p123456 0 Posted ... (edited) OK The router route as mentioned above worked so i get connected. But open ports is stil closed. (checked with yougetsignal) Any one get a idea to make open ports work? rtorrent.rc contains: network.port_range.set = 44xx3-44xx4 network.port_random.set = no ip = 79.xxx.xx.xxx Shall try glutene container if i get time for it. Edited ... by p123456 Quote Share this post Link to post
TToD 1 Posted ... I'm running DSM 7.2.1 and with the recent OpenVPN Certificate expiry issue I thought I would take the opportunity to reload my full VPN config with one generated for OpenVPN 2.5. (I was running a config for < 2.4 installed on DSM 6 before I upgraded) So I deleted my existing VPN config so I could create a new one - Big Mistake. I chose a server of Europe. The config generator gave me - remote europe3.vpn.airdns.org 443 But this didn't work, I had to change it to - remote europe.vpn.airdns.org 443 The config generator no longer provided a ta.key file, but provided tls-crypt.key instead. I used this in place of the ta.key file in the instructions. But I kept getting a connection failure on the Synology. Reviewing the different .opvm files showed: New from config generator tls-crypt "tls-crypt.key" auth SHA512 Old tls-auth "ta.key" 1 So I reverted these two lines to the single old one. But I still kept getting a connection failure on the Synology. Finally, I still had a ta.key file from an old run of the config generator, so I used that instead of the tls-crypt.key file. And lo, my Synology was now connecting correctly. My concern is, having changed those two lines to tls-auth "ta.key" 1 and using the old ta.key file, does this have a negative effect on my security. Would anyone care to wade in on whether there is a negative impact, or if I coulkd have done anything better. Thank you Quote Share this post Link to post
Staff 9761 Posted ... @TToD Hello! To clarify, be aware that europe.vpn.airdns.org will resolve into entry-IP address 1 of some VPN server in Europe. Entry-IP address 1 accepts only TLS Auth. You must have europe3.vpn.airdns.org for TLS Crypt with tls-crypt.key, and europe.vpn.airdns.org for TLS Auth and ta.key. TLS Crypt encrypts completely the whole OpenVPN Control Channel and therefore it is superior in its ability to bypass specific blocks against OpenVPN when TLS Auth may fail. Kind regards Quote Share this post Link to post
TToD 1 Posted ... 21 minutes ago, Staff said: @TToD Hello! To clarify, be aware that europe.vpn.airdns.org will resolve into entry-IP address 1 of some VPN server in Europe. Entry-IP address 1 accepts only TLS Auth. You must have europe3.vpn.airdns.org for TLS Crypt with tls-crypt.key, and europe.vpn.airdns.org for TLS Auth and ta.key. TLS Crypt encrypts completely the whole OpenVPN Control Channel and therefore it is superior in its ability to bypass specific blocks against OpenVPN when TLS Auth may fail. Kind regards Thank you for that. Yet when configuring with tls-crypt.key and using remote europe3.vpn.airdns.org 443 (basically just using everything supplied by the config generator unchanged) my synology kept getting connection failure messages. So, while TLS Crypt provides better security than TLS Auth, have the changes I made compromised the security I previously had (given that previously it was also TLS Auth)? From what you said, I would prefer to run TLS Crypt if I could get it to work on my Synology. Quote Share this post Link to post
Staff 9761 Posted ... @TToD Hello! Please feel free to open a ticket and the support team will examine the problem and suggest a possible solution. Make sure to include the OpenVPN log showing the connection attempt failure. On the client side TLS Crypt improves ability to circumvent blocks because in the first phase of the TLS negotiation the "client hello" and the "server hello" are already encrypted by the pre-shared TLS key, therefore the OpenVPN initialization remains hidden from the ISP. All the other steps are the same. You have no urgent reason to switch to TLS Crypt since your ISP does not block OpenVPN. Kind regards Quote Share this post Link to post
bbqsquirrel 0 Posted ... (edited) Having same problem as the user above. I have had AirVPN setup on my Synology for multiple years and it has been working flawlessly. 5 days ago it stopped working and I cannot get it to reconnect no matter what I do. I've followed all the instructions here to the T and also still have my previous VPN configs that were workig fine for years and now it is not connecting. What happened? EDIT: OKAY I FIGURED IT OUT. Follow the original guide but pay close attention to which protocol you're picking in the config generator. The top options are now UDP 443, look at the Specs column, it says " tls-crypt, tls1.2". This will NOT work. Scroll down a bit half way through the list of available options (You will have to enable the "advanced" toggle at the very top of the page). Scroll down so you see UDP 443 (or whatever else you prefer), there will be repeated ports and protcols but the specs column now says " tls-auth, for 2.3 " . That's the one you want. This will give you the ta.key that you need to import. Edited ... by bbqsquirrel Quote Share this post Link to post
Mikeyy 48 Posted ... Finally upgraded to DSM 7.2.1 so I edited first post with your comments. Adapted it to new AirVPN config generator look. Also added last part if you want to have faster connection to AirVPN. 1 Staff reacted to this Quote Share this post Link to post