Sven Gehring's Blog

I write about software, engineering and stupidly fun side projects.

Synology DSM Access any user's downloads

2016-06-07 4 min read devops Sven Gehring
A few weeks ago, I decided to build a little tool for my Synology Download Station, since I was not quite satisfied with the features DS Download offered me for simple monitoring. However, while testing out the API as it was documented in official API docs, I stumbled upon some rather unusual behaviour, that allows you to access details of any download task, even if it does not belong to the user you’re authenticated as. Continue reading

Synology DSM6x VPN via Command Line

2016-06-07 4 min read devops Sven Gehring

Synology DSM offers you a quite simple interface for managing your VPN connections, however, aside the fact that it is missing a lot of advanced options, that are needed for certain providers, it also lacks the possibility of automation. For example, the reason I am writing this is, I am using an OpenVPN connection on my second Synology station together with multiple gateways. That’s all fine and good, however, as soon as the VPN client gets into a timeout, it will try to resolve the host name in the config via the VPN gateway, which is now inaccessible. The only way I found to fix this, is simply reconnecting to the VPN server. Sadly, Synology doesn’t make that simply exactly simple.

Basics of Synology VPN handling

Synology is using various scripts and flags for handling vpn connections. All of the relevant files for this are found in /usr/syno/etc/synovpnclient. Also, the binary file the disk station uses for connection handling is found at /usr/syno/bin/synovpnc, aliased to synovpnc.

A list of the files and directories in this directory:

  • l2tp - Holds configs for l2tp connections
  • pptp - Holds configs for pptp connections
  • openvpn - Holds configs for openvpn connections
  • scripts - Internal scripts by the VPN client
  • vpnc_connecting - A (only temporary) flag file, this will be very important later!

Simply typing the synovpnc command will give us sufficient information about its usage.

[MISSING IMAGE]

Disconnecting a VPN connection

In order to disconnect a VPN connection, we can use the kill_client function of synovpnc. The script requires either the name of the connection, as it is saved in the UI via --name=MYVPN or the id via --id=XXX.

1
2
3
4
5
cybrox@nyx:/usr/syno/etc/synovpnclient$ sudo synovpnc kill_client --id=o1462043059
Password:
get arguemnt id: o1462943059

kill client ...OK

Connecting to a VPN server

Now, disconnecting is pretty straightforward. Connecting however, is a bit more tricky, since synovpnc completely ignores arguments and only reads its parameters from a flag file at /usr/syno/etc/synovpnclient/vpnc_connecting. If we attempt a connection, as we would expect it to work, we get the following response:

1
2
cybrox@nyx:/usr/syno/etc/synovpnclient$ sudo synovpnc connect --id=o1462043059
get arguemnt id: o1462043059

And nothing happens…

What we actually have to do is, write our parameter into the flag file mentioned above and then tell the script to connect or reconnect. When we cat /usr/syno/etc/synovpnclient/vpnc_connecting while connection to the VPN from the UI, we actually see, which parameters are put in there. The script expects the config id and name, as well as the protocol type to connect in the flag file.

1
2
3
4
sudo sh -c "echo conf_id=o1462043059 > /usr/syno/etc/synovpnclient/vpnc_connecting"
sudo sh -c "echo conf_name=HIDE >> /usr/syno/etc/synovpnclient/vpnc_connecting"
sudo sh -c "echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting"
sudo synovpnc connect --id=o1462043059

In fact, if you open the UI alongside the terminal, you will see, that the UI state changes to connecting, after we write the first line into the file. After executing the connect command, it should switch to connected.

[MISSING IMAGE]

Automatically reconnecting a VPN connection

The problem mentioned in the preamble of this article, is rather easy to solve, once we know how to connect and disconnect the VPN client via command line. For my example, I simply added a task that will execute the following bash script every 10 minutes:

Simplified, the script reads the last line from the openvpn log, since I am using an openvpn connection. If the log message contains the expected error, it will disconnect the VPN connection, wait for 20 seconds (which should be more than sufficient) and then write all the flags and cause the tool to reconnect. In the end, it will check if a successful connection was established and output a status message.

This is only one of the many examples of how you can use the power of manually manipulating VPN connections. The really important part is, that you are able to do it, despite Synology not providing any information on this whatsoever.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
LASTLINE=`tail -n 1 /usr/syno/etc/synovpnclient/openvpn/openvpn.log`
CONNFILE=/usr/syno/etc/synovpnclient/vpnc_connecting

if [[ "$LASTLINE" == *"RESOLVE: Cannot"* ]]; then
	echo "OK: Triggering disconnect"
	synovpnc kill_client --name=HIDE
	echo "OK: Waiting 20 seconds"

	sleep 20
	echo "OK: Triggering connect"
	echo conf_id=o1462043059 > $CONNFILE
	echo conf_name=HIDE >> $CONNFILE
	echo proto=openvpn >> $CONNFILE
	synovpnc connect --id=o1462043059
	echo "OK: Waiting 20 seconds"

	sleep 20
	LASTLINE=`tail -n 1 /usr/syno/etc/synovpnclient/openvpn/openvpn.log`
	if [[ "$LASTLINE" == *"Initialization Sequence Completed" ]]; then
		echo "OK: Reconnect successful"
	else
		echo "ER: Reconnect failed"
	fi
fi

Setup a proper Syncplay server on Ubuntu Debian

2016-03-05 7 min read devops Sven Gehring
Syncplay is a tool that allows you to synchronize media players between multiple clients, which allows you to watch video files, that you and your friends have, together on different machines, without shouting 3.. 2.. 1.. every time someone takes a break for a second. It works by either one of the users providing a server on their local machine for the clients to join, or everyone joining a public server. Continue reading

Using a custom login style on a Synology DiskStation

2016-02-29 4 min read devops Sven Gehring
This article is aimed towards people who want to customize the login screen of their Synology Disk Station beyond the possibilities the settings UI offers. This does however require some basic knowledge of the underlying technology of both, the system and the web overview. It also requires logging in to your disk station via terminal, which, while is possible with only basic knowledge, is always a certain risk. Please be careful, when tinkering around on your device! Continue reading