← Back to Home

Synology DSM 6.x VPN via Command Line

Synology DSM and VPN connections

Synology DSM offers you a quite simple interface for managing your VPN connections, however, aside the fact that it is missing a lot of advanced options, that are needed for certain providers, it also lacks the possibility of automation. For example, the reason I am writing this is, I am using an OpenVPN connection on my second Synology station together with multiple gateways. That's all fine and good, however, as soon as the VPN client gets into a timeout, it will try to resolve the host name in the config via the VPN gateway, which is now inaccessible. The only way I found to fix this, is simply reconnecting to the VPN server. Sadly, Synology doesn't make that simply exactly simple.

Basics of Synology VPN handling

Synology is using various scripts and flags for handling vpn connections. All of the relevant files for this are found in /usr/syno/etc/synovpnclient Also, the binary file the disk station uses for connection handling is found at /usr/syno/bin/synovpnc, aliased to synovpnc A list of the files and directories in this directory:

Read more →

Synology DSM 6.x Access any user's downloads

A little backstory

A few weeks ago, I decided to build a little tool for my Synology Download Station, since I was not quite satisfied with the features DS Download offered me for simple monitoring. However, while testing out the API as it was documented in official API docs, I stumbled upon some rather unusual behaviour, that allows you to access details of any download task, even if it does not belong to the user you're authenticated as.
While this actually is a security issue, as Synology confirmed upon my report, I do not think that users would rate their download tasks crucial information. And those who do might not even share their Download Station access with other users to begin with. So while this is obviously a bug that needs to - and according to their response will be - fixed, it is not a terrible leak but more of a reminder of an age old discussion.

The tale of incremental ID's

There have been numerous discussion about this topic in the past, and I think this little bug is a good reminder of why you should not use incremental ID's. If we break our System down to the very basic, whatever it may be, as soon as it involves access control, there are two main factors that decide whether or not a user can access a certain resource:

Read more →

Setting up a Syncplay server on Ubuntu / Debian

What is Syncplay?

Syncplay is a tool that allows you to synchronize media players between multiple clients, which allows you to watch video files, that you and your friends have, together on different machines, without shouting 3.. 2.. 1.. every time someone takes a break for a second. It works by either one of the users providing a server on their local machine for the clients to join, or everyone joining a public server.

While setting up a server for your own is not that difficult, it's quite laborious to do it every time you want to watch something. Public servers are also rather rare and sometimes not reachable all the time. Plus some people would prefer to have their own server running anyways. So here's how!

Read more →

Using a custom login style on a Synology DiskStation

Requirements and Goals

This article is aimed towards people who want to customize the login screen of their Synology Disk Station beyond the possibilities the settings UI offers. This does however require some basic knowledge of the underlying technology of both, the system and the web overview. It also requires logging in to your disk station via terminal, which, while is possible with only basic knowledge, is always a certain risk. Please be careful, when tinkering around on your device!

The scripts and examples in this article are used to manipulate the CSS and Favicon of your Disk Station's login screen. With the information given, it is technically possible to perform additional changes, such as completely altering the login screen's HTML, though I would not recommend doing this.

Read more →