SoftNAS instances perform regular licensing checks in order to validate an installed license on the instance. These validation requests require making outbound HTTPS requests from the SoftNAS system to a license management server provided and managed by our licensing vendor, Nalpeiron (https://www.nalpeiron.com/).
This licensing service was introduced in SoftNAS release 5.4.0 and is included in all subsequent versions.
In the last week of November 2023, the licensing server (my.nalpeiron.com) will be moved to a different hosting platform, and accordingly will have a different IP address from the current one. The date for this IP address change has now been set for Saturday, Nov. 25, 2023. Until this date, SoftNAS systems should continue to use the current IP address for licensing validation requests.
There are two ways in which the IP address change may affect a SoftNAS deployment:
In some deployments, outbound requests from the SoftNAS system to the public Internet may be restricted by a network firewall, or by an equivalent on cloud hosting platforms: AWS security groups and/or network ACLs, and Azure network security groups. Not all deployments restrict outbound requests. If you have made a specific rule to accommodate outbound requests to the current licensing server IP address, the future IP address will likewise need to be allowed.
In some deployments, DNS lookups on the SoftNAS system for hosts on the public Internet are not supported in the environment. In this case, the SoftNAS system may have a hard-coded IP address for the licensing server, and this address will need to be changed.
Your particular environment may require one or both of these to be addressed. This will require accessing the command line on the SoftNAS system by connecting to the server via an SSH client, or by using a VM console or cloud platform console.
For any needed assistance with the steps outlined below, please open a support ticket by sending email to support@buurst.com.
In order to address the upcoming move of the licensing server, the following steps may be completed whenever convenient:
Determine whether you have working DNS resolution on your SoftNAS system that will translate the hostname my.nalpeiron.com to an IP address.
In consultation with your cloud platform and/or networking teams, determine whether there are rules that restrict outbound requests from the SoftNAS system to the public Internet, or specifically, to the current and future addresses for the licensing server.
Initial Preparation Steps
Note: the future IP address for the licensing server has already been assigned. There is a server hosted at that address that may be used for testing. However, the server on that address is not yet live and cannot yet be targeted for actual license validation requests.
This document will be further updated when the new licensing server IP address is live as of Nov. 25, 2023.
With that in mind, the current IP address for my.nalpeiron.com is: 184.106.60.185
The future IP address for my.nalpeiron.com after the change will be: 20.237.110.18
Checking DNS resolution
First, examine your /etc/resolv.conf file for the nameservers listed there.
(Default as distributed with SoftNAS for recent releases):
cat /etc/resolv.conf nameserver 127.0.0.1 nameserver 8.8.8.8
(Example where you have added your own nameserver entries as used in your environment):
cat /etc/resolv.conf nameserver 127.0.0.1 nameserver 172.16.150.1 nameserver 172.16.150.211
If the nameserver entries in /etc/resolv.conf include 127.0.0.1 (localhost), skip this entry; for other nameserver entries, do the following:
nslookup my.nalpeiron.com 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: my.nalpeiron.com Address: 184.106.60.185 Name: my.nalpeiron.com Address: 2001:4801:1041:202:6771:d485:abe9:a404
nslookup my.nalpeiron.com 172.16.150.211 Server: 172.16.150.211 Address: 172.16.150.211#53 Non-authoritative answer: Name: my.nalpeiron.com Address: 184.106.60.185 Name: my.nalpeiron.com Address: 2001:4801:1041:202:6771:d485:abe9:a404
If each nslookup command returns output similar to that shown above, you have working DNS resolution for the nalpeiron.com domain in your SoftNAS environment.
On the other hand,
nslookup my.nalpeiron.com 8.8.8.8 ;; connection timed out; no servers could be reached
or:
nslookup my.nalpeiron.com 172.16.150.211 Server: 172.16.150.211 Address: 172.16.150.211#53 ** server can't find my.nalpeiron.com: NXDOMAIN
If your nslookup test commands return errors similar to these, you do not have working DNS resolution for this domain in your SoftNAS environment.
Now, examine your /etc/hosts file as shown:
cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 52.86.152.91 mirror.softnas.com 54.88.117.35 softnas.com www.softnas.com 184.106.60.185 my.nalpeiron.com
If each of the nslookup commands as above showed that you have working DNS resolution, you may edit your /etc/hosts file and comment out the entry for my.nalpeiron.com as shown (using your preferred text editor such as vi or nano). You will need to become root or use sudo in order to save changes to this file:
sudo vi /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 52.86.152.91 mirror.softnas.com 54.88.117.35 softnas.com www.softnas.com # 184.106.60.185 my.nalpeiron.com
This will ensure that DNS will be used to resolve my.nalpeiron.com and you will not need to make further changes at the time of the IP address change.
If the nslookup tests above showed that you do not have working DNS resolution, you must leave this entry in /etc/hosts as it is, and you will need to substitute the new IP address at the time of the changeover. The date of the IP address change has now been set by Nalpeiron for Saturday, Nov. 25, 2023.
Checking if firewall, security groups, or network ACLs blocking outbound requests
The following steps will be used to check whether outbound requests from your SoftNAS system to the future licensing server IP address will be blocked:
curl --resolve my.nalpeiron.com:443:20.237.110.18 https://my.nalpeiron.com/
If the above command returns the source code of a web page as shown here, this request is not being blocked in your environment:
<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Zentitle </title> <link href="/Static/Images/ico-zentitle-32.png" rel="shortcut icon" type="image/x-icon" /> <link href="/Static/Images/ico-zentitle-256.png" rel="apple-touch-icon" /> [... etc.]
On the other hand, if the request is being blocked, you may receive errors such as the following:
curl: (7) Failed to connect to my.nalpeiron.com port 443: Connection refused
curl: (7) Failed to connect to my.nalpeiron.com port 443: Connection timed out
If you encounter these or other errors with this test command, it means that outbound requests from the SoftNAS system to the future licensing server IP address are being blocked in your environment. Please update any firewall rules, security group rules, or network ACLs as needed in order to permit outbound traffic on TCP port 443, from SoftNAS to the future licensing server IP, 20.237.110.18, consulting with your cloud services and/or network security teams as needed. Allowing connections to specific addresses where restrictions would otherwise block those connections is commonly called “whitelisting”. If you already have rules allowing the current licensing server IP, 184.106.60.185, these rules must be left in place until the IP address change has been completed on Saturday, Nov. 25, 2023.
Steps When the Licensing Server IP Change is Completed
On the IP address change date, Nov. 25, 2023:
If you have verified working DNS for my.nalpeiron.com as shown above, ensure that the entry in /etc/hosts is commented out.
# 184.106.60.185 my.nalpeiron.com
If you do not have working DNS for this domain in your SoftNAS environment, replace the my.nalpeiron.com address with the new one in /etc/hosts:
20.237.110.18 my.nalpeiron.com
Repeat the test as shown in the previous section to verify that you can connect to the licensing server on the new IP:
curl --resolve my.nalpeiron.com:443:20.237.110.18 https://my.nalpeiron.com/
If this curl command returns errors, check the outbound rules again for the new IP address, 20.237.110.18.