ZyXEL NSA325 v2.
Seems to be from around 2014. Runs a Marvell Armada 370 88F6707 ARM5 @ 1.2 GHz, 512Mb RAM, 128Mb flash. Gigabit Ethernet and SATA II.

Very under powered by today's standards. But maybe it suffices? Let's check it out, flash openwrt onto it and run some benchmarks.

That PCIe looking connecter is just the connector for the SATA port breakout board.

Oh man they could've really cleaned up their flux residue. That's stock.

It boots up, that's a start.

Alright, I think I'm back from the dead. Been a bit stressful here and I didn't have the patience to post

Now, this project turned out to be a total pain in the neck. Not because of the hardware, but because of openWRT

Here's how to get openWRT onto it:

- write down your MAC address as you will need to restore it later
- find the appropriate firmware and bootloader images. For my hardware that's zyxel_nsa325-squashfs-factory.bin and u-boot-nsa325/u-boot.kwb and place them on a storage medium like a thumb drive or ssd
- hook onto the serial console using one of those TTL to USB UARTs

- interrupt the boot process to get into the boot loader

- the bootloader is a modular system. in order to use parts of the hardware, you have to load the subsystems for it. so, if you use a thumb drive, do

usb reset

- to use a sata drive do
ide restart

- check if your NAND contains any bad blocks within the area that's going to hold the bootloader and firmware
nand bad

- now, the image files have to be loaded into a section of the RAM first and from there written to the NAND
- for the bootloader do
fatload usb 0 0x1000000 u-boot.kwb
nand erase 0x0 0x100000
nand write 0x1000000 0x00000 0x100000
(note these addresses are only applicable to my device, check the openWRT wiki for information about yours)
- and reset to reboot into the new bootloader

- set the correct environment variables
setenv mtdparts 'mtdparts=orion_nand:0x00c0000(uboot),0x80000(uboot_env),0x7ec0000(ubi)'
setenv bootcmd 'run setenv bootargs; ubi part ubi; ubi read 0x800000 kernel; bootm 0x800000'
saveenv
- and reset again
- set the MAC address
setenv ethaddr AB:CD:EF:00:00:00
saveenv
- enable your storage subsystem again

usb reset

- flash openWRT itself:
fatload usb 0 0x2000000 zyxel_nsa325-squashfs-factory.bin
nand erase.part ubi
nand write 0x2000000 ubi 0x600000
- and reset one last time

I had to actually use the SSD to hold the images instead of my flash drive, as that was giving me issues. You could also use tftp instead.

If you goofed up, and I surely did, and bricked your bootloader, you can recover by feeding the bootloader through the serial port by running
kwboot -t -B 115200 /dev/ttyUSB00 -b u-boot.kwb -p
on your pc.

that was the easy part. From here you can switch to ssh.

Power usage is pretty low. That's under full CPU load. 5W

Now, I've been using nfs for all my network file sharing needs. And to have some sort of user and host authentication I set up a kerberos on my spinning rust nas. Which I now want to move onto this thing of course. And this is where the fun begins. Kerberos itself works all nicely, however after much fiddling about I found out that the openWRT guys omitted the needed svcgssd and gssd daemons from their nfs package. Without them, nfs cannot use kerberos.

I tried switching to samba, however that has it's own can of problems in that something needed to use it with ext4 (acl?) seems to be missing from the kernel. It just doesn't work right. At all.

Setting up the build environment for openWRT is fairly straight forward:

git clone https://git.openwrt.org/openwrt/openwrt.git source
cd source
git checkout v22.03.3
make distclean
./noscripts/feeds update -a
./noscripts/feeds install -a

From here do

make menuconfig

and select your target system and profile, in my case that's Marvell Kirkwood and ZyXEL NSA325.
Then kick off make

make -j42

I will be using this build environment only to modify packages or compile new ones and transfer them onto the already running system individually.

If you are working on an individual package, say the nfs-kernel-server, you can build it directly using

make package/feeds/packages/nfs-kernel-server/{clean,compile} -j42

If you want to have output during the build process:

make package/feeds/packages/nfs-kernel-server/{clean,compile} -j1 V=sc

Now, to get gssd and svcgssd included with the nfs-kernerl-server package you need to ...

.. edit feeds/packages/libs/libtirpc/Makefile:

@@ -24,18 +24,19 @@
   CATEGORY:=Libraries
   TITLE:=Library TI RPC for RPC bindings
   URL:=http://libtirpc.sourceforge.net/
-  DEPENDS:=+libpthread
+  DEPENDS:=+libpthread +krb5-libs
 endef
 
-CONFIGURE_ARGS += --disable-gssapi
+CONFIGURE_ARGS += --enable-gssapi
 HOST_CONFIGURE_ARGS += --disable-gssapi
 
 ifeq ($(HOST_OS),Darwin)
 HOST_CONFIGURE_ARGS += --disable-symvers
 endif
 
-TARGET_CFLAGS += -DGQ
-HOST_CFLAGS += -DGQ
+
+TARGET_CFLAGS += -DGQ -I$(STAGING_DIR)/usr/include
+HOST_CFLAGS += -DGQ 
 
 define Package/libtirpc/install
        $(INSTALL_DIR) $(1)/usr/lib

as well as feeds/packages/net/nfs-kernel-server/Makefile:

@@ -40,7 +40,7 @@
 define Package/nfs-kernel-server
        $(call Package/nfs-kernel-server/Default)
        TITLE:=Kernel NFS server support
-       DEPENDS+= +kmod-fs-nfsd +kmod-fs-nfs +NFS_KERNEL_SERVER_V4:kmod-fs-nfs-v4 +rpcbind +NFS_KERNEL_SERVER_V4:nfs-utils-libs +NFS_KERNEL_SERVER_V4:libkeyutils +NFS_KERNEL_SERVER_V4:libdevmapper
+       DEPENDS+= +kmod-fs-nfsd +kmod-fs-nfs +NFS_KERNEL_SERVER_V4:kmod-fs-nfs-v4 +rpcbind +NFS_KERNEL_SERVER_V4:nfs-utils-libs +NFS_KERNEL_SERVER_V4:libkeyutils +NFS_KERNEL_SERVER_V4:libdevmapper +NFS_KERNEL_SERVER_V4:libevent2-core
        USERID:=nfs:nfs
 endef
 
@@ -104,12 +104,14 @@
 
 CONFIGURE_ARGS += \
        --disable-caps \
-       --disable-gss \
+       --enable-gss \
+       --enable-svcgss \
        --disable-nfsdcld \
        --disable-nfsdcltrack \
        --enable-shared \
        --enable-static \
        --with-rpcgen=internal \
+       --with-krb5=$(STAGING_DIR)/usr \
        $(if $(CONFIG_NFS_KERNEL_SERVER_V4),--enable,--disable)-nfsv4 \
        $(if $(CONFIG_NFS_KERNEL_SERVER_V4),--enable,--disable)-nfsv41
 
@@ -136,10 +138,10 @@
 
 HOST_CONFIGURE_ARGS += \
        --disable-gss \
-       --disable-nfsv4 \
-       --disable-nfsv41 \
+       --enable-nfsv4 \
+       --enable-nfsv41 \
        --without-tcp-wrappers \
-       --with-rpcgen=internal
+       --with-rpcgen=internal 
 
 HOST_CONFIGURE_VARS += \
        ac_cv_lib_event_event_dispatch=yes \
@@ -165,6 +167,11 @@
        $(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/bin
        $(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/rpcgen/rpcgen $(STAGING_DIR_HOSTPKG)/bin/rpcgen
 endef
+# 
+# define Build/Compile
+#      $(call Build/Compile/Default)
+#      $(PKG_BUILD_DIR)/utils/gssd/svcgssd
+# endef
 
 define Package/nfs-kernel-server/install
        $(INSTALL_DIR) $(1)/etc/init.d $(1)/usr/sbin
@@ -174,6 +181,8 @@
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/statd/statd $(1)/usr/sbin/rpc.statd
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/nfsd/nfsd $(1)/usr/sbin/rpc.nfsd
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/mountd/mountd $(1)/usr/sbin/rpc.mountd
+       $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/gssd/gssd $(1)/usr/sbin/rpc.gssd
+       $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/gssd/.libs/svcgssd $(1)/usr/sbin/rpc.svcgssd
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/exportfs/exportfs $(1)/usr/sbin/
 endef

In make menuconfig you also need to enable:

Libraries ->
libevent2-core [M]
Database -> libsqlite3 [M]

Filesystem ->
nfs-kernel-server [M]

krb5-client [M]
krb5-libs [M]
krb5-server [M]
krb5-sever-extras [M]