leak.
I have this card deployed in my workstation and it's running fine. https://www.amazon.com/TP-Link-TX401-Ethernet-Supports-Including/dp/B08D71PVXG/ref=sr\_1\_3?crid=34NMPVKYV5VLH&keywords=tp+link+10gb+network+card&qid=1671646658&sprefix=tplink+10g%2Caps%2C100&sr=8-3
The QNAP is a client of ProtonVPN. It seems that QNAP doesn't allow more than one wireguard profile with the same client IP, in order to use it as a backup when the primary VPN connection is down. The only way I can get around this is to use OpenVPN alongside Wireguard. It's kind of stupid really.
It's frustrating because I can have QNAP connected using 10.2.0.2 IP.
I have a Mikrotik router that I am using for the firewall and have thought about using it to establish the wireguard connections, but just havn't figured out yet how to learn to do the routing. I suspect though, ProtonVPN is still going to deny me more than one connection with the same public ip address.
Are you accessing the NAS from outside your home network?
If you are not and the NAS is NOT currently externally accessable then no a VPN will not help secure your NAS as it is not exposed. From what you have posted this may well be the case.
If you are accessing the NAS from outside your home network, and the NAS is exposed to the internet, then yes it will help secure the NAS. This is because you can stop exposing the NAS to the internet and just have it available on its local network. Then you use the VPN to securely appear you are on the local network even though you are actually remote.
There are multiple option on how you can setup a VPN. Personally I run OpenVPN under docker on a couple of different Linux systems (yes I have primary and backup VPNs) but that's just a more complicated way of doing it as the options were more limited when I set my configuration up quite a few years ago.
Just because a lot of people are saying they are doing this doesn't mean you need to if your usage doesn't require it. Note this isn't to be confused with using services like NordVPN, ExpressVPN, etc which are for encrypting traffic between you and the internet rather than allowing secure access into your home network.
Solved my need!
I use QTransmission for downloading via the NAS. It only allows you to bind to an IP; not an interface. DUMB.
Every time the VPN bounces, I get a new IP from it and have to rebind the app to the new IP. This is why frequent bounces are annoying.
I discovered that WireGuard VPN connections have their LAN IP specified in the client config, so it's static. So switching to a WireGuard connection solves my issue, and it's faster than openvpn. Bonus. Fortunately, the QNAP VPN client supports WireGuard.
Then I discovered that neither of the two VPN providers I have accounts with, ExpressVPN and NordVPN, will give you manual config info to set up WireGuard connections. You have to use their clients or router firmware.
I found an article explaining how to dig that info out of your NordVPN connection in Linux.
I was able to find a P2P server in the country I wanted via Nord's website (and their DNS addresses) then connected to it on my linux laptop and did the things to get the info needed for configuring the connection manually on the NAS.
I then piped it into a WireGuard connection profile on the NAS, and presto!
So far, so good. The speed is great, the client IP never changes, and I know the "kill switch" IP binding works perfectly as I've used it for 3+ years.
In theory, I should never have to mess with the app's IP binding again and VPN bounces will go unnoticed.
ok - I just looked - so it's $518 as opposed to $799 for the QNAP. But the Mikrotik is
ok - it's $799 too -
​
and it's 12 port. So are you actually saying "but I can save almost $200 for the Zyxel " - this means nothing to me. When you take your wife or girlfriend out for dinner - how much do you spend ? How much do you charge your clients per day ? Does this really matter ? And if you are a home "hobbyist" - and all you are doing is Plex server so you can transfer your massive "Game of Thrones" library to back up drives - I really don't care.
These are all acceptable solutions. This is like saying "I can find a 10G Mellanox card on ebay for $40 dollars". I don't care. Work harder - ask for a raise, buy a nicer car. Eat that expensive appetizer at the restaurant next time, instead of worrying about your "Game of Thrones" library.
Bob
The model TVS-h874-i5-32GB-US is in stock at Amazon.com now. It says they have 2 left and more on they way :-)
https://www.amazon.com/dp/B0BFW1QV19/ref=cm\_sw\_r\_api\_i\_ZJKRYSQWJPYZKHVNYBNG\_0
WTF Bob, you are truly unhinged. What are you saying exactly, that since you know so much about technology, and this user shares a name with a subreddit, he is wrong about a simple fact that is easily verified with a quick google search. Here it is, you absolute looney. https://www.amazon.com/QNAP-TVS-h874-i5-32G-US-High-Speed-Networking-expandability/dp/B0BFW1QV19/ref=mp_s_a_1_3?keywords=Qnap+Tvs&qid=1669692194&sr=8-3
https://www.amazon.com/gp/product/B0002CWPW2/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1
It's this switch. Unmanaged. Nas is connected via DHCP. No IP conflict, I made sure to reset all computers and all devices attached to the device. No virtual lans. I'm not sure about the rest of the settings.
Even better. MacOS has built in SSH client. Just open terminal and type "ssh username@NASIP" and presto. If using any port other than 22, add "-p XXXX"
Took all your suggestions. Actually cancelled the 6 bay and went with 8 bay instead and will be filling out the HDD's. After thinking about it, I'd prefer to just go ahead and upgrade the RAM when I get it and not do it later. I couldn't find a compatibility list for that on the website... I'm guessing since it's so new? Should we just use a list from the 872x list? -- https://www.amazon.com/dp/B07ZLCVKPV
​
Or would this likely provide little to no benefit?
why is the TS-832PX a piece of junk ? Because I unfortunately bought one for myself. It's terrible. It's slow. You want something cheaper than the TS-h866 or TVS-h684, then get a QNAP TS-673A (this needs a 10G card as well).
Here is a TS-673A on Amazon - $899
Video editors use Terabytes of storage - not a couple of hundreds of Metabytes.
I am giving you info based on my experience, and I have put in a ton of QNAP systems (and other brands as well) specifically for professional video editing. I have seen what works - and what does not work.
and for the record - the price of the TS-832PXU is the same price as the TS-673A, and the 673A will outperform it. AND the TS-673A will run the QuTS (ZFS) operating system !
bob zelin
The Plugable one works well on my Synology and saturates the link to my QNAP. I'd expect it to work fine on a PC.
However, if installing a PCIe card on your PC is an option, I've had good results with these https://www.amazon.co.uk/2-5GBase-T-Ethernet-Controller-Standard-Low-Profile/dp/B07Y2GWVB8/ref=sr_1_3?crid=14JUMQSKILLGT&keywords=2.5Gb+pcie&qid=1666764379&qu=eyJxc2MiOiIyLjIyIiwicXNhIjoiMS4xNiIsInFzcCI6IjAuMDAifQ%3D%3D&sprefix=2.5...
Not having much luck with the Linuxserver container. I get the same problem I have with everything else.
The issue is when bringing up the wg0 interface:
root@eee96674beb1:/config# wg-quick up wg0
Warning: ' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.29.203.190 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q .src_valid_mark=1
sysctl: setting key ".src_valid_mark", ignoring: Read-only file system
[#] iptables-restore -n
iptables-restore v1.8.4 (legacy): iptables-restore: unable to initialize table 'raw'
Error occurred at line: 1
Try
iptables-restore -h' or 'iptables-restore --help' for more information.
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
Admittedly this is when using PIA. I've still got a couple of months left on my sub before I switch VPN providers, so not going to try Mullvad just yet.
You may be better off using an OpenVPN client like I've resigned myself to do.
If you're using Sonarr & Radarr only with .nzb's, you don't really need to pipe them through a VPN, so long as your newsgroup provider usses SSL (most do) if you're using Jackett or Powlarr in conjunction with Deluge/Transmission etc then just add that to your compose file and expose the port in the VPN section of the compose file.
Would be fantastic if you would share any insight. Seems like this problem should have been solved before.
Yes Mullvad offers OpenVPN.
I'm basically just trying to build a HTPC automation box, so route Transmission or Deluge thru Wireguard, plus Sonarr and Radarr.
2 Reasons. 1: I use PIA, presumably Mullvad offers OpenVPN too, but I've never looked into it. 2: I have no idea what your use-case is.
Anyway, looking at your config and logs cross-referenced with the docs I can't see anything glaringly obious.
I might've put the PEERDNS environment variable in, but that defaults to auto, so unlikely to be the problem.
There are some legacy-services entries in that log file, which in the back of my mind is bringing up some distant memory of the Wireguard client on QNAP being a little too old.
I'll try and spin an instance up this afternoon myself, see what happens. Been looking for an excuse to get Wireguard in Docker working.....
I still have just 4GB in it. I've upgraded two of the older models to 8GB and 16GB though.
RAM I bought was this, but it was a fair bit cheaper at the time.
Actually, after poking around the most obvious places, I had some success.
The problem now is that on the test page ( and my actual one!
WTF? Is it leaking IP somewhere? On the Network selector, I see the VPN associated with the LAN port as active.
Also, it looks like the firewall is doing some funny stuff, so I had to explicitly allow the traffic to and from the VPN IP.
Gosh! Do you need a Ph.D. in computer science to set it up?
Mmkay, I’m not in a position to be able to do that, unfortunately. I guess what I’m asking is, say I have something like, oh, I dunno, NordVPN. (Purely hypothetically, of course.) Is there a way to set things up such that I can safely go through Nord to access my Qnap from the outside, preferably while still preserving the ability to access it directly while inside the network? (Guessing the answer is no, since it would require opening a port from Comcast’s crap router only to the VPN, which I’m guessing it can’t do.)
unfortunately not. I have a paid vpn account which allows me 10 connections so I used 2 profiles each establishing connections to seperate servers. You can do the same with Free accounts but TOR traffic is blocked and the free servers are often congested.
You only need one vpn and a backup really isnt necessary as QNAP will automatically re-establish the connection.
In QVPN I went to "VPN Client" and selected OpenVPN, "new profile", "import", and selected the VPN profile that was provided by my VPN provider. There is the option to fill in the fields manually, so that will work as well. There is the option to use it as the default gateway, so I selected that.
If done correctly, in the network overview it should show a pictogram of your ethernet1 connected to OpenVPN. and in the top left, the ip address which as an example, should be something like 10.8.8.35
Here is a setup guidesetup guide from SlickVPN. They are not my provider so there is no endorsement or recommendation.
I am not quite sure how I completely missed this. I got one off Amazon. It turns out the power supply is compatible and has been working this whole time. It was one of the WD Reds that failed - bad power board that kept kicking in protection on the device. Pulled all drives and added one at a time until I found the culprit.
So I guess that a nvme drive is the only way.
I'm going to grab one of these: https://www.amazon.co.uk/AMPCOM-Adapter-Cooling-Heatsink-Upgarded/dp/B098SHJ37J/
and use with an old Samsung 970 Pro M.2 SSD I have kicking around. Does anyone know if there are any issues using non-standard (ie QNAP standard) PCIe cards?
Tested on ssd connected via usb<>SATA cable. Now installed and testing on nvme drive using cheap PCIE usb adapter, like this one[amazon].
a) move NAS somewhere else
b) put NAS over vibration adsorbing foam panel ? like : https://www.amazon.com/Neoprene-Vibration-Adhesive-Insulation-Anti-Vibration/dp/B08ZY16TL1/ref=sr_1_7?c=ts&keywords=Mechanical%2BVibration%2BDamping%2BPads&qid=1662547849&s=industrial&sr=1-7&ts_id=16413781&th=1
c) buy ssds ! :D
Any /r/qnap subs have NordVPN's Meshnet feature working on QNAP NAS (QTS 5)?
Sounds like Docker container is the best way forward. Unfortunately, I also hit the same bug being referenced: using host-networking.
thanks!
I assume I should be using this adaptor?
https://www.amazon.com/QNAP-Dual-SATA-Adapter-Converter/dp/B07RLKVN9N
Any 4TB or higher SSD recommendations?
That said, if the tenant wishes to use torrents, tell them to get Mullvad (example), have Container Station on the NAS and to use something like
Much safer and traffic is routed though the VPN (Wireguard).
OP, I updated firmware last week, and have noticed the same issue using an OpenVPN config from ExpressVPN. Everything was fine before, but now, the TX just goes nuts and the VPN Client app on the QNAP is going nuts as well. If I do not set the VPN to use the default gateway, everything is normal. With the VPN off, everything is normal, but with the VPN on it goes nuts and disconnects every 2-3 mins. No sign of compromise in my logs, I suspect they borked something in the last firmware update. Running 5.0.0.2131 (2022/08/15) here.
So far i can't seem to find a generic cart that has 2 true m.2 pcie nvme (m-key) slots. It has something to do with on board bifurcation. The closes i found looks like it has too many lanes. I tried it and so far no luck, doesn't even recognize it. But if anyone even knows of a generic card equivalent to the 244A card, please let me know. More than willing to give it a try...
This one seemed to have too many lanes (8 instead of 4) due to no bifurcation (i think).
https://www.amazon.com/dp/B09NKTYFHX?ref=ppx\_yo2ov\_dt\_b\_product\_details&th=1
It'll come down to how much data you want to store on the NAS.
If you want like-for-like, you'll have to spend *a lot* of money on SSDs (2x 8TB for instance would be over £1000 here https://www.amazon.co.uk/Samsung-Internal-Solid-State-MZ-77Q8T0/dp/B089RD13TX)
If you go for lower capacity, you still won't be able to to just swap the drives out as you are using RAID 0. You'll need to back up your data, remove the existing RAID group and recreate a new one, then copy the data back to it from your backup.
I've seen someone asking if this got solved - then the comment was deleted. To give an update:
NVPN support gave me several ideas, some useless, but one that seems to be holding some promise: they told me to use CloudFlare DNS on my qnap and try any close geographically TCP profile. I did that and the connection is working for a few days now.
Just thought someone might try it as well.
Agreed! Try Deluge or another client. I use Deluge and it works. Also note that the VPN Client may be configured to prevent Split-Tunneling which could prevent anything from being saved to another IP based system (such as a NAS) that is not directly connected to your PC via USB, etc. For instance, the Private Internet Access (PIA) VPN client has a setting under "Network" called "Allow LAN Traffic" that permits devices on your local network.
its just more variables to go wrong. You need a SFP+ NIC (how much did that cost you), then a SFP+ to RJ45 converter, and then the Cat 6 cable. It's still $100 bucks. How much was your SFP+ card ?
Bob Zelin
So to do what I want, I would need a crossover cable and an SFP+/RJ45 transceiver? What would the physical connections look like? PC - Mellanox NIC - Crossover Ethernet - NAS?
Would the following examples work?
I've heard of DAC cables - is there no need for one in my use case?
https://www.amazon.com/MSI-GTX-1050-TI-4GT/dp/B01N2W8MJ9
I don't know a lot about how this stuff works but everytime I would try and play a high bitrate or 4k movie my NAS would be pegged at 99% and the movie would stutter or stop playing. So I added 32gb of memory and the gpu and it runs flawless now.
Hi Artem:
I have a QNAP and Firewalla Gold. Set QNAP on a seperate lan. Qufinder complains that it is on a seperate subnet and can't see the device. Tried several things. Goal is to segment QNAP so only relevant internal traffic / ports. Use VPN for external access. Block all inbound traffic. Route outbound traffic to NordVPN (The reason is that qnap sends fingerprints with the IP address and I get attackers who know I have QNAP!)
Any suggestions on the networking config? I can't get my windows on a different subnet to see the nas (I can via gui).
You could try replace the feet with something like this:
https://smile.amazon.com/gp/product/B075KHNK62/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1
no -
I actually don't know what the difference is.
IF you are looking for 16 TB -
This may not be a full answer. But I see "Self-signed certificate" as part of the error message.
QNAP does come with a self-signed certificate but you have the option of purchasing a certificate that is not self-signed.
Does NordVPN not like self-signed certificates?
Yes.
From Google:
Does NordVPN block any ports?
All ports are open on our servers except SMTP and Netbios for outgoing connections. For SMTP incoming port you can alternatively use 465 or 587 ports. Since we do not provide any port-forwarding, no incoming connections can go through.
Similar issue here.. My unit was left off for a few months, so perhaps the CMOS battery is dead? I do have USB BIOS flash tools, which I'll need to use if I cant find any other advice.
Model: TS-431P PSU: Riden RD6012 benchtop PSU set to 12v and 7.5A as per the input units specification sticker. Multimeters: Fluke & Uni-t, both with fluke leads.
Symptoms: 1 -No LED's on the front what-so-ever, same goes for the 2x network cards during boot, or if left for a few minutes. I can't recall if pluging in an ethernet cable between a switch & the unit results in LED's on the network ports, I can double check this. 2 - The unit powers on automatically when I connect power to it. 3 - If I recall , the USB ports do not give any voltage output as my test device does not power on automatically as it should. I tested this with this tool - https://www.amazon.ae/Digital-Voltmeter-Ammeter-Multimeter-Detector/dp/B088NRJKL9 4 - Reset button seems to not work as no beeps occure. I've tried to reset using this button a number of times.
Signs of some power: The fan does spin. If I insert a disk into any slot, the disk will start to spinup before cutting out (multiple disks tested, which are 100% healthy as per HDSentinal. I'll need to doublecheck if the amperage increases when this happens.
I've looked at a few forums, which usually had atleast one of the front LED's working, but nothing with the symptoms I'm seeing. I have yet to open the device and remove the RAM to see if this changes the "boot" process when connecting power.
I've read about the firmware recovery proceedures, but I'm not sure the device's network ports are working...
Any advice / suggested checks are most welcome as I would like to get this unit working again :)
I'm still learning/trying to figure this stuff out, so I'm not fully understanding you.
Second network connection? Like a separate Internet provider? That's not going to happen.
Virtual nic? Not sure what that is. Is that something you can setup within QNAP?
How would adding another VPN work/help here? I'm not running a VPN server, I'm just setting up a VPN client on my QNAP using NordVPN. QVPN seems to be all or nothing wrt what internet traffic is being routed. Or if there is a way around that, that's what I'm looking for.
Sorry if I'm being a bit dense, but I'm hoping for more direct instructions rather than vague suggestions.
The downside of NordVPN is that it doesn't offer a port to connect back in. I was using it but needed an incoming connection as well. It worked well enough for outbound connections, but could not set a port for incoming connections through the VPN.
I switched to Mullvad which offers what I need and also offers Wireguard instead of a openvpn. Wireguard wasn't needed, but it's a nice bonus
My 2cents, VPN Services are used when you are connecting to someone else's network, not your own, ex. hotel, coffee shop, etc. Presently I use Surfshark, I have used ExpressVPN, both are good fast services, NordVPN is quite slow compared to others.
If you want to Remote into your own network, setup a VPN Server on your Router. Don't use someone else's VPN server/service.
Search is completely broken again in Download Station 5. I think it broke a few months back after a QTS firmware upgrade and QNAP still haven't fixed it. The QNAP KBs are not helpful at all, suggesting that it is an ISP or VPN problem or you need to 'Enable the BT search function'.
The 'Enable the BT search function' is enabled, I have an active, connected, NordVPN connection (tried multiple geo-located servers) the 'Connect to' option setting on the Download Station app is set to use the VPN. An update to QTS caused this to stop working and other users are registering the same fault.
I am not going to engage with QNAP support, whenever I have have looked for their help in the past they have been terrible, trying to find any other reason not to look into a problem in depth on their part, a bit like the old 'it is an ISP or VPN problem' scape goat in this instance.
I found these work well with my other NAS setups...
PneumaticPlus Anti Vibration ... some people use a thick yoga mat.
Now I am using Portainer in order to load up my docker containers. Load this as a stack. Here you go mate:
version: "3"
services:
vpn_proton:
image: qmcgaw/gluetun:latest
container_name: vpn_proton
hostname: vpn_proton
cap_add:
- NET_ADMIN
- MKNOD
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 7878:7878/tcp # Radarr
volumes:
- :ro
- /mnt/app_data/appdata/docker_data/gluetun:/gluetun
environment:
- OPE<a rel="nofollow" href="https://nvpn.net/">NVPN</a>_USER=INSERT_VPN_USERNAME_HERE_FROM_YOUR_PROVIDER
- OPENVPN_PASSWORD=INSERT_VPN_PASSWORD_HERE_FROM_YOUR_PROVIDER
- VPNSP=INSERT_VPN_PROVIDER_HERE_EXAMPLE(protonvpn or pia)_SINGLE_WORD_LOWER_CASE
- COUNTRY=INSERT_COUNTRY_OF_DESTINATION_VPN
- TZ=INSERT_YOUR_LOCATION_IN_ISO_8601_FORMAT_EXAMPLE(Asia/Vladivastok)
- PROTOCOL=tcp
- SERVER_HOSTNAME=INSERT_VPN_HOSTNAME_FROM_YOUR_PROVIDER_CONFIGURATION
- SHADOWSOCKS=on
- SHADOWSOCKS_PORT=8388
- SHADOWSOCKS_PASSWORD=INSERT_YOUR_OWN_PASSWORD_IT_CAN_BE_WHAT_YOU_WANT
- HTTPPROXY=on
- HTTPPROXY_PORT=8888
- HTTPPROXY_USER=admin
- HTTPPROXY_PASSWORD=INSERT_YOUR_OWN_PASSWORD_IT_CAN_BE_WHAT_YOU_WANT
healthcheck:
test: ping -c 1 || exit 1
interval: 30s
timeout: 10s
retries: 3
restart: always
Now I am running Docker on an LXC container in Proxmox which caused some other issues that I needed to resolve because of the tun drive mount but you may not experience the same issues.
Use the config above with your own parameters as required and it should work out the box.
I use 4 of these cameras at my home, and they work great. I use this with QNAP QVR Pro, and it stores all of my video files on my NAS. I have it record on motion zones. If you use QVR Pro, you need an upgraded license so you can review your videos after a few weeks. I believe this license cost a one time $100.
I can also review these videos from my phone using the QVR Pro App, and I do this by using VPN to get access to my NAS.
Just bought this on Amazon:
ieGeek 360° Telecamera Wi-Fi... https://www.amazon.it/dp/B09NCTN9QL?ref=ppx_pop_mob_ap_share
It supports ONVIF protocol so I’m using this connected via Wi-Fi (but it has also Ethernet port) to the QNAP using QVR. It works flawlessly, except the possibility to zoom in and out (don’t get fooled by Amazon description, it does have zoom but is digital and is supported just by its native app, that work really well by the way).
Anyway, it’s recording H24 on the nas, I set it up with motion detection alarms and have scheduled the day time in which I should be allerted via mail. I can connect whenever I want using the mobile QVR app and check what’s going on at home.
It’s an outdoor camera (IP66) but I’m using inside home just because it’s just too difficult to find something with the same performances and with a decent aspect.
FWIW, when I had to mirror a new TS-451 (which only has GbE ports) from another, I used two of these to make a NAS-to-NAS-only subnet (one was 10.1, the other 10.2) and used RTRR, doubling thruput on average from using only GbE:
https://www.amazon.com/gp/product/B084L4JL9K
What was also nice is the original NAS could stay connected to the internet at the same time.
This is what I wanted to get, but currently in back order.
Found this option that i really hope would work, 2 days delivery.
https://www.amazon.ca/gp/product/B00B3T6BFU/ref=ppx\_yo\_dt\_b\_asin\_title\_o00\_s00?ie=UTF8&psc=1
I also find QVPN unreliable. Are you running qbittorrent via docker? Then either use one of the prepackaged containers that combine qbittorrent and a dedicated vpn service. Or, the best and most reliable solution imho, is to install gluetun (an amazing vpn service that will connect you to ProtonVPN and automatically offer sophisticated leak protection, etc.) as a separate container and bind the qbittorrent container to that gluetun container.
The gluetun github page has dedicated ProtonVPN install instructions.
If purely speed is your priority why NAS? Research Intel VROC technology, NVME RAID PCIe card, 10GB network cards, and switch.
https://www.amazon.com/HighPoint-Technologies-SSD7540-8-Port-Controller/dp/B08LP2HTX3/ https://www.amazon.com/ASUS-M-2-X16-V2-Threadripper/dp/B07NQBQB6Z
So I’m understanding from the first part of your message that trying to manage a vpn client and a vpn server on one device is redundant. Since (to my knowledge) I can’t use NordVPN to connect to the NAS from outside my LAN, I should drop it and use OpenVPN since it can manage traffic in and out.
Regarding securing the network from the inside, I agree that I don’t have the most effective setup. Everything I’ve found on the router says the only option is to physically add a firewall to the network since the router software can’t support a software firewall. I’m low-key keeping my fingers crossed that this router will die soon so I can justify getting something more robust, haha.
Can you point me in the right direction to create a vpn certificate? The OpenVPN site instructs a person to use Easy-RSA 3, but embarrassingly, I’m not savvy with utilizing things from github. Every time I try it feels like there’s a fundamental step or two that everyone but me knows to do before starting on whatever installation steps 😅
If its new - I'd sell them drives, they seem to charge 30-40% more, just because they have "Synology" sticker:
https://www.amazon.co.uk/Synology-HAT5300-7200rpm-Designed-environments/dp/B08YZ6M6DN
I’m running 4 of these (warning, not cheap):
Kingston Server Premier 32GB 3200MHz DDR4 ECC CL22 DIMM 2Rx8 Server Memory
To my original question, I literally just learned that the Optane 900P card is too long to fit in the PCI slot. The rear of the Optane cooler hits the CPU fan shroud. Installed a Quadro P400 card instead, since I had the case open.
Would the following provide what I am looking for?
APC UPS Battery Backup and Surge Protector, 600VA Backup Battery Power Supply, BE600M1 Back-UPS with USB Charger Port https://www.amazon.com/dp/B01FWAZEIU/ref=cm_sw_r_apan_i_YW1W500GZRSX0DAM6YDJ?_encoding=UTF8&psc=1
A little late but I have exactly the same issue to connect my NAS to ProtonVPN my theory is that QVPN can't manage the way they pack their .opvn with several IPs or several ports on the same IP.
I had it working once with some Romania server who had at some time only one port on the IP working and as soon as the others started to work again it failed and disconnected.