Jump to content
Not connected, Your IP: 3.144.255.247
Mikeyy

How-to: AirVPN on Synology DSM6 and DSM7 complete guide

Recommended Posts

Hello all,

 

This is collection from different tutorials which I will refer here, but usually changed  since some things changed.

 

Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails.

Other contributions:

foobar666 - you no longer need to enter variables manually

_sinnerman_ - fixed script for DS 6.1

 

I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others.

 

1. Get your certificates from AirVPN.

Go to the  https://airvpn.org/generator/ page to generate the configuration file.

 

(1) SELECT the Advanced Mode (under "Config generator" title image.png.8e78849820758b5e78429050c67c2a73.png)

(2) SELECT LINUX OS


(3) Under "Protocols" section select one with protocol UDP, port 443 and tls-auth in the right column (at the time of writing, it was in middle of the list). You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. Don't choose any combination which has tls-crypt in the right column.

(4) Under "Advanced - OpenVPN only" section (right part of page), toggle "Separate keys/certs from .ovpn file" button and change/leave OpenVPN version to 2.5 (This works in DSM 7.2.1. For older versions you will maybe have to select OpenVPN version 2.4).


(5) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT

In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection.

 

(6) Click "GENERATE" at the bottom.

 

(7) Page will reload with links on top to your files, save them to you computer. Following files will be generated:

-AirVPN_XXXXX_UDP-443.ovpn

-ca.crt

-user.crt

-user.key

-ta.key

 

2. Setup AirVPN on Synology.

 

- Login as admin or with user from Administrator group.

- Open Control panel.

- Go "Network" and click on tab "Network Interface"

- Click on button "Create" - "Create VPN profile"

- Choose "OpenVPN (via importing .ovpn file)"

     - Click "Advanced options" so it shows all options

          - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN".

          - User name: LEAVE EMPTY (for DSM 7+ just put anything here)

          - Password: LEAVE EMPTY (for DSM 7+ just put anything here)

          - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn

          - CA certificate: click button and import your ca.crt

          - Client certificate: click button and import your user.crt

          - Client key: click button and import your user.key

          - Certificate revocation: LEAVE EMPTY

          - TLS-auth key: click button and import your ta.key

     - Click "Next"

     - Select all options and click "Done"

 

Now you have working OpenVPN link on your Synology. You just need to start it from "Control panel" - "Network" - "Network Interface".

If you want to make your connection faster, you can remove some ciphers.
Look for this line in .ovpn file:

data-ciphers AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC

And change it to this:

data-ciphers AES-128-GCM

Then save file and create new connection with it.
After some testing I found out AES-128-GCM is fastest from all other mentioned in settings. You can also test other ciphers your self and leave one you find fastest.
 

EXTRAS!!!

 

3. Setting up external access to your Synology.

First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!"

I will not explain port fowards on your router here, if you don't know how to make one, learn!

 

(1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things.

 

(2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution!

- Access "Control panel" - "Network" - "General"

- Click "Advanced Settings" button

- Mark "Enable multiple gateways" and click "OK" and then "Apply"

 

You're done! It's working now (if you forwarded good ports on your router).

 

4. Prevent leaks when VPN connection on Synology fails.

There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level.

For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router.

 

Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code.

 

- Login to your router (usually just by entering 192.168.1.1 into your browser, if your IP is different, find out which is your gateway IP).

- Click on "Administration"

- Click on "Scripts"

- Choose tab "Firewall"

 

For Shibby v129 for ARM and later (iptables 1.4.x) us this:

#Use this order of commands because it executes in reverse order.
#This command will execute last, it kills all UDP requests.
iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT
#This command will execute second and will block all TCP source ports except those needed for web access or services
iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport ! --sports 5000,5001,6690 -j REJECT
#This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP
iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT
For earlier Shibby versions and later for MIPS routers:
#Use this order of commands because it executes in reverse order.
#This command will execute last, it kills all UDP requests.
iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT
#This command will execute second and will block all TCP source ports except those needed for web access or services
iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport --sports ! 5000,5001,6690 -j REJECT
#This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP
iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT
Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default)

Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default)

Port TCP 6690 = Cloud Station port

Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line.

If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127.

Change IP 192.168.1.100 to your Synology LAN IP.

 

Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase.

 

If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this:

iptables -I FORWARD -p udp -s 192.168.1.100 -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT
Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router.

 

These are all my opinions, from my very limited knowledge, which may be right and may be wrong.

 

5. Auto reconnection when VPN is down.

Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails.

But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working.

In those cases you can use this auto reconnect script.


This is reconnect script. Just select all script text and copy it.

#VPN Check script modified Sep 11, 2016
#Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP.
#If VPN is not up it will report it in the log file and start it
#Change LogFile path to your own location.
#Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect"
#Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 *   *   *   *   root    /volume1/shared_folder_name/your_path/synovpn_reconnect"
#After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond"

#!/bin/sh
DATE=$(date +"%F")
TIME=$(date +"%T")
VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]")
VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=")
LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log"
PUBIP=$(curl -s -m 5 icanhazip.com)
#PUBIP=$(curl -s -m 5 ipinfo.io/ip)
#PUBIP=$(curl -s -m 5 ifconfig.me)
CHECKIP=$(echo $PUBIP | grep -c ".")

start_vpn()
{
	echo "VPN is down. Attempting to (re)start now." >> $LogFile
#	/usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME
	/usr/syno/bin/synovpnc kill_client
	/bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null
	sleep 35
	echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting
	echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting
	echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting
	echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting
	/usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile
}

sleep 6
echo "======================================" >> $LogFile
echo "$DATE $TIME" >> $LogFile
if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"
then
	if  [ "$CHECKIP" == 1 ]
	then
		IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
		RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
		TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}')		
		UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
        UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")
		echo "VPN is up since: $UPTIME" >> $LogFile
		echo "Session Data RX: $RXDATA" >> $LogFile
		echo "Session Data TX: $TXDATA" >> $LogFile
		echo "VPN IP is: $IPADDR" >> $LogFile
		echo "WAN IP is: $PUBIP" >> $LogFile
	else
		start_vpn
	fi
else
	start_vpn
fi
exit 0
 

(1) Login to you Synology DSM web interface as admin.

     - As admin go to "Control panel" - "Task Scheduler" (you need to enable advanced mode in top right corner of control panel for this)

     - Click "Create" button near top of page, then select "Scheduled Task" and then "User-defined script"

 

(2) New popup window will open.
     - under "Task:" enter task name
     - under "User:" select "root" if it's not already selected
     - switch to "Schedule" tab and select how often you want this task to run, my settings are:
        - "Run of following days" - "Daily"
        - "First run time" - 00:00
        - "Frequency" - "Every 10 minutes"
        - "Last run time" - 23:50
     - switch to "Task settings" tab
     - paste script you copied into empty box under "User-defined script" title
     - press OK and you're done


I tested this on DSM 6.2.2 and it works without problems for now. Still, I'm keeping old instructions in next post, if someone wants to do it like that.
 

Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script.

 

That's all. If you entered everything correctly, you should be fine and ready to go!

Comments are welcome. If you find mistakes, please correct me.

Share this post


Link to post

This is just part of old tutorial. It still works same as new tutorial above, I just wanted to simplify it to people so they don't have to use Putty, vi, edit crontab etc.
 

5. Auto reconnection when VPN is down.

Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails.

But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working.

In those cases you can use this auto reconnect script.


This is reconnect script. Save it in file named whatever you want. I'm using file name "synovpn_reconnect". All instructions how to use it are inside script in comments, but I will repeat them in this post also.

#VPN Check script modified Sep 11, 2016
#Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP.
#If VPN is not up it will report it in the log file and start it
#Change LogFile path to your own location.
#Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect"
#Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 *   *   *   *   root    /volume1/shared_folder_name/your_path/synovpn_reconnect"
#After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond"

#!/bin/sh
DATE=$(date +"%F")
TIME=$(date +"%T")
VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]")
VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=")
LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log"
PUBIP=$(curl -s -m 5 icanhazip.com)
#PUBIP=$(curl -s -m 5 ipinfo.io/ip)
#PUBIP=$(curl -s -m 5 ifconfig.me)
CHECKIP=$(echo $PUBIP | grep -c ".")

start_vpn()
{
	echo "VPN is down. Attempting to (re)start now." >> $LogFile
#	/usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME
	/usr/syno/bin/synovpnc kill_client
	/bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null
	sleep 35
	echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting
	echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting
	echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting
	echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting
	/usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile
}

sleep 6
echo "======================================" >> $LogFile
echo "$DATE $TIME" >> $LogFile
if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"
then
	if  [ "$CHECKIP" == 1 ]
	then
		IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
		RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
		TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}')		
		UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
        UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")
		echo "VPN is up since: $UPTIME" >> $LogFile
		echo "Session Data RX: $RXDATA" >> $LogFile
		echo "Session Data TX: $TXDATA" >> $LogFile
		echo "VPN IP is: $IPADDR" >> $LogFile
		echo "WAN IP is: $PUBIP" >> $LogFile
	else
		start_vpn
	fi
else
	start_vpn
fi
exit 0
 

(1) Enable SSH on your Synology if you didn't already.

     - As admin go to "Control panel" - "Terminal & SNMP" (you need to enable advanced mode in top right corner of control panel for this)

     - Check "Enable SSH service"

     - Click "Apply"

 

(2) Save script above in file "synovpn_reconnect". Make sure to save it in UNIX UTF8, not windows. You can do that on windows with Notepad++, just open file with Notepad++, click "Encoding" - "Convert to UTF-8 without BOM" and them save file.

 

(3) Edit script variables so it works for your system. You only need to edit this part:

 

LogFile="/volume1/video/Backup/airvpn/check_airvpn_$DATE.log"
 

Thanks to foobar666, you no longer need to enter VPNID or VPNNAME, it will detect them automatically.

Now you only need to change your LogFile variable to match your wishes.

After you finish editing script, save it.

 

(4) Move or copy "synovpn_reconnect" to your Synology shared drive. Doesn't matter which, just be sure to know full path to it. If you only have 1 volume/drive, with multiple shared folders, your path should look similar to this:

/volume1/shared_folder_name/your_path/
So for example, if you keep your files in default CloudStation folder, your path should look something like this:
/volume1/home/your_username/CloudStation/
You can also do all this with VI, check original tutorial for that.

 

(5) Now use Putty if you are on windows, or your terminal on linux, to access your Synology via SSH. I will not tutor you how to do that, learn.

admin@192.168.1.100 or username@192.168.1.100 + password, or whatever your Syno LAN IP is.

 

(6) Now type this into Putty/terminal:

sudo chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect
You need to chmod it to be executable. You will notice I use "sudo". It's because my admin username isn't default "admin". If you are using default "admin" user, then you probably don't need sudo.

 

(7) Setup cron so it automatically starts your script every X minutes / hours / days.

To setup it enter this:

vi /etc/crontab
And then press "i" to enter editing mode. Go to last line, and start new line with this:
*/10 *   *   *   *   root    /volume1/shared_folder_name/your_path/synovpn_reconnect
Note that those ARE NOT spaces, those are TABS. This will start your script every 10 minutes. Change to whatever you want.

Then press ESC key, and then type:

:wq
To exit VI and save file.

 

After that type:

/usr/syno/sbin/synoservicectl --restart crond
To restart cron (or restart your Synology).

 

Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script.

Share this post


Link to post

First of all: Thanks a lot for your great work, Mikeyy!

 

I followed your instructions to set up a vpn client by using the ovpn file.

There's one strange thing: When the DSM is rebooted the client starts automatically, but it does not fully establish the routing table.

I have to stop it and start it again to get it work. --> pics left to right.
 


 

Any ideas what the reason could be?

 

Greets


 

Share this post


Link to post

Yes, this happens to me also, but I didn't notice it until now since I almost never reboot my NAS, and I have reconnect script which detects that VPN isn't working and restart it.

I think this is Synology VPN implementation bug, it should be reported to them. Hopefully they can fix it in new updates.

Share this post


Link to post

Hi Mikeyy,

hope they will fix it.

I found a workaround which fixes the problem for me.

I deleted those three lines in client_oxxxxxxx file:

 

up /usr/syno/etc.defaults/synovpnclient/scripts/ovpn-up

route-up /usr/syno/etc.defaults/synovpnclient/scripts/route-up

plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down

 

Now the client starts and connects at startup without any problems.

 

It now looks like this:

 

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Tuesday 12th of July 2016 03:54:03 PM
# OpenVPN Client Configuration.
# AirVPN_xxxxxxxxxxxx_xxxxxxx_UDP-443
# --------------------------------------------------------

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 443
script-security 2
redirect-gateway
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
verb 3
explicit-exit-notify 5
rcvbuf 262144
sndbuf 262144

ca ca_oxxxxxxxxxx.crt
key client_key_oxxxxxxxxxx.key
cert client_crt_oxxxxxxxxxx.crt
tls-auth ta_oxxxxxxxxxx.key

 

 

 

Greets

Share this post


Link to post

Great stuff Mikeyy.  I made a couple of minor tweaks to your script so you no longer have to specify the VPN name or id plus it will start the VPN if it's off.  The name/id are parsed from the ovnpclient.conf and if the VPN wasn't established (such as boot time) the UPTIME "grep" would hang since the RXDATA would be empty. 

 

 

 

#VPN Check script modified Aug 5, 2016
#Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP.
#If VPN is not up it will report it in the log file and start it
#Change VPNID and VPNNAME to yours. SSH into Synology and run "cat /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf" to see your values.
#Change LogFile path to your own location.
#Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in "/usr" folder of your Synology and chmod it: "chmod +x /usr/synovpn_reconnect"
#Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 *   *   *   *   root    /usr/synovpn_reconnect"
#After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond"

#!/bin/sh
DATE=$(date +"%F")
TIME=$(date +"%T")
VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]")
VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=")
LogFile="/volume1/video/Backup/airvpn/check_airvpn_$DATE.log" IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') PUBIP=$(curl -s -m 5 icanhazip.com) CHECKIP=$(echo $PUBIP | grep -c ".") #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}')
if [[ -z $RXDATA ]]; then
    UPTIME=""
else
    UPTIME=$(grep $IPADDR /var/log/synolog/synosys.log | awk '{print $2" "$3}'|tail -1)
fi
start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0

Share this post


Link to post

 

VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]")
VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=")

 

Wow, good idea! Will add it.

Not sure why you added other part? If VPN is off, current script will start it (when cronjob runs). If VPN is ON, but it's in error state (not letting traffic trough) it will kill VPN and start it again.

 

EDIT: Added your contribution to tutorial. Changed some parts of tutorial. You no longer need to copy script to /usr/ folder. It's better if it stays in shared folder of your choice since there it will survive system upgrades.

Share this post


Link to post

Oh maybe there's a better way.  When I ran the script the first time, the vpn was disconnected and the script would just hang.  Took me a bit of time to debug it to find the UPTIME=... the culprit.  At the very least, if IPADDR isn't set the script should log it and exit since otherwise it just hangs (since the grep is waiting for stdin if IPADDR is empty).

 

Not sure why you added other part? If VPN is off, current script will start it (when cronjob runs). If VPN is ON, but it's in error state (not letting traffic trough) it will kill VPN and start it again.

EDIT: Added your contribution to tutorial. Changed some parts of tutorial. You no longer need to copy script to /usr/ folder. It's better if it stays in shared folder of your choice since there it will survive system upgrades.

Share this post


Link to post

Hi,

 

I have followed this guide and tried both a specific netherlands server and netherlands in general but the DSM keeps returning error (in screenshot).

 

Can someone please help me?

 

I am not sure where i can find more detailed logs in the synology so please assist with this if this will help getting it resolved.

 

Thank you in advance

Share this post


Link to post

I think I saw that error some time ago, when I was using 1 year or more old certificates for AirVPN.

 

Did you upgrade your DSM to latest 6+ version?

Did you get new certificates and ovpn file from airvpn?

Be sure to imput them at correct place.

Is your AirVPN membership active?

 

If you are using DSM <6 (5.2, 5.1, 5.0, 4...) then you need to ssh and copy certificates and keys manually.

Just delete VPN from Synology interface, try restart, and do everything from beginning.

 

 

 

Oh maybe there's a better way.  When I ran the script the first time, the vpn was disconnected and the script would just hang.  Took me a bit of time to debug it to find the UPTIME=... the culprit.  At the very least, if IPADDR isn't set the script should log it and exit since otherwise it just hangs (since the grep is waiting for stdin if IPADDR is empty).

 

I see what you mean. That never happened to me. Script always starts VPN if it's not started, but I managed to reproduce it by just using those variables in script, without anything else.

Thank you for find, I just moved those variables further down to one of IFs, so they will be called only when VPN is up for sure. Hope that solves it for you also.

Share this post


Link to post
I followed the latest instructions to set up a vpn client There's just one small thing: When the DSM is rebooted and I check the vpnconnection it say connected but there’s no traffic movement. but if I go into control panel network interface and disconnect the vpn connect then reconnect it, it works. Also I can disconnect it from client area and it will reconnect but still no traffic movement

 

 

Latest DM6……

Sorry no logs

What am I doing wrong??????

Share this post


Link to post

Hi Mikeyy,

 

thanks to your excellent manual I've setup VPN on my DS. The VPN started, but nothing is routed over it. As a test I downloaded something via a newsserver with Downloadstation. But according to the Network Interface the amount of sent and received bytes stays at zero. And in my AirVPN the traffic also stays at 12/13 Kb received/sent.

 

Any idea?

 

p.s. I am on DSM 6.1 beta with active airvpn membership. During install there was no option to compress data on the VPN. I still can connect to the webinterface of my DS without implementing 3.1.

Share this post


Link to post

Hi Mikeyy, sorry for the delay. Before your answer I did figure out a restart myself. And that got things going. But my forum message was still not approved, so I couldn't alter it. 

 

So in the end I managed to download stuff via DS Get via VPN. But all of my webservices were not reachable anymore. I read about that before hand, but thought a bit too optimisticly. After reading up on it, I got scared whether I would be able to have a VPN and run my webservices at the same time. 

 

I would need passthrough of:

-torrents

-IMAP 

-SMTP

-POP3

-webinterface of synology

To be honest I am afraid that I am not capable enough to make all those things work.

Share this post


Link to post

Hi Mikeyy, sorry for the delay. Before your answer I did figure out a restart myself. And that got things going. But my forum message was still not approved, so I couldn't alter it. 

 

So in the end I managed to download stuff via DS Get via VPN. But all of my webservices were not reachable anymore. I read about that before hand, but thought a bit too optimisticly. After reading up on it, I got scared whether I would be able to have a VPN and run my webservices at the same time. 

 

I would need passthrough of:

-torrents

-IMAP 

-SMTP

-POP3

-webinterface of synology

 

To be honest I am afraid that I am not capable enough to make all those things work.

 

Take a look at 3rd point in my tutorial.

After you do that, you need to forward ports on your router, but if that worked before, I guess you already forwarded your ports.

 

Then you only need to connect to your REAL IP (IP given by your ISP), not AirVPN IP address and it will work.

Share this post


Link to post

Hi Mikeyy, sorry for the delay. Before your answer I did figure out a restart myself. And that got things going. But my forum message was still not approved, so I couldn't alter it. 

 

So in the end I managed to download stuff via DS Get via VPN. But all of my webservices were not reachable anymore. I read about that before hand, but thought a bit too optimisticly. After reading up on it, I got scared whether I would be able to have a VPN and run my webservices at the same time. 

 

I would need passthrough of:

-torrents

-IMAP 

-SMTP

-POP3

-webinterface of synology

 

To be honest I am afraid that I am not capable enough to make all those things work.

 

 

I just started tinkering with VPN on my Synology as well. I have set it up succesfully using the above guide. But I have some connections that need to go around the VPN as well (mainly SSL connections to usenet servers). I have created a passthrough by adding static routes to the routing table in the Synology configuration that explicitly go to the specific usenet server (ranges). This seems to work quite well, but of course is not useful if the IP address of the destination servers do change.

Share this post


Link to post

Hi,

 

I have followed this guide and tried both a specific netherlands server and netherlands in general but the DSM keeps returning error (in screenshot).

 

Can someone please help me?attachicon.gifScreen Shot 2016-09-11 at 15.25.46.png

 

I am not sure where i can find more detailed logs in the synology so please assist with this if this will help getting it resolved.

 

Thank you in advance

I had the same error in the begin but when I select direct udp during making the confige files. and imported it again. Then it will connect well. I just wonder if I have to do more steps before I can use Sonarr for example.

Share this post


Link to post

But I have some connections that need to go around the VPN as well (mainly SSL connections to usenet servers). I have created a passthrough by adding static routes to the routing table in the Synology configuration that explicitly go to the specific usenet server (ranges). This seems to work quite well, but of course is not useful if the IP address of the destination servers do change.

 

Can you describe what you did to achieve this. Im in the same boat, and want some connections / services to route outside vpn. Mainly my usenet nzbget client and tvheadend server for example

Share this post


Link to post

I'm afraid you have same problem as kiwi in this post.

This is Synology bug and I reported it to them so hopefully they will fix it. Just manualy disconnect and connect again.

 

Hi, did you ever hear back from Synology? I have this same issue with the latest DSM.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...