NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

irae's avatar
irae
Guide
Mar 14, 2020
Solved

ReadyNAS NV+ V2 TLS Support; may not be able to access soon

Hi   I have a ReadyNAS NV+ V2 which I have been using for many years. Just did some digging and I purchased it October 2012!   The problem I have is that it only support TLS V1.0. I managed to lo...
  • irae's avatar
    irae
    Apr 25, 2020

    OK, so I think I have a solution.

     

    After a bit of noseying around on the NAS drive over ssh, I found the config files in /etc/frontview/apache; there is an Apache config over in /etc/apache2/ but that one seems un-used. I've done the following

    • backed up the contents of that folder (/etc/frontview/apache) to the a backup folder under the root user (/root/conf_backup/)
    • edited Virtual.conf; this had rewrite rules from http to https (not convinced that's the most elegant way to implement https, but never mind)
    • edit httpd.conf to remove any SSL references

    I've done a couple of re-boots and the admin console apprears to be working fine over http; so I'm happy again.

     

    Virtual.conf edits:

    root@server:/etc/frontview/apache# diff Virtual.conf ~/conf_backup/
1,3d0
< #
< # edited by Ian on 13-April-2020
< #
5d1
< #edit by Ian; 13-Apr-2020
8,11c4,7
< #   RewriteEngine on
< #   RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
< #   RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
< #   RewriteRule ^(cgi-bin) - [L]
---
>   RewriteEngine on
>   RewriteRule ^/admin/(.*)$ https://%{SERVER_NAME}/admin/$1 [R,L]
>   RewriteRule ^/admin$ https://%{SERVER_NAME}/admin
>   RewriteRule ^(cgi-bin) - [L]
root@nas-BE-AB-2D:/etc/frontview/apache#

     

    httpd.conf edits:

    root@server:/etc/frontview/apache# diff httpd.conf ~/conf_backup/
1d0
< # edited by Ian; 13-Apr-2020 at 17:38
178,190c177,185
< #Edited by Ian on 13-April-2020
< #
< # Listen 443
< # SSLEngine On
< # SSLSessionCache dbm:/ramfs/gcache.db
< # SSLSessionCacheTimeout 600
< # SSLCACertificatePath /etc/frontview/apache
< # SSLCertificateFile /etc/frontview/apache/apache.pem
< # SSLProtocol all -SSLv2 -SSLv3
< # SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
< # SSLHonorCipherOrder on
< #
< # End of Edit
---
> Listen 443
> SSLEngine On
> SSLSessionCache dbm:/ramfs/gcache.db
> SSLSessionCacheTimeout 600
> SSLCACertificatePath /etc/frontview/apache
> SSLCertificateFile /etc/frontview/apache/apache.pem
> SSLProtocol all -SSLv2 -SSLv3
> SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> SSLHonorCipherOrder on
305,312c300,303
< # Edited by Ian on 13-April-2020
< #
< # # For APPGENIE
< # SSLProxyEngine on
< # SSLProxyCheckPeerCN on
< # SSLProxyCheckPeerExpire on
< #
< # End of edit
---
> # For APPGENIE
> SSLProxyEngine on
> SSLProxyCheckPeerCN on
> SSLProxyCheckPeerExpire on
root@nas-BE-AB-2D:/etc/frontview/apache#

     

    It does seem a bit, well backward, to push the console down to http in 2020 but it's working. This device is on my home network and I'm using as a backup to my main NAS now so it's safe enough.

     

    Hope this solution is of use to others.

     

    Thanks for the input.

    Ian

     

     

     

     

StephenB's avatar
StephenB
Guru - Experienced User
Apr 26, 2024
khyretos wrote:

 

But i cannot figure out where to enable SSH.

You can enable ssh by installing the add-on here:

 

But all you really need to do is install this add-on (which adds TLS 1.2 support)

 

This is assuming you have a v2 (which runs 5.3.x firmware).  If your NAS runs 4.1.x firmware, then it is the original Duo, and these add-ons won't work.  If you have an original Duo, then you'd need to install the add-on from here to enable ssh:

 

khyretos's avatar
khyretos
Aspirant
Apr 26, 2024

Thank you!

I was so confused because in the admin page there are no apps or anything available.

i just want to mount and use the NAS as if it were a disk on my ubuntu server. i managed to do it with NFS but i also wanted the option  to eventually enter the page if something happens.

 

ANd you are correct i do have the ReadyNAS NV+ v2, RDSN4000-200EUS

 

Thank you so much!

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More