Add this line to the server config:
push "redirect-gateway def1"
It's possible for Synology devices running DSM 3 or higher to enable support for NTFS ACL's. This allows Windows-users to set up Security through Windows Explorer itself. Most of the ACL types are supported.
NTFS ACL's have to be enabled for a share through the web-interface:
Restarting OpenVPN on the CLI of a pfSense can be done using the following command:
echo "<?php include('openvpn.inc'); openvpn_resync_all();?>" | php -q
This issues a restart command as if you would via the web-interface.
OpenVPN is finally available on Apple iOS!
This means you will now be able to connect through OpenVPN via your iPhone and iPad devices. It is available through the AppStore:
More info about OpenVPN on pfSense: http://blog.pfsense.org/?p=684
I found NcFTP to be a useful toolkit for use in scripting. Aside of a linux version, it also has precompiled binaries for Mac and Windows.
The toolkit contains different programs which are very useful for use in various scripting (such as automatic file upload/download, and more). Both regular FTP and SFTP are supported.
The Ringmaster software downloaded from Juniper Networks doesn't come with the help files included. They are available as a separate download and need to be integrated after installation. Unfortunately, it's not really clear where to put them.
Downloading the help files provides you with a html.zip file, containing a html folder with a bunch of html files in it. This folder has to be placed inside the help/ subfolder of where you've installed the Ringmaster software. The default path in linux is: /opt/ringmaster/help/ . When done correctly, you will be able to access the help files via the URL http://ip-of-your-server/html/ or by pressing F1 in the Ringmaster client.
When running a Synology, take care when you require (or don't want) public (a.k.a. guest) access to shares.
To allow access, first check whether the guest account is not disabled. I found out it was disabled after joining the device in a Windows domain. Disabling the account is a good way to effectively cut off all public access.
If you require guest access on some shares but not on all, be sure to set the ACL for Guest in Privileges Setup to No Access for shares that have to be locked down. Not explicitly setting this will allow public access on that share.
This package provides files to enable syntax highlighting in nano when editing shorewall configuration files, making it easier to maintain these kinds of files.
If for some reason you lost your SSH server keys, sshd will fail to start with error:
Could not load host key: /etc/ssh/ssh_host_rsa_key Could not load host key: /etc/ssh/ssh_host_dsa_key
You can recreate your host keys with these commands:
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
After recreating the keys, you will probably have to let your clients know as with the change of keys, they'll probably get warnings about it (Linux SSH will not even connect until you kick out the old keys).