Breathing new life into MBL (new disk/sleep monitoring/miniDLNA/openvpn)

My old WD green harddisk in MyBookLive (MBL) logged over 15000 hours of usage (?!) since I bought it about 2 years ago. To protect my data, I decided to replace the harddisk. Since I decided to replace my harddisk, there is no harm to ‘play around’ with the various resources provided by the vase number of MBL experts.

The worst case scenario is that: I reformat the new harddisk and replug the old harddisk back into the MBL. I still have a working MBL with old harddisk and a new harddisk.

Even if MBL is a discontinued product now, this little powerful workhorse is still capable for:

• Work as a share drive for the PCs in my family network
• Automatic backup for photos on various Android phones used by my family members
• Cloud access of the files in MBL thru internet

and additionally:

• Transmission: BT download without switching on the PCs. This was the reason I bought MBL.
• DLNA: the WD DLNA is sluggish and unusable with my LG TVs but with installation of other DLNA service, the situation is greatly improved. My wife does watch Video from MBL using the smart TV now.
• Scheduling jobs: I can use MBL to wakeup other PC base on scheduling.(The PC would record TV programs and store back to MBL and viewable by any PC/TV.)
• Openvpn server: (i) adding another level of encryption during internet browsing and (ii) access to the intranet resources in my little family network (but this is really hard to setup and I have eventually compile the whole 2.6 kernel to get this work.)
• Power Management: MBL should use little power during standby mode, but my old MBL rarely sleeps. After the re-installation and researching, it seems that the processes that might hinder MBL to sleep can be identified now.

I am a Linux newbie, not even know the ps and ls command before I played with MBL. I tried to avoid vi editors as much as possible. Thanks to the experts in this forum and other MBL forums, I manage to add new functionalities to MBL.

I shall share my experience with MBL in subsequent posts.

NEW HARD DISK INSTALLATION

Basically I am following this guide (except using the updated firmware and add in my additional steps):

‘[GUIDE] How to unbrick a totally dead MBL’

Preparation

1. Disassemble MBL
2. Download Rescue CD http://www.system-rescue-cd.org/Download
3. Download the debrick script from http://www.mediafire.com/?g2xexkaaya34a9r
4. Download the current firmware http://download.wdc.com/nas/apnc-024310-048-20150507.deb
5. Optional: backup data and backup the configuration in MBL

Install 7zip and point it to your MyBookLive firmware “apnc-024310-048-20150507.deb” and double click and you will see “data.tar” where you will again double click and be presented with a “.” Double click the “.” then double click “cache volume” then double click “upgrade” and then highlight “rootfs.img” and hit extract.

Next burn the SystemRescueCd ISO to a blank CD.

Use 7zip or WinRAR to extract the debricking script “debrick.sh” from the “debrick.rar” file downloaded from (3) above.

Format a thumbdrive to FAT32. Copy “debrick.sh” and “rootfs.img” to the thumbdrive.

Ready a new harddisk and delete all partitions from it.

Attach the Harddisk to PC with CD rom, USB and SATA

Make sure your thumbdrive containing the two files is plugged in, the only new hard drive is hooked up to the computer via sata cable and disconnect any other hard drives to ensure we don’t accidentally delete data on those drives.

Boot off the SystemRescue CD you burned above. When the system menu comes up select to “directly start the graphical environment”.

Type in the following commands:

mkdir /mnt/usb
mount -t vfat /dev/sdb1 /mnt/usb
cd /mnt/usb
mdadm -S /dev/md0
./debrick.sh rootfs.img /dev/sda destroy

Put the drive back in the enclosure and restart MBL. The system should boot up and we can get the MBL UI home screen.

SWAP creation

I am too excited on this point and I have forgotten to create SWAP for my MBL. I only discovered in a much later stage (out of memory during program compilation) and I have use a different set of command to create SWAP.

Anyway I suppose the command in the original guide should work.

First login to MBL thru SSH and my commands to create swap are:

dd if=/dev/zero of=/DataVolume/swapfile bs=4096 count=131072
mkswap /DataVolume/swapfile
swapon /DataVolume/swapfile
mkswap /dev/sda3
reboot

use TOP command to verify if SWAP are really enabled:

To autostart the SWAP file, create a file /etc/init.d/S88swap with content:

swapon /DataVolume/swapfile

Then:

chmod +x /etc/init.d/S88swap
update-rc.d S88swap defaults

reference: http://www.nasyun.com/thread-440-1-1.html (Use Google translate to view in your native language)

WD DLNA server and Twonky DLNA server

We have installed the rootfs.img from the WD firmware downloaded. The DLNA software under the downloaded firmware is not installed. If we want these services, go the the MBL UI, select the downloaded firmware apnc-024310-048-20150507.deb from step 4 and install the firmware once again.

Then perform a factory reset.

Please ensure the SWAP are still on (thru top command in SSH).

/etc/apt/sources.list

Optional: This file contains the directories in which subsequent library update would be retrieved from.

I only keep one line uncommented and other lines are all commented (commented lines are prefix by #):

deb Index of /debian squeeze main

That’s it. We should now have a working MBL with the updated firmware and blank harddisk. We can restore the configuration file saved in the old MBL or setup the MBL from scratch.

To be continued…

While I am certain some board members will be grateful for your contribution, please bear in mind this is not warranted or supported by Western Digital.

MINIDLNA INSTALLATION in MY BOOK LIVE

Initially I thought it was my LG smart TV was too slow to work with MBL. The average response time to switch to another directory was over 10 seconds and it might take 20 seconds before any Video could play. There was no problem with my media player box. (Subsequently I understand it use Samba service to access MBL.) Windows PC access to MBL for video player is very good.

The nightmare began when I bought a newer LG smart TV. It took even longer to access directories and some videos simply refused to play. I searched over the internet and found that quite a number of people complained on similar problem. I stumbled on an thread saying that trading-in a MyCloud device and the problem was gone! There were quite a number of threads saying that using another DLNA server would fix the problem. The problem was on the server side and not the clients.

(Twonky version 5 was installed in MBL while a more updated version of Twonky version 7 or 8 is installed in MyCloud.)

I found an excellent Youtube video tutorial on the installation of MiniDLNA. It was my second mod on MBL (the first was Transmission). I followed the instructions to compile and install. And, the response on my LG TV is so good now. My wife also uses the TV to watch MBL videos.

During my MBL re-installation, I have tried to install using the current version of MiniDLNA (v1.1.5) and applied some more modifications on it (RMVB support + duplicate filename fix). The commands are similar but not exactly the same as used in the Youtube video.

(The instructions in the video to install minidlna v1.1.4 work for recent MBL firmware by modifying the source.list as in step 1.1 below.)

Prerequisite for installation

• The base of installation is coming from this Video: https://www.youtube.com/watch?v=DZrxhYghJss. Quite a number of details are still referenced back to this video
• SSH, Putty, FileZilla (described in details under the video)
• Unzip software like 7zip
• Windows Editor like UltraEdit (or any editor should do)
• MBL firmware version 02.43.10-048
• Internet connection from MBL/PC

Setting up the compilation environment

From the PC:
1.1 (Thru Filezilla) ensure there is only one uncommented line in /etc/apt/sources.list (this can also be done via the vi editor as shown in the video).

deb http://archive.debian.org/debian/ squeeze main

1.2 Download https://dl.dropbox.com/u/19024553/libc_for_02.11.09-053.tar, then unzip and thru FileZilla, copy to the /tmp in WD MBL

From MBL:
1.3 Run the following command in MBL:

cd /tmp
sudo dpkg -i --force-overwrite libc-bin_2.11.3-3_powerpc.deb
sudo dpkg -i --force-overwrite libc6_2.11.3-3_powerpc.deb
sudo dpkg -i --force-overwrite libc6-ppc64_2.11.3-3_powerpc.deb
apt-get -f install
apt-get update

I encountered issue with ap-get update command with my new harddisk. The error was fixed by:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <1st hex key appears on screen>
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <2nd hex key appears on screen>

Then followed by:

apt-get install make
apt-get install gettext

Installing libraries required by MiniDLNA

The library dependencies for MiniDLNA ver 1.1.5 seem to be a bit different. I have installed:

apt-get -y install libexif-dev 
apt-get -y install libjpeg-dev 
apt-get -y install libid3tag*
apt-get -y install libFLAC-dev
apt-get -y install libvorbis-dev
apt-get -y install libsqlite3-dev
apt-get -y install libavformat-dev

Download MiniDLNA and actual compilation

From the PC:

2.1. Download v1.1.5 of MiniDLNA from http://downloads.sourceforge.net/project/minidlna/minidlna/1.1.5/minidlna-1.1.5.tar.gz?r=https%3A%2F

2.2. Unzip the download file, copy the content to MBL, then rename the directory as /tmp/minidlna (refer to the Youtube Video for details)

2.3. Set the directory /tmp/mindlna for full permission with FileZilla (refer to the Youtube Video for details). This can also be done via the linux chmod 777 command recursively for this directory /tmp/minidlna.

From MBL:

2.4. Run the following commands to compile the program:

cd /tmp/minidlna

./configure
touch configure.ac aclocal.m4 configure Makefile.am Makefile.in
touch configure
touch Makefile.in
touch config.h.in
make
make check
make install

(It seems that some empty files needed to be created via the touch command for this version of minidlna before successful compilation.)

Basically the compilation is done.

To be continued…

miniDLNA configuration

Unlike Twonky, there is no GUI for the configuration and the configuration need to be done via editing the configuration file:

Copy the configuration file to the desired directory:

cp minidlna.conf /etc/

Use FileZilla to edit the configuration file /etc/minidlna.conf (or vi editor would also do):

979×443 48.3 KB

I kept the video directory only:

media_dir=V,/nfs/Public/Shared Videos

Name of DLNA server appears on screen:

friendly_name=My DLNA Server

Set the log directory (more to talk on this under sleep monitoring):

log_dir=/var/log

Log level changed to fatal:

log_level=general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=fatal

We can start the DLNA server now by the command:

/usr/local/sbin/minidlnad -R

Important: if everything work, add minidlna into the startup script so that the service can be started automatically during reboot:

update-rc.d minidlna defaults

Useful commands for MiniDLNA:

There are some useful commands to further tune the minidlna services. Once the system is running smoothly, there are rarely used, however.

Stop minidlna:

/etc/init.d/minidlna stop

Restart minidlna:

/etc/init.d/minidlna restart

Force rebuild of the media database:

/usr/local/sbin/minidlnad -R -f /etc/minidlna.conf

Verify if the minidlna service is running:

netstat -nlp | grep minidlnad

First Time Scanning

Just if there are media files on the Video Directory Tree but not appear on the DLNA client, there is a high chance that miniDLNA cannot scan the media directory tree successfully.

Look at the minidlna log in /var/log/minidlna.log.

Check for the last media file in the catalogue. There should be errors associated with it. (Please change the log level in the configuration file /etc/minidlna.conf from fatal to warn if more details are required.

log_level=general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn

I found that mkv files with size over 4G would be the culprit. Move the files out of the video directory tree used in minidlna and do another rebuild of the database:

/usr/local/sbin/minidlnad -R -f /etc/minidlna.conf

rmvb support

Quite a number of DLNA servers did not support real media files but with a little source code modifications, .rm and .rmvb files would be watch from the smart TV.

We need to start from step 2 of minidlna installation:

2.1. Download v1.1.5 of MiniDLNA
2.2. Unzip the download file, copy the content to MBL, then rename the directory as /tmp/minidlna
2.3. Set the directory /tmp/mindlna for full permission with FileZilla

Then:

3.1 Edit the source files in /tmp/minidlna (lines in italic are added):

metadata.c (around line 840):

else if( strncmp(ctx->iformatctx->name, “matroska”, 8) == 0 )
xasprintf(&m.mime, “video/x-matroska”);
else if( strcmp(ctx->iformatctx->name, “flv”) == 0 )
xasprintf(&m.mime, “video/x-flv”);
//----add----
else if( strcmp(ctx->iformat->name, “rm”) == 0 )
xasprintf(&m.mime, “video/x-pn-realvideo”);
else if( strcmp(ctx->iformat->name, “rmvb”) == 0 )
xasprintf(&m.mime, “video/x-pn-realvideo”);
//----end----
if( m.mime )
goto video_nodlna;

upnpglobalvars.h (around line 169):

"http-get:*:audio/mp4:*," \  
"http-get:*:audio/x-wav:*," \  
"http-get:*:audio/x-flac:*," \  
"http-get:*:application/ogg:*," \  

//----add----
“http-get::video/x-pn-realvideo:”
//----end----

utils.c (around line 381):

//line 381
ends_with(file, “.m2t”) || ends_with(file, “.mkv”) ||
ends_with(file, “.vob”) || ends_with(file, “.ts”) ||
ends_with(file, “.flv”) || ends_with(file, “.xvid”) ||
//----add----
ends_with(file, “.rm”) || ends_with(file, “.rmvb”) ||
//----end----

Just added the lines into the file directly without adding the comments (//-- add and //–end).

3.2 Compile minidlna from source again:

cd /tmp/minidlna

./configure
touch configure.ac aclocal.m4 configure Makefile.am Makefile.in
touch configure
touch Makefile.in
touch config.h.in
make
make check
make install

3.3 rebuild the database

/usr/local/sbin/minidlnad -R -f /etc/minidlna.conf

Further on rmvb modification for minidlna (google translate to translate to your native language):
http://blog.csdn.net/Haven200/article/details/43039261

Other minidlna patches

I found that there might be duplicate files appear on the client for newly added video files. After downloading the patch from minidna:

https://sourceforge.net/p/minidlna/patches/125/attachment/inotify_db_dup.patch

Copy the source code of minidlna 1.1.5 to /tmp/minidlna, then also copy the patch to cd/tmp/minidlna.

Patch the source with the command:

patch -p1 < inotify_db_dup.patch

Then recompile:

./configure
touch configure.ac aclocal.m4 configure Makefile.am Makefile.in
touch configure
touch Makefile.in
touch config.h.in
make
make check
make install

and rebuild the database:

/usr/local/sbin/minidlnad -R -f /etc/minidlna.conf

Other interesting patches can be found in the following link:

https://sourceforge.net/p/minidlna/patches/

Important: if everything work, add minidlna into the startup script so that the service can be started automatically during reboot:

update-rc.d minidlna defaults

Please note that MBL users can also upgrade to Twonky 7/8 using the guide:

http://mybookworld.wikidot.com/forum/t-459592/complete-guide-to-upgrade-to-twonky-7-8-version-my-book-live

(30 day trial period)

Hello Elo,

You’ve done a wonderful job

If I had read these instructions before, it would have saved me a few mishaps and questionings during my own minidlna install process (I am also a total linux newbie) !

It may also be interesting to mention a little hack like the FeaturePacksManager to monitor the MBL CPU load and temperature.

SLEEP MONITORING

We do not need to look at the LED indicator in front of MBL to understand how long it slept. The easiest way is to use FileZilla to download the file in in /var/log/message:

Look for messages like:

<date/time> MyBookLive logger: exit standby after 2942 (since date/time)

We would have a very good understanding on when MBL slept and how long did it go into standby.

(I only realize this after using the MBL for over 2 years.)

My MBL did sleep in the first few months of usage. With more and more photos loaded, I found that the green LED was on and the drive was spinning. It was quite some time before I googled and found the fix on stopping miocrawler:

The fix worked in my case. Basically, add 1 line ‘exit 1’ into the file /usr/miocrawler/miocrawlerd so that it looked like:

#!/bin/sh
exit 1

Reboot is required after the change.

The blue LED indicator in MBL should be on (if we set enable the ‘hard disk sleep’ function in MBL UI).

Just in case this did not work, we can also stop mediacrawler as per this link:

In summary: SSH into MBL, type

chmod 644 /usr/local/mediacrawler/bin/mediacrawler

Then reboot.

Some more tips:

• The default standby time is 10 minutes but can be changed by editing the file /etc/standby.conf
• If new packages (transmission, minidlna, openvpn etc.) are installed, please ensure all the logs are stored in the ramdisk of /var/log/. There are 3 logs generated by the software openvpn and the file ipp.txt was stored in the working directory causing disk access every 15 minutes, or waking up MBL every 15 minutes. Moving the file ipp.txt to /var/log/ fix the issue.
• I sometime disable swap (with the command swapoff -a) to ensure that system would not wakeup due to insufficient memory. I would rather reduce the swap file size in /etc/fstab instead (since I am not using the default WD DLNA services).
• If the port forwarding rules are set in the router, (not using the uPNP feature of MBL), and, if we are ready to forfeit some function of the UI, there are quite a lot of mods in the link: My book live never sleeps

849×77 26.1 KB

Hello Lo,
I don’t have a ramdisk file in the /var/log/ directory …
Instead, I have a ramlog file (no extension) as well as the minidlna.log and various other *.log files.
On top of that : no ipp.txt
Where am I supposed to find the latest before I (possibly) move it to /var/log/ ?

Great work! I am waiting for the openvpn tutorial…
One question. You said “The easiest way is to use FileZilla to download the MBL in in /var/log/” How you do that? I use flashfxp and I can only loggin via ftp with user admin and I can only see the folder public and shares. I can’t login with user root. How you do that?

ramdisk - use the computer memory (RAM) as harddisk directories so that when anything is read from and write into this directories are in fact amending the RAM and did not need to wakeup MBL (spinup the harddisk)

The log for minidlna is /var/log/minidlna.log as defined in minidlna.conf so supposedly you do not need to do anything:

log_dir=/var/log

ipp.txt is generated by another software called openvpn

openvpn… the toughest part is compiling the kernel but I followed this link to compile it:

http://mybookworld.wikidot.com/compiling-mybook-live-kernel

(I shall write my experience probably next week.)

It should be downloading the file /var/log/message. To login with root, please enable SSH and the default password should be welc0me. Might be you can watch the first few minutes of the minidlna installation video and it started with SSH, putty and FileZilla. https://www.youtube.com/watch?v=DZrxhYghJss1

Ok, now I understand. You use filezilla to see the files via ssh and not ftp. It would be nice if you post the tutorial about openvpn. I have tried it and I could only see the mbl folders. I want to use my home internet connection to have secure access to my bank accounts.

It seems that you have installed the TUN module successfully in order to see the MBL folders. (How can you do that?)

The problem seems to be setup with the router itself now. Have you set the ‘routing table’ in the router? Both the routing table and port forwarding are required to be setup in the router.

My router sample on ‘routing table’:

Target: the vpn network IP (e.g. 10.1.1.0)
Gateway: the ip address of the MBL

My router sample on ‘port forwarding’ for default tcp 1174 port to the MBL (which seems that you have already done so):

Thank you for your answer. I’ll check if my router (it is an old Thomson tg 585v8 adsl router) has routing table…
I had tried openvpn via this script HOWTO: MBL as OpenVPN server

If you don’t want to get your hands dirty with all the commandline work, you could easily install OpenVPN, No-IP, Transmission, and many other programs with one click of the mouse. Look up FeaturesPacksManager.
http://www.highlevelbits.fr/

As for MiniDLNA, I recommend that you use Twonky 8 instead. Much better and much more user friendly.
Install guide is here
http://mybookworld.wikidot.com/forum/t-459592/complete-guide-to-upgrade-to-twonky-7-version-my-book-live-o

I recommend that you install ownCloud

Install WebMin

Turn off the LEDs
http://mybookworld.wikidot.com/forum/t-297399/led-light-controlling

Build and Write Custom Firmware

And get the temperatures of the MBL down to a level where it doesn’t slow down the processor or stall it.

I am all BLUE now … first time in my MBL’s life !
I think the deactivation of the mediacrawler did the trick (guess the ‘mio’ thing was not relevant for I don’t have tons of pics in the MBL).
BTW, disk temperature has now decreased by 10-15°C, and that’s good news for its lifetime …

Some things I recommend that you turn off to conserve CPU. You can turn them on if you need them later

1. FTP
2. Remote Access
3. iTunes server

Thanks, those 3 had always been OFF, anyway.
Since I deactivated mediacrawler, the MBL temp is now around 41-42°C …

OPENVPN INSTALLATION IN MY BOOK LIVE

Compared with other topics that I had discussed, the documentation that I found related to installation of OPENVPN is limited. I can find 3 links that talked about installing and configuring OPENVPN in MBL:

1. Wikidot: Openvpn - Hacking WD MyBook World Ed
2. WD community: HOWTO: MBL as OpenVPN server
3. Optware: http://highlevelbits.fr/index.php?option=com_content&view=article&id=626:openvpn-mybook-live&Itemid=82&lang=fr

Yet none of the links really talk about the setup required on the router side.

I am basically following the information in the first link (wikidot) for the illustration purpose.

The installation and configuration of OPENVPN in not easy already. Install it in MBL is complex, because I cannot enable the TUN module required for MBL. Just if anyone can successfull get OPENVPN running, the configuration should be standard. OPENVPN is also build-in under a number of routers nowadays, or as add-in feature with routers running dd-wrt or openwrt. The documentations for OPENVPN under these areas are precise. In fact, I recommend to use a router as OPENVPN server instead unless you really wanted to explore the MBL capabilities.

OPENVPN can be used for:

• remote access on the MBL without exposing the MBL to the internet world (by turn-off remote access in MBL UI). One can connect from internet using OPENVPN, then, act as a intranet device to access MBL
• access other devices in the home network without exposing them to the internet world
• add an additional layer of encryption while surfing the internet
• surf the internet as if the OPENVPN client is coming out from the home router

0. Pre-requisite:
0.1 The firmware version of my MBL is 02.43.10-048, which should be the updated version as of now.
0.2 Know the ip-address range for the [home network], e.g., 192.168.0.0 (for devices in the range of 192.168.0.1 to 192.168.0.255)
0.3 Determine the ip-address range for the [vpn network], e.g., 10.1.1.0 (for devices in the range of 10.1.1.0 to 10.1.1.255)
0.4 [DDNS name] the static internet address in which the internet world can reach the home router. I use the DDNS service from http://freeddns.noip.com/ but any free DDNS provider used in the home router would do.
0.5 [MBL IP] the static IP address of MBL in the network

1. Installation of OPENVPN in MBL

1.1 Installation of TUN module in MBL
I cannot enable the TUN module, which is a pre-requisite of OPENVPN. Finally I have to compile the ML kernel to get this work. This is the reason why I stated the installation is complex.

Just if anybody can make openvpn work already, then this step can be skipped.

I shall talk about the kernel installation with TUN module in the next topic.

1.2 Installation of OPENVPN and certificates

Run the following commands to download the softwares:

/opt/bin/ipkg update
/opt/bin/ipkg install openvpn
/opt/bin/ipkg install lzo
ldconfig

Download the custom S20openvpn startup script , openvpn.cnf and easy-rsa tools:

wget http://mybookworld.wikidot.com/local--files/openvpn/S20openvpn.whitelight   -O /opt/etc/init.d/S20openvpn
wget http://mybookworld.wikidot.com/local--files/openvpn/openvpn.conf   -O /opt/etc/openvpn/openvpn.conf
wget http://mybookworld.wikidot.com/local--files/openvpn/easy-rsa.tar  -O /opt/etc/openvpn/easy-rsa.tar
chmod a+x /opt/etc/init.d/S20openvpn
cd /opt/etc/openvpn/
tar -xf /opt/etc/openvpn/easy-rsa.tar
cd /opt/etc/openvpn/easy-rsa

2. Configuration of OPENVPN

There is no userid/password pair in OPENVPN. The software relies on certificate pairs for authentication.

2.1 Generate the server certificate

Commands to generate the server certificates (there are two ‘.’ in the command line):

. ./vars

Then:

cd /opt/etc/openvpn/easy-rsa
. ./clean-all
cd /opt/etc/openvpn/easy-rsa
. ./build-ca
cd /opt/etc/openvpn/easy-rsa
. ./build-key-server OpenVPNserver

Some questions would be asked. Type “ENTER” except for the following one:

Common Name (eg, your name or your server's hostname) []: [DDNS name in 0.4]

When you are asked for a challenge phrase, type “ENTER”.

When you are requested to sign a certificate, type y :

Sign the certificate? [y/n]: y

Finally the following command to generate the server certificate:

. ./build-dh

The process can take 10-20 minutes. There may see 20 lines of +++++.

when it is finished, copy the newly generated certificates to the correct folders:

cp /opt/etc/openvpn/easy-rsa/keys/ca.crt /opt/etc/openvpn/ca.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.crt /opt/etc/openvpn/OpenVPNserver.crt
cp /opt/etc/openvpn/easy-rsa/keys/OpenVPNserver.key /opt/etc/openvpn/OpenVPNserver.key
cp /opt/etc/openvpn/easy-rsa/keys/dh1024.pem /opt/etc/openvpn/dh1024.pem

2.2 Generate the client certificates

Launch the following command :

. ./build-key OVClient1

you will be asked some questions: type “ENTER” except for the following one:
Common Name (eg, your name or your server's hostname) []:
Type : OVClient1

When you are asked for a challenge phrase, type “ENTER”.

When you are requested to sign a certificate, type y :
Sign the certificate? [y/n]: y

The following Client configuration files in directory /opt/etc/openvpn/easy-rsa/keys need to be copied over to the client:

OVClient1.crt
OVClient1.key
ca.crt
dh1024.pem

The OVClient2. OVClient3 etc. can be built in the same way.

2.3 OPENVPN configuration

Edit the configuration file in /opt/etc/openvpn/openvpn.conf. (I use FileZiller to download the file to PC and edit the file.)

The following statements need to be changed:

push "route [home network] 255.255.255.0"
server [vpn network] 255.255.255.0
ifconfig-pool-persist /var/log/ipp.txt 1800
status /var/log/ovpn-status.log
log /var/log/openvpn.log

Then, edit the S20openvpn script in /opt/etc/init.d:

insmod /lib/modules/2.6.32.11-svn70860/kernel/drivers/net/tun.ko

(The above is directory name for the MBL original kernel. The directory name might change after compilation.)

We also need to let ip_forwarding in MBL, edit the file /etc/sysctl.conf and remove the # in front of the line:

net.ipv4.ip_forward=1

Now we can start openvpn:

/opt/etc/init.d/S20openvpn

To verify if the openvpn job is really running:

netstat -nlp | grep openvpn

If everything is OK, setup a cron job and run openvpn at startup. A sample crontab entries is:

@reboot sleep 60 && modprobe tun && /opt/sbin/openvpn --daemon --cd /opt/etc/openvpn --config openvpn.conf

2.4 Router configuration

There are 2 ip subnets now: [home network] and [vpn network]. The 2 ip subnets would not talk automatically. In customized OPENVPN installation, quite a number of iptables rules are required to get the 2 subnets communicate. MBL original kernel does not support iptables but it is still possible to get these 2 subnets communicating seemlessly. (The rules are automatically inserted for routers with buildin OPENVPN and save the hassle.)

Port forwarding: set tcp port 1194 to go to MBL

Forwarding IP highlighted in red is the [MBL IP]

(optional: port 443/80 is used by WD remote access. It was disabled so that MBL would not exposed to internet. The uPNP feature in the router is also disabled to provide little bit more protection. http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/)

Routing table: if there are any requests to access the [vpn network] from [home network], route thru [MBL IP]:

The gateway (in red) is the [MBL IP]
The target (in green) is the [vpn network]

(Information only: The ip forwarding in S20openvpn script would route the data from [vpn network] back to [home network] and no setup is required on this point.)

2.5 Client setup

I am using Windows as example but the procedure can be ported to Android platform easily.

Download and install the openvpn client for windows from http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.11-I001-x86_64.exe

Create a directory MBL clientkey under C:\Program Files\OpenVPN\config

Copy the 4 files created in step 2.2 to the newly created Windows directory

Download the sample client OVPN file: http://mybookworld.wikidot.com/local--files/openvpn/OVClient.ovpn

Edit the file and change the following lines:

remote [DDNS name] 1194
cert OVClient1.crt
key OVClient.key

Important: add the statement at the end of file:

redirect-gateway def1

The redirect statement ensure all traffics are route thru the VPN network.

Save the file and copy as OVClient1.ovpn in directory C:\Program Files\OpenVPN\config

Run the Windows openvpn client, rightclick on the openvpn icon, select OVClient1 and connect.

3. Verification

We need to ensure the ip is really being changed. The internet ip address can be checked using websites like www.ipchicken.com.

1. record the internet ip address before connecting to openvpn
2. connect via openvpn
3. record the internet ip address again by going into www.ipchicken.com, the ip address should be the one from the home router now
4. disconnect the openvpn connection
5. record the internet ip address, it should be changed again

If the IP address are changed, the communication between the openvpn client and MBL should be encrypted by the certificates generated in steps 2.1 and 2.2.

In addition, from the openvpn client, we should be able to:

• access the MBL directories
• (with Android device) using WD cloud to access MBL (even with remote access turn off)
• access other devices in the home network (e.g.printer/scanner/router/PCs)

Finally we are done.

I found that this is much longer than I expected to write on this topic but I really wants the procedure to be repeatable, at least, in this version of the fimware.

If you installed OpenVPN via highlevelbits.fr, then the router setup is provided in the package. I did it all in less than 30 seconds.