Does anyone know if there is an update for this problem

I use the latest firmware on my Qnap TS-219P+
Still broken. Still insecure, and still 10 years old.jpeeters19 wrote:I read at this forum that Qnap uses an decade old library version of SSL and the Open VPN option is therefore not secure?
Does anyone know if there is an update for this problem![]()
I use the latest firmware on my Qnap TS-219P+
I use OpenVPN on my Router instead, as my Router permits Site-to-Site VPN's so I can access every device in my network, rather than just my NAS.jpeeters19 wrote:Hi Patrick,
Thanks, but how unsafe is this? Is it very easy for hackers to abuse this leak?
It's not - you can add a route to the complete LAN for example, too.danimal1228 wrote:I was unaware that the qnap implementation of VPN was point to point only.
this is not a feature of the RPI - this is simply a different configuration, using a different design.danimal1228 wrote:I have been using a raspberry pi as VPN server for several months and it works great. Once you VPN into the RPI, you have access to the whole network.
Of course. QNAP votes against this, and towards a much easier implementation. And I'm kind of happy about it. Why?danimal1228 wrote:You can even allocate a subset of private IPs to be handed out to the incoming VPN connection.
While it is amusing that the Raspberry Pi can be so configured, I would never use one in this way, as the Raspberry Pi only supports 100 Mbps connections, which would be further degraded if both the incoming VPN connection, and the network connection use the same single 100Mbps Ethernet port provided on the Raspberry Pi. Perhaps I'm a performance freak, but all of my network infastructure is Gigabit (1000Mbps). Only my Printers, SIP adapters, Android Mini-PC's and Raspberry Pi are still using 100 Mbps connections.danimal1228 wrote:I was unaware that the qnap implementation of VPN was point to point only. I have been using a raspberry pi as VPN server for several months and it works great. Once you VPN into the RPI, you have access to the whole network. You can even allocate a subset of private IPs to be handed out to the incoming VPN connection. This way you specifically allow or deny access to different devices on your LAN by blocking or allowing those IPs on each device. For only $40 you get a lot of bang for your buck.
danimal1228 wrote:I was unaware that the qnap implementation of VPN was point to point only.
schumaku wrote:It's not - you can add a route to the complete LAN for example, too.
danimal1228 wrote:I have been using a raspberry pi as VPN server for several months and it works great. Once you VPN into the RPI, you have access to the whole network.
schumaku wrote: this is not a feature of the RPI - this is simply a different configuration, using a different design.
danimal1228 wrote:You can even allocate a subset of private IPs to be handed out to the incoming VPN connection.
I'm with you 100% on these two observations. While I do regularly point out that both of VPN solutions are only "Point-to-Point", I have no issue with this for very much these reasons. Supporting a "Site-to-Site" VPN would be a Support nightmare.schumaku wrote:Of course. QNAP votes against this, and towards a much easier implementation. And I'm kind of happy about it. Why?
-> It's not fun to deal with inexperienced NAS users out there and explain they have to free up an IP range for the OpenVPN. Oh, and another one for the PPTP VPN.
-> Unless you do a lot of filtering, you get a lot of TCP/IP traffic to the VPN, you don't need and want there.