I own*a Synology DS413j NAS, and without wanting to write a whole review about it, these things are awesome, the management UI is great, and you can run all kinds of packages on them. One thing I like to do with mine is run an OpenVPN server so that I can VPN into home and do cool stuff.
But I was a bit concerned about the notion of having my NAS internet-facing, even if it was only OpenVPN’s UDP port. So, powering through with my love for all things Dome9 (I swear they don’t pay me), I wrote my own little package that installs the Dome9 Agent onto a Synology NAS and allows you to control its firewall (and make dynamic access requests) through the Dome9 service. Now I can make pretty much any of my NAS’ services available to the internet, and not have to worry about random attackers discovering those services. Similar to Single Packet Authorization*(although easier to set up and use), Dome9 allows you to dynamically open one or more ports to a given IP for a period of time, and so while the port is available to you, the services remain completely invisible to everyone else.
This is the first release of the Dome9 package, and while it may need*more work to support other VPN protocols, it’s ready for testing. If you do use this package, I’d be keen to hear from you, as I’ve yet to find another Synology-owning Dome9 user!
To install this package, simply download the dome9.spk file (below) and use the Manual Install option in the Package Center in DSM. You will need to have a Dome9 account and enter*your pairing key to allow the agent to pair with the Dome9 service.
Download:*Synology Dome9 Package v0.1 (dome9.spk)
- Linux Bash Ncat Honeyport Script with IPTables and Dome9 Support
- Honeyport Python Script with Local Firewall and Dome9 Support
- Honeyport Script Dome9 Blacklist TTL Update