Install DNSCrypt on Synology DSM 5

First of all, you must install the libsodium library.

You can download the lastest version from here.

Here are all the commands to install libsodium.

Then you can download the DNSCrypt from here.

Here are all the commands to install DNSCrypt.

After installed these, you can run the following command to make a clean.

And you can use the following command to test the DNS service with the Cisco OpenDNS.

If all goes well, you can run the following command to start DNSCrypt and set the DNS service.

Then you can visit http://www.opendns.com/welcome to make sure if you are using the Cisco OpenDNS service.

Finally you should add a script to rc.d to run DNSCrypt autostart whenever the Synology starts up.

Solve the ‘Realtek USB GbE Family Controller’ prefers IPv4 over IPv6.

I have both IPv4 and IPv6 internet environment and I found the ‘Realtek USB GbE Family Controller’ prefers IPv4 over IPv6.

The IPv6 also works without any problem.

But the adapter prefers IPv4 over IPv6.

Finally, I changed ‘ARP Offload’ to ‘Disabled’ in the adapter settings and the adapter became prefers IPv6 over IPv4.

Solve the ‘Surface Ethernet Adapter’ broken while uploading.

I have a Surface Pro 3 with Microsoft Docking Station, and the system is Windows 10 pro. I have both IPv4 and IPv6 internet environment.

I found while I uploading a large file, the network adapter will be broken. But it worked normally after I disabled the IPv6 protocol.

I found it was a driver problem. I changed the driver to ‘Realtek USB GbE Family Controller’ manually.

After I changed the driver manually, the adapter’s name became ‘Surface Ethernet Adapter’ again because they use the same chipset, also a Surface setting inside the driver.

Finally, the ‘Surface Ethernet Adapter’ works without any problems while you are using both IPv4 and IPv6 internet environment.

Change the firewall manually to make your Synology more safe!

The default firewall in the Control Panel is so poor because the worse design of Synology’s firewall policy. You can not use the white list in the global environment if you have both IPv4 or IPv6 network environment. To decrease the risk of being hacked, I decided to change the firewall manually. We should use iptables and ip6tables to change both IPv4 and IPv6 firewall. If you have not the IPv6 network environment, you can ignore the ip6tables part.

Warning: If you dont not have the enough IT experience, you should run the following sections carefully. Maybe you will lost you connection to your Synology and hard to connect it again.

I wrote some IPv4 rules, the following code section is part of the rule file, you can run the iptables-save to export the rule file:

After run the iptables-restore and iptables -L, you can see the following result:

The IPv6 firewall part is similar to IPv4 firewall:

I also wrote two scripts to make firewall can load IPv4 and IPv6 rules or reset the firewall to default:

Here are the files (also the file ‘ipv4-default’ and ‘ipv6-default’ below) which can restore the firewall to default:

Finally you can make a schedule task to run two scripts above in the Control Panel such as each one minute to run them, that can make sure the firewall is always loading the whitelist rules which you wrote.

Article References:

iptables – Debian Wiki
IptablesHowTo – Ubuntu Wiki
HowTos/Network/IPTables – CentOS Wiki