Jump to content
Not connected, Your IP: 54.211.135.32
Mikeyy

How-to: AirVPN on Synology DS6 complete guide

Recommended Posts

 

I'm afraid you have same problem as kiwi in this post.

This is Synology bug and I reported it to them so hopefully they will fix it. Just manualy disconnect and connect again.

 

Hi, did you ever hear back from Synology? I have this same issue with the latest DSM.

 

Yes, they asked for my login info for AirVPN so they can test it. I said no, I can't give you my login info, and all conversation ended there.

 

This only seems to work for ipv4. I don't see anything in the ipv6 routing table for the VPN. Is ipv6 also possible?

 

Don't know. I have no way of testing it.

Share this post


Link to post

 

This only seems to work for ipv4. I don't see anything in the ipv6 routing table for the VPN. Is ipv6 also possible?

 

Don't know. I have no way of testing it.

 

I think this config does not affect ipv6 at all -- so just a warning for others: you might have ipv6 traffic leaking around the VPN.

Share this post


Link to post

 

But I have some connections that need to go around the VPN as well (mainly SSL connections to usenet servers). I have created a passthrough by adding static routes to the routing table in the Synology configuration that explicitly go to the specific usenet server (ranges). This seems to work quite well, but of course is not useful if the IP address of the destination servers do change.

Can you describe what you did to achieve this. Im in the same boat, and want some connections / services to route outside vpn. Mainly my usenet nzbget client and tvheadend server for example

Anyone knows howto achieve this?

Share this post


Link to post

Regarding your reconnection script. This line does not work for me since the latest DSM update:

 

UPTIME=$(grep $IPADDR /var/log/synolog/synosys.log | awk '{print $2" "$3}'|tail -1)

 

The synosys.log file no longer exists. I've replaced this line with the following:

 

UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")

Share this post


Link to post

I'm unable to perform step (5) Click on the ZIP button in order to download the AIRVPN configuration files as the configuration generator doesn't have a "ZIP" button.  it has a "Generate" button but that does not produce a zip file but a `.ovpn` file and I can't seem to find the rest of the files.  help?

Share this post


Link to post

 

Regarding your reconnection script. This line does not work for me since the latest DSM update:

 

UPTIME=$(grep $IPADDR /var/log/synolog/synosys.log | awk '{print $2" "$3}'|tail -1)

 

The synosys.log file no longer exists. I've replaced this line with the following:

 

UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")

 

Thank you, added in first post!

I just switched to 6.1 so didn't had way to test before.

Share this post


Link to post

Hi,

 

I have also followed this guide, which works great. I have done the first 3 points. I was wondering how it works when not in the LAN.

When I use my laptop or phone outside my own network and go to the video station, it all works fine. But when I try to pass a video to a chromecast at a friends house, it does not work when I have the VPN on. When I turn it off, it does work. Does anybody have an idea on how to make this work?

 

Kind regards,

 

EDIT: I get the error: "Unkown error". So not a lot to begin with. But my guess is that casting to the chromecast while on VPN gives some kind of trouble. 

Share this post


Link to post

3rd point covers external access.

 

If it's working from inside of LAN and outside of LAN on your laptop, then everything is working correctly. There must be some other kind of problems with chromecast, maybe different ports, bad ssl certificates etc.

Share this post


Link to post

Yeah I have done the 3rd point. Bot inside and outside LAN works on laptop and phone, Chromecast does not work outside LAN. Haven't tested the Chromecast inside the LAN as I do not have one. So keep this in mind when you plan to use a Chromecast ouside the LAN. I do not do it regularly, so its not a big problem. For those looking for a solution, on the Apple TV gen 4 you can install DS Video. Then you can still have an easy way of streaming to a TV outside your network.

Share this post


Link to post
Good day to all!

I did everything according to your instructions and everything works fine except for the script reconnecting the VPN when connection is broken.

Sinology 918+

DSM 6.2-23739 Update 2

Does the connection repair script work for everyone?

 

after command: 


root@Synology_NAS:~# /volume2/Test/synovpn_reconnect

/volume2/Test/synovpn_reconnect: line 8: $'\r': command not found

/volume2/Test/synovpn_reconnect: line 19: $'\r': command not found

/volume2/Test/synovpn_reconnect: line 20: syntax error near unexpected token `$'\r''

'volume2/Test/synovpn_reconnect: line 20: `start_vpn()

 

Sorry ... it was my mistakes. I create new file and edit it with VI and now everything working!!!!

Share this post


Link to post

Hello,

I've connected my synology to airvpn and everything is ok.

I use my synology as a proxy for my internal network.

The certificate in the synology is the standart self-signed certificate.

I've configure Windows 10 to use this syno as a proxy.

I've configured Firefox to use the computer proxy settings to connect to internet.

When I try to reach a website (anyone), I've got HSTS error. No exception is possible. Simply no connection. I must connect without proxy to access to internet.

Any clue or solution please ? I'm not a computer specialist so please, be pedagogue. Thanks.

Share this post


Link to post

You'll have to search for help on synology forum or contact synology support for that. Routing your internet trough NAS which is connected to VPN is another cup of tea.

Share this post


Link to post

Hi All, I"ve made some changes to the re-connection script, which might be useful to others. Mainly, I added the "The VPN is stalled" section. I found that with the original script the VPN connection could become "stallled" -- it was up according to Synology, but not working. In this case, the script could not find a public IP. My changes resolves this by restarting the tunnel in this case.
 

#VPN Check script modified Sep 11, 2016
#Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP.
#If VPN is not up it will report it in the log file and start it
#Change LogFile path to your own location.
#Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect"
#Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 *   *   *   *   root    /volume1/shared_folder_name/your_path/synovpn_reconnect"
#After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond"

#!/bin/sh

#exit 0

DATE=$(date +"%F")
TIME=$(date +"%T")
VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]")
VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=")
LogFile="/volume1/shared/Synology/vpn-reconnect-$DATE.log"
PUBIP=$(curl -s -m 10 icanhazip.com)
FOUNDPUBIP=$(echo $PUBIP | grep -c ".")

TEST=0
if [ $TEST -eq 1 ]; then
	LogFile="/dev/fd/1"
fi

start_vpn()
{
	if [ $TEST -eq 0 ]; then
		/usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME
		echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting
		echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting
		/usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile
	fi
}

echo "======================================" >> $LogFile
echo "$DATE $TIME" >> $LogFile

if /sbin/ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"
then
	VPNIP=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
	
    if  [ "$FOUNDPUBIP" = "1" -a "$VPNIP" = "$PUBIP" ]; then
		# The VPN is up, but the public IP is the same, so restart
		echo "Public and VPN IPs match. Attempting to (re)start VPN." >> $LogFile
		echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
		start_vpn
	elif [ "$FOUNDPUBIP" = "0" ]; then
		# The VPN is stalled (no public IP)
		echo "VPN is stalled. Attempting to (re)start now." >> $LogFile
		start_vpn
    else
        RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
        TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') 
		UPTIME=$(cat /var/log/messages | grep "$VPNIP" | awk '{print $1}' | tail -1)
        UPTIME=$(date --date="$UPTIME" +"%Y-%m-%d %H:%M:%S")
        echo "VPN is up since: $UPTIME" >> $LogFile
        echo "Session Data RX: $RXDATA" >> $LogFile
        echo "Session Data TX: $TXDATA" >> $LogFile
        echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
    fi
else
	# There's no VPN connection at all
	echo "VPN is stopped. Attempting to (re)start now." >> $LogFile
    start_vpn
fi

exit 0

Share this post


Link to post
16 hours ago, _sinnerman_ said:

Hi All, I"ve made some changes to the re-connection script, which might be useful to others. Mainly, I added the "The VPN is stalled" section. I found that with the original script the VPN connection could become "stallled" -- it was up according to Synology, but not working. In this case, the script could not find a public IP. My changes resolves this by restarting the tunnel in this case.
 

Hello @_sinnerman_, let me comment on some parts of code.
 
TEST=0
if [ $TEST -eq 1 ]; then
	LogFile="/dev/fd/1"
fi

start_vpn()
{
	if [ $TEST -eq 0 ]; then
		/usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME
		echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting
		echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting
		/usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile
	fi
}
What is this used for?
As far as I can see, $TEST is always 0 here, it will never trigger. I guess that was your private code for log suppresion.
 
if /sbin/ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"
then
	VPNIP=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
	
    if  [ "$FOUNDPUBIP" = "1" -a "$VPNIP" = "$PUBIP" ]; then
		# The VPN is up, but the public IP is the same, so restart
		echo "Public and VPN IPs match. Attempting to (re)start VPN." >> $LogFile
		echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
		start_vpn
	elif [ "$FOUNDPUBIP" = "0" ]; then
		# The VPN is stalled (no public IP)
		echo "VPN is stalled. Attempting to (re)start now." >> $LogFile
		start_vpn
    else
        RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
        TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') 
		UPTIME=$(cat /var/log/messages | grep "$VPNIP" | awk '{print $1}' | tail -1)
        UPTIME=$(date --date="$UPTIME" +"%Y-%m-%d %H:%M:%S")
        echo "VPN is up since: $UPTIME" >> $LogFile
        echo "Session Data RX: $RXDATA" >> $LogFile
        echo "Session Data TX: $TXDATA" >> $LogFile
        echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
    fi
else
	# There's no VPN connection at all
	echo "VPN is stopped. Attempting to (re)start now." >> $LogFile
    start_vpn
fi
I see you changed quite few things here, but most of it was already covered in original script. Even that VPNTUNNEL hang when VPN is connected, but you can't establish connection.
Only new code I see here is:
 
if  [ "$FOUNDPUBIP" = "1" -a "$VPNIP" = "$PUBIP" ]; then
		# The VPN is up, but the public IP is the same, so restart
		echo "Public and VPN IPs match. Attempting to (re)start VPN." >> $LogFile
		echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
		start_vpn
Can you please explain what exactly does this do and why? I can read code, but not really sure why you are comparing VPNIP with PUBLICIP. Can you please elaborate on that.
Is VPNIP internal IP or external?
If it's external, then PUBIP will match VPNIP every time VPN is connected. If it's internal, it should never match. That's why I'm confused. :)






 

Share this post


Link to post

Hi @Mikeyy,

I moved things around a little, and changed a couple of variable names, but the only new section I recently added is the one that checks for a "stall".

elif [ "$FOUNDPUBIP" = "0" ]
I don't remember adding the section you quote... I guess I could have a long time ago, but are you sure that it was not in an earlier version of the public code? Maybe I was just being paranoid and making sure that I really had a VPN exit IP (i.e., it is different from the public IP).

Actually, now that I look at the original code, perhaps the "stalled" code is not necessary at all, and the original would have taken care of this case.

Yes, the use of $TEST is just to redirect logging to stdout and skip the restart code while debugging the logic.

Share this post


Link to post
@_sinnerman_

Yes, original code covers situations when VPN tunnel is active, but you can't access internet.
if  [ "$CHECKIP" == 1 ]
	then
		IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
		RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
		TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}')		
		UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
		UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")
		echo "VPN is up since: $UPTIME" >> $LogFile
		echo "Session Data RX: $RXDATA" >> $LogFile
		echo "Session Data TX: $TXDATA" >> $LogFile
		echo "VPN IP is: $IPADDR" >> $LogFile
		echo "WAN IP is: $PUBIP" >> $LogFile
	else
		start_vpn
	fi
As you can see, if valid public IP is detected then it just reports data, ELSE restarts VPN.

But problem is, sometimes script can't restart VPN connection. Not sure why.
Script detects problem, and tries to restart VPN (it tries over and over again), but can't manage. Only way around it is to manually via GUI click on "Disconnect" and then "Connect".
Don't know how to find what's problem.



 

Share this post


Link to post
19 hours ago, Mikeyy said:
@_sinnerman_
But problem is, sometimes script can't restart VPN connection. Not sure why.
Script detects problem, and tries to restart VPN (it tries over and over again), but can't manage. Only way around it is to manually via GUI click on "Disconnect" and then "Connect".
Don't know how to find what's problem.

This has never happened to me. I'm on the lastest DSM, but I assume you are too?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...