[Megathread] Moogle's QNAP FAQ help V2

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

Router buyers guide 2017
A basic tenet of Wi-Fi marketing is to increase the number on the box to motivate buyers. But as savvy Wi-Fi buyers know, a Wi-Fi device can't access link rates beyond the capability of its radio, which typically supports one or two streams. Yes, there is the occasional exception of 3x3 devices (MacBook Pro). But the overwhelming majority of Wi-Fi devices support at most two streams. For 802.11ac, this means they at most support 300 Mbps in 2.4 GHz and 867 Mbps in 5 GHz.

A key question SmallNetBuilder tries to help answer is whether "bigger number" routers will, in fact, improve Wi-Fi performance. With top-end products selling for $300 and up, real money is at stake.

Code: Select all

https://www.smallnetbuilder.com/wireless/wireless-features/33077-goodbye-to-wi-fi-router-classes

Thx to snb and other online sources i decided on an Asus AC68U loaded with RT Merlin third party firmware for myself a few years ago. We had some discussions here with ideas about router suggestions

Code: Select all

https://forum.qnap.com/viewtopic.php?f=182&t=134074&hilit=router

What is a VPN and why do I need one for my QNAP NAS
[youtube=]No9T1qT_wLs[/youtube]

How to use QVPN to build a secure connection for accessing network resources and services via QNAP NAS
[youtube=]Q8FsOz87oJ8[/youtube]

[youtube=]YorUx-DcnsM[/youtube]

[youtube=]uXcsmN1XNbM[/youtube]

Whole-network VPN with pfSense Router
[youtube=]8jYibgeAV0Y[/youtube]

Moogle's VPN guide for RT Merlin ASUS WRT firmware using Private Internet Access

i subscribed for PIA which is paid VPN which does not keep logs, also is encrypted and trusted by many users.
[youtube=]Po7vRnkYIoA[/youtube]


setting up PIA VPN for RT Merlin router firmware

Code: Select all

https://helpdesk.privateinternetaccess.com/hc/en-us/articles/227852327-Setting-up-an-Asus-Router-running-Merlin-Firmware

RT Merlin router firmware *has updated security and features compared to stock. Also added bonus is trend micro added features

Code: Select all

https://asuswrt.lostrealm.ca/changelog

another good guide regarding setup of VPN on AC68U
https://www.snbforums.com/threads/asus- ... ost-298822


you download the OPVN file from here *then extract the contents onto your desktop/laptop
https://www.privateinternetaccess.com/p ... ws-openvpn



the yearly subscription amounts to $3.33 usd monthly which is a mere pittance, very worth paying for. I set it up on my AC68U and it's working great.

Though i did notice my speed to US west coast dropped from my native 30mbps to 10mbps maybe if i switch to a VPN server closer to me i can get back closer to performance.

Torrenting on PIA

Doing further research, i understand how PIA torrent works on their service. So for example if you try to torrent from countries with strict torrent policy, PIA will instead route your torrent traffic through a different country with more relaxed rules
https://torrentfreak.com/pia-runs-vpn-t ... an-151101/

Step #3: Connect to a torrent-friendly VPN server
PIA allows torrents on all servers, but on some servers they will actually reroute your p2p traffic (not other traffic) through a second VPN server. This makes torrent users safer but also will slow your p2p traffic if you use one of the servers that gets rerouted.

Server locations we recommend:
-Switzerland
-Netherlands
-Canada
-Germany
-Romania
-Mexico

for people bothered by the performance penalty, they can use configure PIA vpn for their browser activities only (using the chrome extension), then for torrent it does not use vpn , instead you configure it to use proxy socks5 for public to resolve names. What this means is your public ip on torrent isn't your own. However your ISP still knows your ip and what your torrenting. Thats the pros and cons between vpn vs sock5 proxy for torrenting.

testing the speed performance between VPN+socks5 vs socks5 for torrent, i'm getting solid speeds using socks5 only. With VPN method i'm capped at 10 MBps which is a far cry from my max 50 Mbps. So bare minimum i recommend socks5. You can go VPN if your ISP is strict

Other users torrent performance with PIA (what to expect)

p0123409 posted on November 2016

Hi guys,

so for months and months ive been experiencing HUGE torrent slowdowns while using PIA VPN.

I have virgin media 100mb fibre at home and usually without PIA VPN i get download speeds of between 9.0MB/s and 11.5MB/s which is what I would expect.

HOWEVER

with PIA VPN enabled i usually struggle to reach 1.5MB/s. After ripping my hair out for months and a lot of communication with PIA customer support (who to be fair to them have done the best they could),,,

SUCCESS, IM NOW DOWNLOADING TORRENTS AT 10MB/s through PIA VPN!!!

I came across the solution randomly today while reading a forum post about how to get a torguard socks5 proxy working...

SOLUTION:

1) make sure you are disconnected from the PIA VPN
2) go into utorrent and go to: Options ---> Preferences
3) click on "Bandwidth" on the left hand side and find a checkbox that says " Apply rate limit to uTP connections" and UNCHECK IT
4) now click on "Bittorrent" on the left hand side and find another checkbox that says "Enable bandwidth mangemnet (uTP)" and UNCHECK THAT TOO
5) reconnect to a port forwarding server and sort out port forwarding in utorrent.
6) start downloading a torrent and hopefully it will go to your full line speed

I dont know if this will work for anyone else but it was the ONLY thing after months of investigation that worked for me so please let me know in a comment if it works

The key point here is that even a user with a 100 MBps connection is also maxing out around 10 MBps.

Using this calculator
https://www.gbmb.org/mbps-to-kbs

11.5 Mbps = 1437.5 kB/s

So when your torrenting via VPN, you can compare against that result to see if your achieving what others are getting on the service.

Tbh i've been quite spoiled with download speeds of 4-5k kB/s so a drop to 1k-1.5k kB/s is a bit

The alternative then is to not use vpn for torrent, only the socks5 proxy which protect your public ip when downloading. But it doesn't hide it from your ISP.

an additional consideration for torrenting on PIA is to port forward *also on router

There is a guide for this here
https://www.privateinternetaccess.com/p ... ortforward

In short: for BitTorrent (p2p) protocol to work at least one peer has to have a publicly open port (be an active node).

You can run Transmission without port forwarding (stay a passive node) and you will connect, download and seed files with no problems. However your client would only be able to communicate with active nodes.

With port forwarding enabled on your side (becoming an active node) you are increasing the number of peers you can communicate with (you can then exchange data with passive nodes).

This influences the overall transfer rate as the file would be downloaded simultaneously from a larger number of nodes.

The document Analysis of BitTorrent and its use for the Design of a P2P based Streaming Protocol for a Hybrid CDN contains graphs comparing the transfer speed between "firewalled" and "open" peers (refer to page :

source:
https://superuser.com/questions/1053414 ... n-torrents

*update

Ultimate guides for setting up torrent client to work with PIA VPN anonymously
http://www.best-bittorrent-vpn.com/how- ... ously.html
https://www.vpnuniversity.com/bittorren ... roxy-guide

Useful link resources for troubleshooting VPN

calculator for torrent speed
https://www.gbmb.org/mbps-to-kbs

check your ipleak for torrent
http://www.checkmytorrentip.upcoil.com

check your ipleak in general
https://www.iplocation.net/

another good ipleak tester
https://ipleak.net/

WebRTC network limiter *if your using the windows VPN or router VPN setup method, i recommend using this chrome extension for ensuring webrtc leak protection when browsing on Chrome. seems to work flawlessly
https://chrome.google.com/webstore/deta ... dhnlpdklia

VPN service reviews
https://vpnreviewer.com/best-vpns-for-torrents-2017

How to use Private Internet Access proxy for Firefox

[youtube=]AuArmhAHgJ0[/youtube]

I tested this myself so can confirm it works. I'd however add ontop of that video tutorial, that to verify that your proxy is working, go to this site which should show the PIA server IP being used
https://ipleak.net

For PIA you don't need to user your main account username/password, instead your able to create another set of credentials under your main account, for the specific use for proxy.

If you want full protection, VPN is the better choice. Also SSL Proxy is probably more secure then non ssl proxy. But for torrent use, or non banking stuff (not so sensitive stuff but neither do you want your ip to be easily made public either) might be okay.

PS: i tried looking for a similar solution for chrome, but unfortunately all the extensions i tried did not work as well as firefox proxy, not sure why.


*update

Now that i subscribe to PIA i prefer using PIA's own chrome extension which does VPN for the browser. VPN > proxy

Do I need the SSL certificate?

GunjanTripathi 1 point 13 hours ago
SSL certificates provide secure connection via HTTPS between the web server (QNAP) and web browsers to prevent eavesdropping, tampering. If SSL certificate is properly installed on your website, then you will no longer see a warning related to "Your connection/website is not secure".
SSL (Secure Sockets Layer) is the predecessor to TLS (Transport Layer Security), both frequently known as “SSL”, which are cryptographic protocol designed to provide secure communication over computer network. To find out which SSL certificate is perfect for QNAP, then read this article: SSL Certificates and Its types

Anna_Jack 1 point 20 hours ago
SSL Certificate is a security which builds an encrypted link between Web Server and Browser. With SSL Certificate the browser URL enables HTTPS instead of HTTP. As per the new Google update, a website must have HTTPS. SSL Certificate will also help to secure your login credentials or any personal details shared by the customer. Chances of the customer to revert back to your site will increase as they'll feel more secure to share the details. To Know About Basic of SSL certificate in depth you may have a look at the article.

https://www.reddit.com/r/qnap/comments/ ... rtificate/

Why Is Hotel Wi-Fi So Slow?

[youtube=]84spE6JlG8U[/youtube]

So if netflix using laptop/tablet/smartphone on wifi is out of the question, instead if you also brought along a portable QNAP model, you could just simply bring it with you and watch your tv series/movie collection in your downtime if you have spotty hotel wifi.

TBS-453A is my recommendation for a portable QNAP Nas since it uses M.2 SSD it's rather light weight.
[youtube=]bB8Ucz9AZg0[/youtube]

By the way hotel Wifi or public Wifi for that matter is not something i'd try do banking on, or anything of importance. Even VPN over public wifi is not recommended at all

By now, any sentient IT person knows the perils of open Wi-Fi. Those free connections in cafes and hotels don't encrypt network traffic, so others on the network can read your traffic and possibly hijack your sessions. But one of the main solutions to this problem has a hole in it that isn't widely appreciated.

Read the full article here
https://arstechnica.com/information-tec ... ses-users/

Public wifi risks
[youtube=]4YbXXW3DLQM[/youtube]

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

FTP why you should use it over TFTP
[youtube=]VHQfyLmhI3c[/youtube]

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

web hosting on NAS, recommended?
I mean, I guess you could, but should you? My concern is that any web-exposed endpoints can be a huge security risk and it's better to let your hosting provider deal with the fallout of security issues...

Lets say you have a PHP CMS that is somehow exploitable to allow shell, then all of the data on your QNAP is available to be accessed, or worse (wiped, set up RAT endpoints, DOS scripts, ransomware etc). Not a good scenario. Metasploit has plenty of exploits you can see that can easily allow someone to have full shell access, and a quick htop can verify that QNAP allows apache to run as "admin" which has root.



Unless you set up something like nginx/lighttpd/apache in a container station docker image on port 80, re-configure QNAP apache http to run on a separate port, and in the process keep your docroot COMPLETELY separate from your NAS shares, I would HIGHLY recommend against [read: DON'T DO THIS] using QNAP's default web server (apache and the /share/Web folder).

Yes, it is likely too much to ask of an average user. My warning is mainly because of this, because the average user trusts their NAS to store their important data and backups. Storing their blog or website on the device that also likely contains family photos and tax documents is a huge risk and inadvisable without keeping the two completely separated, which is why I mentioned using docker since it keeps everything in the image contained to the image (besides config files and maybe your docroot folder, everything else on the image runs completely separately from the NAS data folders).

Assuming your QNAP provided apache has any security at all is a bad assumption. Especially considering it runs as root.

https://www.reddit.com/r/qnap/comments/ ... qnap_guru/


bottomline is, you can do it, but only if you know how to set it up right. but if your newbie and the steps are just too many and complicated, i suggest probably not to, cause i didn't either

I would love to run a blog, but not when i can't do it without a hardened setup. I haven't had the time to really learn the steps or the motivation for it. But if anyone has a guide please feel free to share

Moogle's newbie guide for what to do if your QNAP becomes flagged EOL (end of life)

Eol is when qnap no longer supports your Nas, either by providing limited support or none at all. It could be firmware update maintenance or parts their able to offer you at their repair center in case something needs to be replaced but they may no longer have stock for anymore. You can check your device EOL status here at this link
https://www.qnap.com/en/product/eol.php


Or in Qnap's own words

QTS Updates & Maintenance Status:
Full: The products have complete technical and maintenance support from our expert engineers.
Limited: QNAP will offer critical security fixes.
End-of-Life: The product is no longer supported.

So what concern is there for EOL? Can you still use the Qnap device? Well firstly there is security issues that may no longer get patched. Refer to here
https://www.qnap.com/en/support/con_show.php?cid=41


Also even if your model is not EOL but has something like final firmware update, which was the case for my TS-509 Pro which was flagged for later in October this year going EOL, but is currently in limited support status pretty much.

Code: Select all

"The final firmware update is QTS 4.2.x" 

Usually final firmware is the prelude to EOL at some point. To know when exactly your unit does go EOL, check the changelog url in notes whether your unit gets a mention for when that may happen. Below is the one given for my TS-509 Pro for example.

[Other Changes]
QNAP will no longer release firmware updates for the following models after October 31, 2017.
SS-439 Pro, SS-839 Pro, TS-110, TS-210, TS-239 Pro, TS-239 Pro II, TS-239 Pro II+, TS-259 Pro, TS-259 Pro+, TS-410, TS-410U, TS-439 Pro, TS-439 Pro II, TS-439 Pro II+, TS-439U-RP/ SP, TS-459 Pro, TS-459 Pro II, TS-459 Pro+, TS-459U-RP/SP, TS-459U-RP+/SP+, TS-509 Pro, TS-559 Pro, TS-559 Pro II, TS-559 Pro+, TS-639 Pro, TS-659 Pro, TS-659 Pro II, TS-659 Pro+, TS-809 Pro, TS-809U-RP, TS-859 Pro, TS-859 Pro+, TS-859U-RP, TS-859U-RP+.

https://www.qnap.com/en/releasenotes/in ... t_choose=2

So what is the implications of a final firmware update?
anyway for now my ts-509 (not quite eol yet as of time i posted this) because i'm stuck on 4.2.x (32bit), and the latest HBS (hybrid backup sync) requires 4.3.x (64bit) it's essentially EOL as far as HBS (a non security issue) is concerned. Because that sort of update isn't covered under security fixes So you will be facing these kinds of issues where though it's not eol, you probably don't get updates for it unless it's a security fix.

So when your NAS becomes limited support and especially EOL, you may want to start taking steps to prepare for that eventuality.


My humble recommendation is to take a page from admiral adama, take your NAS offline to reduce it's exposure to the internet.


some steps

- disable and remove apps from appcenter (except hybrid backup sync)
- disable remove dlna, media library addon, and multimedia management.
- disable ftp, telnet, winscp
- disable bonjour and upnp
- disable recycle bin
- disable qsync
- filestation disable (when not using)
- Go to control panel > security> setup allow access only to specific ips. Namely your other qnaps on network, as well as your desktop/laptop workstation so you can administer from QTS and qfinder. If you forgot to include your workstation lan ip and get accidentally locked out, refer to the reset configuration in the FAQ here.
- use a strong password, which you can do using keepass or StrongPasswordGenerator. I would then recommend storing these complicated unique passwords into a keepass database which is encrypted with a single master password which you keep safe off line somewhere safe.
- make sure your entire network is using a router always, and never enable UPNP EVER!.
- you can then backup, then when done, power down your qnap. If your unit is not powered up chances are it can't be attacked. When you need to restore backup, power on then restore then power down. The window of opportunity for the device to be attacked is rather small, to minimize the risk of a EOL device.
- change smb 1.0 to smb 2.0 (or smb 3.0 using experimental method)

other users strategies for dealing with EOL situations

Hi,

Without (except this) enter in this debate ...
I can just write here my own strategy for "end of life" product

I always start to identify a standard distribution that can replace the QTS at end of life ...
so for now
old TS-109 run as well with a Debian Jessie (with limited services based on CPU power and Memory available)
old TS-219 run also under Debian (I use them to have access to North America network ... the QNAP is based in Canada)
tested successfully :
TS-459 under Debian / Ubuntu 14.04 and ArchLinux
TS-219PII under Debian
TS-x69 (even not yet in EOL) under Ubuntu 14.04
... It's a little (but not so hard) difficult to test on Arm (due to limitation) ... but with SFTP, or recovery mode (must be tested BEFORE) ... it's easy to transfer new kernel and initrd and do a test with a fresh disk (remember qemu (same as Virtualisation Station) know some QNAP series so are supported by qemu (-arm) including mtdblock support to be near as reality ...)
... very easy for x86, x86_64 using any USB live CD (with raid and lvm ... you can see the QNAP's volumes (depend of model))

So YES you lost QNAP's support ... but you WIN large community (Debian, Ubuntu, etc.) support to realize all your wish ...

My "two cents" on EOL debate ...

Philippe.

viewtopic.php?f=142&t=134652&p=629670#p629709

backup app alternatives for EOL models

having first hand experience with a ts-509 pro, trying to use an outdated hybrid backup sync, as well as 4.2.x that had long since been replaced with 4.3.x firmware..... so what to do when the backup app no longer supported for updates/bug fixes?

use alternate third party backup apps
viewtopic.php?f=15&t=134001

I'm using NetBak Replicator 4.5.3.220 on Windows 10.

This old thread was at least originally about backups from the NAS to an external backup destination, not client-NAS backups so advice here is unrelated to NetBak Replicator.

By the way, most people give up on NetBak Replicator after having tried it for a while. That's one reason you'll find many questions from newcomers about NetBak here in the community forum but not many answers.

I jumped ship many, many years ago and switched to SyncBack Free. Despite being as free (even for commercial use) as NetBak Replicator it have far more features and is updated more frequently than NetBack Replicator so I haven't looked back.

The only advantage that I see for NetBack Replicator is that it's specifically supported by Qnap so I think you're better off seeking advanced advice from Qnap support than here.

viewtopic.php?f=15&t=87966&start=15#p628243

Moogle's newbie guide, how to update ancient qnap model to the latest firmware and safeguard from exploit vulnerability in it's EOL status

i just updated an ancient ts-509 pro still using firmware from 2015, to the latest 2017 firmware..
https://www.techpowerup.com/reviews/QNAP/TS-509_Pro/

*note: updating from a very old firmware in one shot may cause issues from what i found out. You may need to consult qnap support, check NAS manual or the forum for how to correctly update from a very old firmware, rather than just simply updating.
viewtopic.php?f=45&t=133972#p624839


You can find the firmware for your model here
https://www.qnap.com/en/product_x_down/ ... pe=5&II=54

The firmware status for your qnap model can be viewed here
https://www.qnap.com/en/product/eol.php


Anyway these are the steps i recommend to follow
- i booted up the Qnap (the units been offline since 2015 )
- using qfinder it manages to detect the old qnap. i then try to update firmware, but , my unit had a failed drive so failed to init. so it warns me about doing the reinit first before i try upgrade firmware, so i did.
- after reinit completes, then i proceed to update the firmware using qfinder pro (which i can then manually select the firmware i downloaded earlier from the qnap download page).
- after sytem reboot, i'm running smart test extended then bad block scan.
- When thats all done i'll go to QTS factory reset (format drives).
- change smb 1.0 to smb 2.0 (or smb 3.0 using experimental method)


*note: if your qnap is EOL, you may want to disable all internet connectivity to the device to protect it from being hijacked via any future exploits if the device is no longer maintained. Might still be okay as an offline backup for your other devices.

32bit to 64bit compatibility checking for firmware upgrade

For QNAP models able to go to 4.3.3 there is a second consideration. Because of the transition from 32bit to 64 bit architecture, so you need to check using CF64 app the compatibility of your existing qpkgs. Cause the chances are high that you will need to remove them, and re-add their newer 64bit qpkgs if available. So people upgrading need to be aware of this

2017-06-07
4.3.3.0210 build 20170606

[Important Notes]
- For the status of QTS updates and maintenance for your NAS model, visit https://www.qnap.com/en/product/eol.php
- When QTS 4.3.x is installed on NAS models running on 64-bit Intel and AMD processors, some applications may not be supported. To check if installed apps on your NAS are compatible with QTS 4.3.x, download the QTS 64-bit compatibility tool and install it on your current QTS build. (https://download.qnap.com/QPKG/CF64_0.1-1114.qpkg.zip)
- QTS 4.3.x is the final available firmware update for the following models:
TS-112P, TS-212P, TS-212-E, HS-210, TS-112, TS-212, TS-121, TS-221, TS-421 TS-120, TS-220, TS-420, TS-420U, TS-421U TS-412, TS-412U, TS-419U, TS-419U+, TS-419U II, TS-119P II, TS-219P II, TS-419P II, TS-119P+, TS-219P+, TS-419P+, TS-119P, TS-219P, TS-419P, TS-119, TS-219, TS-419

viewtopic.php?f=142&t=133290&hilit=CF64

thats correct, your QPKGs are probably only 32bit and you need 64bit QPKGs to work with QTS 4.3.x
#

look here.. at the top:

https://www.qnap.com/en-uk/releasenotes/?cat_choose=5

[Important Notes]
- For the status of QTS updates and maintenance for your NAS model, visit https://www.qnap.com/en/product/eol.php
- When QTS 4.3.x is installed on NAS models running on 64-bit Intel and AMD processors, some applications may not be supported. To check if installed apps on your NAS are compatible with QTS 4.3.x, download the QTS 64-bit compatibility tool and install it on your current QTS build. (https://download.qnap.com/QPKG/CF64_0.1-1114.qpkg.zip)

Version Numbers for QTS 4.3.x are like so:

QTS 4.3.3.0262

4.3.3 is version. .0262 is build number.

In case anyone is a newb like me, for which the above terse response though appreciated, was insufficient ...
- go to AppCenter
- click on Gear icon (near top-right)
- NOTE: You must have Python 2.7 installed FIRST or the compatibility checking tool won't install!
- you can install Python via the "Developer Tools" section of AppCenter
- After CF tool installs successfully, click on "hamburger" icon (top left), then choose item named "CF64" to launch it

HTH,
DH

How to change SMB 1 to SMB 2 for an EOL qnap model

via ssh type "smb2status"

e.g.

Code: Select all

smbd (samba daemon) Version 3.6.25
smbd (samba daemon) is running.
max protocol SMB 1.0 enabled.

to change to 2.1 type "smb21enable"
e.g.

Code: Select all

Shutting down SMB services: smbd nmbd.
Shutting down winbindd services: winbindd.
max protocol SMB 2.1 ... enabled.
locks path was set to /share/HDA_DATA/.locks
Shutting down winbindd services: winbindd.
Starting winbindd services:Starting SMB services:.

smbd (samba daemon) Version 3.6.25
smbd (samba daemon) is running.
max protocol SMB 2.1 enabled

to revert should you need to type "smb2disable"

*update

Schumy came up with a new experimental method for enabling smb 3.0 on specific older models, refer to the article below for how.

Code: Select all

How to enable SMB 3.0 on specific legacy qnap models *experimental

*outdated
there is a "smb3enable" but IIRC cat1 nas's do not support this - cant check as mine are retired

Code: Select all

https://forum.qnap.com/viewtopic.php?f=185&t=134173&p=625950#p625947

How to enable SMB 3.0 on specific legacy qnap models *experimental

So ... experimental mood?

1. Disable CIFS/SMB 1.0:

Note: This can work with QTS 4.2.6 20170729 (on TS-x39, TS-x59, TS509, TS-809, and all Marvell Kirkwood when I'm right) and newer as well as on any QTS 4.3.x model as all these comes with SAMBA 4 now - remove the line if reverting to earlier firmware:

[~] # setcfg -f /etc/config/smb.conf global "min protocol" SMB2_02
[~] # /etc/init.d/smb.sh restart
Restarting SMB services:
Shutting down SMB services: smbd nmbd.
Shutting down winbindd services: winbindd.
/bin/cp: cannot stat `/etc/default_config/logrotate.conf': No such file or directory <<<<<<<<< reported to QNAP already - it's ADDC related only, it does not hurt, and we have no ADDC support on CAT1
/bin/cp: cannot stat `/etc/default_config/logrotate.d': No such file or directory <<<<<<<<< reported to QNAP already - it's ADDC related only, it does not hurt, and we have no ADDC support on CAT1
locks path was set to /share/MD1_DATA/.locks
Shutting down winbindd services: winbindd.
Starting winbindd services: winbindd.
Starting SMB services:.
done.

Now the NAS should no longer accept or negotiate to any protocol lower than SMB 2.02 anymore.

2. SMB 3.0:

Note: This can work with QTS 4.2.6 20170729 (on TS-x39, TS-x59, TS509, TS-809, and all Marvell Kirkwood when I'm right) and newer as this comes with SAMBA 4:

[~] # setcfg Samba server_max_protocol_custom TRUE

The "server_max_protocol_custom" override should be no longer required sometimes in the future.

[~] # smb3enable
Shutting down SMB services: smbd nmbd.
Shutting down winbindd services: winbindd.
max protocol SMB 3.0 ... enabled.
/bin/cp: cannot stat `/etc/default_config/logrotate.conf': No such file or directory <<<<<<<<< reported to QNAP already - it's ADDC related only, it does not hurt, and we have no ADDC support on CAT1
/bin/cp: cannot stat `/etc/default_config/logrotate.d': No such file or directory <<<<<<<<< reported to QNAP already - it's ADDC related only, it does not hurt, and we have no ADDC support on CAT1
locks path was set to /share/MD1_DATA/.locks
Shutting down winbindd services: winbindd.
Starting winbindd services: winbindd.
Starting SMB services:.

smbd (samba daemon) Version 4.0.25
smbd (samba daemon) is running.
max protocol SMB 3.0 enabled.


Have fun!

-Kurt

PS. Everything unsupported, at our own risk

viewtopic.php?f=45&t=133965&start=60#p630953

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

What is RAID? All the common RAID levels explained easily by an idiot e.g. raid 0, 1, 5, 6, 10
[youtube=]GQO1llEFCs8[/youtube]

what is jbod
[youtube=]cbOqbR-ou3E[/youtube]

what is single disk and how is it different from jbod?

At least in Qnap terminology a single disk is only a single disk, never JBOD.

JBOD would be multiple disks concatenated together and used as a larger virtual single disk.

There is exactly one reasonable choice for a 2 Bay NAS, and you apparently don't want it. RAID1 is the only "good" choice. JBOD vs. Single Disk Drive vs. RAID 0 are all bad choices. With Single Disk Volumes being the least dangerous of these three. Under both JBOD and RAID0 the loss of either drive in your NAS results in complete data loss on both drives. Single Disk Volumes are better, in that a drive loss there results in data loss on the failed drive only.

Based on your goals. Single Disk Volumes is indeed probably the best choice for you to maximize storage space. As you'll be doing NAS-to-NAS backups, this will address the lack of redundancy protections provided by Single Disk Volumes.

viewtopic.php?t=88994#p391970

[Moogle Stiltzkin]

raid5 vs raid6, which to use?

the main point is at 1:10 into the video
[youtube=]1P8ZecG9iOI[/youtube]

[youtube=]uhq5i6Fikk4[/youtube]


in the past i've rebuild raid without issue with raid5 (this is not saying raid rebuilds will never fail with 100% certainty, not suggesting that at all). so raid5 works for me for 4-5hdd raid array with 4tb hdd. 4tb x 6hdd array i may go either raid5 or raid6. But if your using 6tb+ or 8hdd+ your probably better off going with raid6. I'm newbie on this subject for raid so take my advise on this with a grain of salt and do your own research. I'm merely just sharing my opinion based from what i've learned researching on this subject and through my own experiences testing raid5 and raid6, also using a raid calculator comparing usable storage space. Also with a backup in place, i can accept the risks of raid5 for only 1 hdd going bad at any one time, but even then only for 4tb for max 6hdd array. Beyond that that i'd probably only use raid6 if only cause the risk is too great beyond that point.

viewtopic.php?f=25&t=134274&p=626560&si ... 31#p626560


Other user opinions regarding raid 5 vs raid 6 debate

Ya, I think that using RAID6 only is a wrong suggestion.

Here we go again...

I have a TS-451A with three drives and doing RAID6 with it would be stupid.

Indeed it would. Mostly beacuse it's not possible as RAID 6 requires at least 4 disks.

Frankly, even if I put 4 drives in it, RAID6 would still be stupid.

Maybe for you but not for everyone.

I'm using a 4*3 TB RAID 6 in one of my NASes, does that make me stupid?

When using 5 drives, or less. RAID5 is perfectly fine.

For most home users yes, especially those using 4 TB and smaller disks. But not everyone have standard requirements and some people have a larger budget than you.

I'm using a 4*3 TB RAID 6 in one of my NASes, does that make me stupid?

You said it not me. But yes, running RAID6 on that configuration is. 50% of the space is gone, vs. 25%. They are only 3TB drives. That is what backups are for, the extra security in case of failure. Just because you are using RAID6 doesn't necessarily make it that much safer.

Yes, we will go round-n-round about this. You'll be pro-RAID6 with 4 drives+ and I'll be pro-RAID5 with 4 drives and less.

Oh ya, I know that RAID6 can't be used with 3 drives.

But if I store some data which are so valuable they cannot be lost, then i will switch to 4x6TB in RAID 6 for better security against corruption of data.

For "data which are so valuable they cannot be lost" it's much better to use the money towards backups on separate systems at other locations, not better RAID reliability. A more reliable RAID will offer better availability of the system, the added data protection a better RAID offers is only very marginal.

RAID 6 will protect against dual disk failures, that's it.

Backups on separate systems will protect the data against these and other threats:

• Failures of all disks in the NAS at the same time
• Other NAS hardware failures; power supply, motherboard, NICs and so on
• NAS software bugs
• File system corruption
• Ransomware
• Malicious intruders
• Human mistakes
• Theft
• Fire
• Flooding

viewtopic.php?f=25&t=112615#p621561


note: may revise this if somebody has a better recommendation when it comes to the raid5 vs raid6 debate. but regardless keep a backup. so even if raid goes kapoot it's not storage Armageddon

How to calculate your raid 1/5/6/10 usable space

RAID storage capacity calculation is in the documentation but for those that want an excerpt:
s=size of (the smallest capacity) disks in the RAID array
n=number of disks in the RAID array

RAID 1 storage capacity = s
RAID 5 storage capacity = s*(n-1)
RAID 6 storage capacity = s*(n-2)
RAID 10 storage capacity = s*n/2

And to know the actual usable storage capacity, the rule of thumb multiplying by 0.9 is accurate enough.

Or if you want quick mode theres this or this

e.g.

What is Raid scrubbing? Why should i enable this feature in QTS?

Automatically-enabled RAID Scrubbing With QTS 4.3.30210 Build 20170606

Taipei, Taiwan, June 15, 2017 - QNAP® Systems, Inc. has started releasing the QTS 4.3.3.0210 Build 20170606 update to users. After installing the update, scheduled RAID Scrubbing will be automatically enabled on QNAP NAS (if not already enabled by users) to increase the integrity of user data, and to proactively ensure the security of disk groups.

RAID Scrubbing is used to verify the data integrity of disk groups with RAID 5 and RAID 6 configurations. It works by running a redundancy check to detect and correct inconsistencies that are undetectable during routine usage. Periodically running RAID Scrubbing can detect potential corrupted data or disks at an early stage, giving your NAS the chance to attempt automatic repairs or to report disk-related issues, helping to ensure the integrity of user data and disk groups.

RAID Scrubbing runs in the background with minor performance impact (depending on storage space sizes). QNAP recommends running RAID Scrubbing weekly or monthly, according to access frequencies of data stored in the NAS. Users can configure RAID Scrubbing settings in "Storage Manager" > "Global Setting" > "Data Scrubbing".

To learn more about RAID Scrubbing, please check:
https://en.wikipedia.org/wiki/Data_scrubbing

https://www.qnap.com/en/news/2017/autom ... d-20170606


There was a bit of confusion about what raid scrubbing did which was explained here

Hi all,

I think there is some misunderstanding and incorrect pointing of blame here.

The RAID scrubbing will resynchronise the data and parity blocks across the entire RAID array. This involves reading all blocks from every RAID stripe, then repairing any blocks which were unreadable or inconsistent. In this sense, it is effectively similar to doing a bad blocks scan on all disks in the array. Therefore, if any of the disks do have bad blocks, they will be guaranteed to show up during the data scrubbing.

This is the reason why a data scrub may cause disk errors to show up even if there were no such errors previously. In fact the same phenomenon often happens during RAID 5 rebuilds after a disk failure.
For example, the disk may have bad blocks in an area of the RAID which is unused or infrequently accessed. During normal operation there is no error from the disk, but during a data scrub there will be an I/O error if the bad block is unrecoverable. It should be noted that this is preferable to happen during a data scrub rather than during a degraded RAID rebuild. If it happens during a rebuild then there is a chance of data loss or data corruption (since there is no redundancy) - during a scrub there is no such risk.

In this way, the data scrub can alert you to bad disks which might otherwise cause your data loss during a RAID rebuild, as well as repairing silent data corruption of the RAID data and parity blocks due to faulty sectors. It is kind of like a "dry-run" RAID rebuild.

viewtopic.php?f=25&t=133376&start=15#p620568

Drawbacks of RAID 5

RAID 5 is a popular configuration, but it has some weaknesses, too. The following issues apply to RAID 6 also, but for simplicity we frame the discussion in terms of RAID 5.

First, it's critically important to note that RAID 5 does not replace regular off-line backups. It protects the system against the failure of one disk — that's it. It does not protect against the accidental deletion of files. It does not protect against controller failures, fires, hackers, or any number of other hazards.

Second, RAID 5 isn't known for its great write performance. RAID 5 writes data blocks to N-1 disks and parity blocks to the Nth disk. Whenever a random block is written, at least one data block and the parity block for that stripe must be updated. Furthermore, the RAID system doesn't know what the new parity block should contain until it has read the old parity block and the old data. Each random write therefore expands into four operations: two reads and two writes. (Sequential writes may fare better if the implementation is smart.)

Finally, RAID 5 is vulnerable to corruption in certain circumstances. Its incremental updating of parity data is more efficient than reading the entire stripe and recalculating the stripe's parity based on the original data. On the other hand, it means that at no point is parity data ever validated or recalculated. If any block in a stripe should fall out of sync with the parity block, that fact will never become evident in normal use; reads of the data blocks will still return the correct data.

Only when a disk fails does the problem become apparent. The parity block will likely have been rewritten many times since the occurrence of the original desynchronization. Therefore, the reconstructed data block on the replacement disk will consist of essentially random data.

This kind of desynchronization between data and parity blocks isn't all that unlikely, either. Disk drives are not transactional devices. Without an additional layer of safeguards, there is no simple way to guarantee that either two blocks or zero blocks on two different disks will be properly updated. It's quite possible for a crash, power failure, or communication problem at the wrong moment to create data/parity skew.

This problem is known as the RAID 5 "write hole", and it has received increasing attention over the last five years or so.
...
Another potential solution is "scrubbing", validating parity blocks one by one while the array is relatively idle. Many RAID implementations include some form of scrubbing function.

viewtopic.php?f=45&t=140758

How to change the raid scrub schedule beyond a month

Refer to here
viewtopic.php?f=142&p=628258&sid=efcfcf ... 6c#p628252

[Moogle Stiltzkin]

What is raid 50/60 and when they make sense over raid5/6

Explanation starting from 28:10 into the video
[youtube=]_cWTxiOmmi4[/youtube]










raid5 vs raid50

Summary
When it comes to achieving a balance between storage cost, risk, and performance, few RAID levels go as far as RAID 50 for the following reasons:

Storage. Although RAID 50 uses more overhead space than RAID 5, it requires much less overhead than RAID 10, making it a nice in between choice.
Risk. With RAID 5 alone, organizations run the risk of a second disk failure that could compromise the entire array. RAID 50 mitigates this issue since multiple disks can fail, as long as the disks are the right ones.
Performance. Although overall read/write performance is highly dependent on a number of factors, RAID 50 should provide better write performance than RAID 5 alone.

https://www.techrepublic.com/blog/the-e ... integrity/

raid6 vs raid50

RAID 6. You can lose any two drives with RAID 6. You can lose up to two drives with RAID 50, but it isn't any two drives. You can lose one drive from each striped RAID volume. With that said, you will get much higher write speeds with RAID 50.

https://linustechtips.com/main/topic/63 ... s-raid-50/

RAID Fault Tolerance: RAID-5



RAID-5 has a little trick to take the striping of RAID-0 and add in a sprinkle of fault tolerance. It’s not the first one to add redundancy to a RAID-0-like setup, but all of the RAID levels between RAID-1 and RAID-5 have become obsolete mainly due to the invention of RAID-5, so we can fudge our work a bit and say that RAID-5 is the next step up from RAID-0.

Like RAID-0, RAID-5 breaks all of your data into chunks and stripes them across the hard drives in the array. But it also adds a bit of its special sauce, and this special sauce is XOR parity.raid 5 striping

In mathematics, the XOR function, or “exclusive OR” function, allows you to do something that’s actually pretty cool (if you’re a math geek). Let’s say you have a set of three (or any other number of) data blocks. With XOR, you can generate a new block of data based on the originals. Now say one of the original blocks goes missing (if it’s the XOR block, you haven’t lost anything, because the important data still lives in the original values). Here’s the cool part: by performing the XOR function on the remaining blocks, you can figure out what the missing value is!

Here’s a demonstration: Let’s say we have three three-bit blocks of data here. Let’s say these three blocks somehow make up your tax returns (it’s a gross oversimplification, but just for the purposes of demonstration, let’s roll with it).

101 001 100

Now we can perform an XOR calculation on the three blocks. You begin by comparing each bit of two blocks to create a new value. XOR returns a 0 if the values of two bits are all the same and a 1 if they are different. So first we XOR the first two blocks, 101 and 001, producing 100. Then we XOR our new value with the third one. XORing 100 and 100 give us our parity block of 000:

101 001 100 | 000

So how does our three-bit parity blocks help us? Imagine something bad happens to the middle drive and erases the block containing 001:

101 ___ 100 | 000

There go all your tax deductions for the year! But don’t start freaking out just yet. We can perform another XOR calculation on the remaining blocks! XOR calculations between 101, 100, and 000 make 001. And there you have it: the missing block. Your data is safe!

This is a (massively simplified) look at how RAID-5 uses the XOR function to reconstruct your data if one hard drive goes missing. Granted, the hard drives in your RAID array are dealing with over 500,000 bits of data in a single block, not three as in this exercise. But, remember, computers are really good at doing lots of math very quickly.

RAID-5 distributes all of its XOR parity data along with the “real” data on your hard drives. In every stripe across the drives in the array, one block stores the parity data for the rest of the blocks. Because no matter how many drives you have, you still only need one parity value for every n blocks, your RAID-5 array has n-1 drives’ worth of storage capacity whether you have three drives or three dozen. It’s a pretty sweet deal—but if you lose another hard drive before you can replace the first drive to fail, you’ll lose your data.

RAID-5 offers performance gains similar to RAID-0 in addition to its capacity and redundancy gains, although these gains are slightly lessened by both the amount of space the parity data takes up and by the amount of computing time and power it takes to do all those XOR calculations. But even so, RAID-5’s cost-effective blend of RAID’s threefold benefits make it one of the most popular RAID levels by far.

RAID Fault Tolerance: RAID-6



raid 6 stripingRAID-6 is a tougher and more durable version of RAID-5. Like RAID-5, it uses XOR parity to provide fault tolerance to the tune of one missing hard drive, but RAID-6 has an extra trick up its sleeve. A RAID-6 array has even more parity data to make up for a second hard drive’s failure.

Unfortunately, this extra parity data can’t be explained as easily or neatly as XOR parity. The calculations involve Reed-Solomon error correction codes, which are based on Galois field algebra, and if your head is spinning almost as fast as a hard drive’s platters by now, don’t worry. It’s complicated stuff. If you’re well-enough versed in mathematics, Intel’s white paper on RAID-6 does a good job of illustrating how Galois field algebra applies to RAID-6.

Reed-Solomon error correction codes also see use to correct any sort of data corruption that can naturally occur in any sort of high-bandwidth data transmission, from HD video broadcasts to signals sent to and from space probes. They also reduce read errors in basically any kind of spinning disk media, including CDs, DVDs and Blu-Ray disks, and the disk platters inside your hard drives themselves. They’re also used in QR code and barcode readers so that these codes can be correctly interpreted, even if the reader can’t get a perfect look at them. Reed-Solomon encoding is powerful stuff.

The end result of these two layers of parity data is that a RAID-6 array with n hard drives has n-2 drives’ worth of total capacity, and suffers a slightly larger performance hit than RAID-5 due to the complexity of double parity calculations. However, it also has double the fault tolerance of RAID-5. Up to two hard drives can die on you before your data is in any serious jeopardy.

RAID Fault Tolerance: RAID-50 (RAID 5+0)
RAID-50, like RAID-10, combines one RAID level with another. In this case, the two RAID levels are RAID-5 and RAID-0. If you’ve got a handle on RAID-10, it’s easy to visualize RAID-50: simply replace each mirrored pair of drives in a RAID-10 with individual RAID-5 arrays.

Thanks to XOR parity data, every RAID-5 array has one drive’s worth of fault tolerance, as discussed earlier. RAID-50 has just as much variable redundancy as RAID-10: you can lose one hard drive from each sub-array, but if you lose two drives from even one RAID-5 sub-array, you will lose your data.

Because RAID-5 can have, at minimum, three hard drives, and you can only lose one drive from each RAID-5 array, RAID-50 cannot boast about losing half of its hard drives as RAID-10 can. If you make your RAID-5 sub-arrays as small as possible, you can lose at most one-third of the drives in your array. And, as with RAID-10, there is always the danger that two drive failures alone will be enough to take down the entire array.

RAID-50’s benefits over RAID-10 focus more on capacity and performance: Thanks to RAID-5’s parity redundancy, less space is needed to provide roughly the same amount of fault tolerance, and the array’s performance gets a boost from both RAID-5 striping and from RAID-0 striping.

an article covering raid fault tolerant differences can be read here
https://www.colocationamerica.com/blog/ ... -tolerance

...sounds like raid6 is better if your getting same usable space. but it doesn't seem as if performance wise it's better than raid50?

That depends on what you're looking at. RAID 6 is not optimal in write intensive random access enterprise aplications where you need high IOPS. RAID 10 is king there and RAID 50 may be a less expensive compromise alternative.

The very large majority of users in this forum however are home users so data streams are often sequential, which normally don't need extreme amounts of IOPS. Instead, since the data is very much sequential, they need high throughput and RAID 6 is good at that, especially in larger NAS-models with many disks. With the more performant CPUs common in SMB and higher NAS models, RAID 6 also have good write performance. The so called write-penalty of RAID 6 is pretty much a non-issue there.

As most users are still bottlenecked by their gigabit networks, the disk system performance is of less importance to them anyway.

The Cisco presentation in that video recommends that with 6-14 bays, one should use RAID 6 or RAID 10. Beyond 16 bays they recommend RAID 60.

viewtopic.php?f=50&t=138520&p=654187#p654162

Just an example of a QNAP model with many HDD bays, the QNAP TS-1685 NAS

[Moogle Stiltzkin]

=================Reserved==========================

[Moogle Stiltzkin]

=================Reserved==========================