How-to: AirVPN on Synology DSM6 and DSM7 complete guide

[kjbxcrzb 3]

This only seems to work for ipv4. I don't see anything in the ipv6 routing table for the VPN. Is ipv6 also possible?

[Mikeyy 49]

 

I'm afraid you have same problem as kiwi in this post.

This is Synology bug and I reported it to them so hopefully they will fix it. Just manualy disconnect and connect again.

 

Hi, did you ever hear back from Synology? I have this same issue with the latest DSM.

 

Yes, they asked for my login info for AirVPN so they can test it. I said no, I can't give you my login info, and all conversation ended there.

 

This only seems to work for ipv4. I don't see anything in the ipv6 routing table for the VPN. Is ipv6 also possible?

 

Don't know. I have no way of testing it.

[kjbxcrzb 3]

 

This only seems to work for ipv4. I don't see anything in the ipv6 routing table for the VPN. Is ipv6 also possible?

 

Don't know. I have no way of testing it.

 

I think this config does not affect ipv6 at all -- so just a warning for others: you might have ipv6 traffic leaking around the VPN.

[steef84 1]

 

But I have some connections that need to go around the VPN as well (mainly SSL connections to usenet servers). I have created a passthrough by adding static routes to the routing table in the Synology configuration that explicitly go to the specific usenet server (ranges). This seems to work quite well, but of course is not useful if the IP address of the destination servers do change.

Can you describe what you did to achieve this. Im in the same boat, and want some connections / services to route outside vpn. Mainly my usenet nzbget client and tvheadend server for example

Anyone knows howto achieve this?

[kjbxcrzb 3]

Regarding your reconnection script. This line does not work for me since the latest DSM update:

 

UPTIME=$(grep $IPADDR /var/log/synolog/synosys.log | awk '{print $2" "$3}'|tail -1)

 

The synosys.log file no longer exists. I've replaced this line with the following:

 

UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")

[ekkis 1]

I'm unable to perform step (5) Click on the ZIP button in order to download the AIRVPN configuration files as the configuration generator doesn't have a "ZIP" button.  it has a "Generate" button but that does not produce a zip file but a `.ovpn` file and I can't seem to find the rest of the files.  help?

[ekkis 1]

ah.  never mind.  I needed to make a selection under Advanced Options, which I missed.  all good now!

[adfdsfGYYy53 3]

@foobar666

 

Thank you for your contributions. 

 

Your coding is helping to fight for a more bloodless form of revolution than the people of Earth have ever before had at their/our disposal. 

 

How cool is that? 

[kjbxcrzb 3]

Has anyone tried using SSH instead of UDP? I just tried, but it failed to connect. Has anyone been successful?

[Mikeyy 49]

 

Regarding your reconnection script. This line does not work for me since the latest DSM update:

 

UPTIME=$(grep $IPADDR /var/log/synolog/synosys.log | awk '{print $2" "$3}'|tail -1)

 

The synosys.log file no longer exists. I've replaced this line with the following:

 

UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")

 

Thank you, added in first post!

I just switched to 6.1 so didn't had way to test before.

[Synolord 0]

Hi,

 

I have also followed this guide, which works great. I have done the first 3 points. I was wondering how it works when not in the LAN.

When I use my laptop or phone outside my own network and go to the video station, it all works fine. But when I try to pass a video to a chromecast at a friends house, it does not work when I have the VPN on. When I turn it off, it does work. Does anybody have an idea on how to make this work?

 

Kind regards,

 

EDIT: I get the error: "Unkown error". So not a lot to begin with. But my guess is that casting to the chromecast while on VPN gives some kind of trouble. 

[Mikeyy 49]

3rd point covers external access.

 

If it's working from inside of LAN and outside of LAN on your laptop, then everything is working correctly. There must be some other kind of problems with chromecast, maybe different ports, bad ssl certificates etc.

[Synolord 0]

Yeah I have done the 3rd point. Bot inside and outside LAN works on laptop and phone, Chromecast does not work outside LAN. Haven't tested the Chromecast inside the LAN as I do not have one. So keep this in mind when you plan to use a Chromecast ouside the LAN. I do not do it regularly, so its not a big problem. For those looking for a solution, on the Apple TV gen 4 you can install DS Video. Then you can still have an easy way of streaming to a TV outside your network.

[Kurkul 0]

Good day to all!

I did everything according to your instructions and everything works fine except for the script reconnecting the VPN when connection is broken.

Sinology 918+

DSM 6.2-23739 Update 2

Does the connection repair script work for everyone?

 

after command: 

root@Synology_NAS:~# /volume2/Test/synovpn_reconnect

/volume2/Test/synovpn_reconnect: line 8: $'\r': command not found

/volume2/Test/synovpn_reconnect: line 19: $'\r': command not found

/volume2/Test/synovpn_reconnect: line 20: syntax error near unexpected token `$'\r''

'volume2/Test/synovpn_reconnect: line 20: `start_vpn()

 

Sorry ... it was my mistakes. I create new file and edit it with VI and now everything working!!!!

[stephane.meril 0]

Hello,

I've connected my synology to airvpn and everything is ok.

I use my synology as a proxy for my internal network.

The certificate in the synology is the standart self-signed certificate.

I've configure Windows 10 to use this syno as a proxy.

I've configured Firefox to use the computer proxy settings to connect to internet.

When I try to reach a website (anyone), I've got HSTS error. No exception is possible. Simply no connection. I must connect without proxy to access to internet.

Any clue or solution please ? I'm not a computer specialist so please, be pedagogue. Thanks.

[Mikeyy 49]

You'll have to search for help on synology forum or contact synology support for that. Routing your internet trough NAS which is connected to VPN is another cup of tea.

[stephane.meril 0]

Thank you Mikeyy for the advice. Il will see with the support.

What makes me crazy is that I was able to do it before on another synology. But I don't remenber the trick.

[TToD 1]

Please ignore me, I was replying to a post but didn't see that it was old and already responded to :-(

[kjbxcrzb 3]

Hi All, I"ve made some changes to the re-connection script, which might be useful to others. Mainly, I added the "The VPN is stalled" section. I found that with the original script the VPN connection could become "stallled" -- it was up according to Synology, but not working. In this case, the script could not find a public IP. My changes resolves this by restarting the tunnel in this case.
 

#VPN Check script modified Sep 11, 2016
#Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP.
#If VPN is not up it will report it in the log file and start it
#Change LogFile path to your own location.
#Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect"
#Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 *   *   *   *   root    /volume1/shared_folder_name/your_path/synovpn_reconnect"
#After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond"

#!/bin/sh

#exit 0

DATE=$(date +"%F")
TIME=$(date +"%T")
VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]")
VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=")
LogFile="/volume1/shared/Synology/vpn-reconnect-$DATE.log"
PUBIP=$(curl -s -m 10 icanhazip.com)
FOUNDPUBIP=$(echo $PUBIP | grep -c ".")

TEST=0
if [ $TEST -eq 1 ]; then
	LogFile="/dev/fd/1"
fi

start_vpn()
{
	if [ $TEST -eq 0 ]; then
		/usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME
		echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting
		echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting
		/usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile
	fi
}

echo "======================================" >> $LogFile
echo "$DATE $TIME" >> $LogFile

if /sbin/ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"
then
	VPNIP=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
	
    if  [ "$FOUNDPUBIP" = "1" -a "$VPNIP" = "$PUBIP" ]; then
		# The VPN is up, but the public IP is the same, so restart
		echo "Public and VPN IPs match. Attempting to (re)start VPN." >> $LogFile
		echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
		start_vpn
	elif [ "$FOUNDPUBIP" = "0" ]; then
		# The VPN is stalled (no public IP)
		echo "VPN is stalled. Attempting to (re)start now." >> $LogFile
		start_vpn
    else
        RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
        TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') 
		UPTIME=$(cat /var/log/messages | grep "$VPNIP" | awk '{print $1}' | tail -1)
        UPTIME=$(date --date="$UPTIME" +"%Y-%m-%d %H:%M:%S")
        echo "VPN is up since: $UPTIME" >> $LogFile
        echo "Session Data RX: $RXDATA" >> $LogFile
        echo "Session Data TX: $TXDATA" >> $LogFile
        echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
    fi
else
	# There's no VPN connection at all
	echo "VPN is stopped. Attempting to (re)start now." >> $LogFile
    start_vpn
fi

exit 0

[Mikeyy 49]

16 hours ago, _sinnerman_ said:

Hi All, I"ve made some changes to the re-connection script, which might be useful to others. Mainly, I added the "The VPN is stalled" section. I found that with the original script the VPN connection could become "stallled" -- it was up according to Synology, but not working. In this case, the script could not find a public IP. My changes resolves this by restarting the tunnel in this case.
 

Hello @_sinnerman_, let me comment on some parts of code.
 

TEST=0
if [ $TEST -eq 1 ]; then
	LogFile="/dev/fd/1"
fi

start_vpn()
{
	if [ $TEST -eq 0 ]; then
		/usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME
		echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting
		echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting
		echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting
		/usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile
	fi
}

What is this used for?
As far as I can see, $TEST is always 0 here, it will never trigger. I guess that was your private code for log suppresion.
 

if /sbin/ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00"
then
	VPNIP=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
	
    if  [ "$FOUNDPUBIP" = "1" -a "$VPNIP" = "$PUBIP" ]; then
		# The VPN is up, but the public IP is the same, so restart
		echo "Public and VPN IPs match. Attempting to (re)start VPN." >> $LogFile
		echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
		start_vpn
	elif [ "$FOUNDPUBIP" = "0" ]; then
		# The VPN is stalled (no public IP)
		echo "VPN is stalled. Attempting to (re)start now." >> $LogFile
		start_vpn
    else
        RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
        TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') 
		UPTIME=$(cat /var/log/messages | grep "$VPNIP" | awk '{print $1}' | tail -1)
        UPTIME=$(date --date="$UPTIME" +"%Y-%m-%d %H:%M:%S")
        echo "VPN is up since: $UPTIME" >> $LogFile
        echo "Session Data RX: $RXDATA" >> $LogFile
        echo "Session Data TX: $TXDATA" >> $LogFile
        echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
    fi
else
	# There's no VPN connection at all
	echo "VPN is stopped. Attempting to (re)start now." >> $LogFile
    start_vpn
fi

I see you changed quite few things here, but most of it was already covered in original script. Even that VPNTUNNEL hang when VPN is connected, but you can't establish connection.
Only new code I see here is:
 

if  [ "$FOUNDPUBIP" = "1" -a "$VPNIP" = "$PUBIP" ]; then
		# The VPN is up, but the public IP is the same, so restart
		echo "Public and VPN IPs match. Attempting to (re)start VPN." >> $LogFile
		echo "VPN IP is: $VPNIP" >> $LogFile
        echo "Pub IP is: $PUBIP" >> $LogFile
		start_vpn

Can you please explain what exactly does this do and why? I can read code, but not really sure why you are comparing VPNIP with PUBLICIP. Can you please elaborate on that.
Is VPNIP internal IP or external?
If it's external, then PUBIP will match VPNIP every time VPN is connected. If it's internal, it should never match. That's why I'm confused.






 

[kjbxcrzb 3]

Hi @Mikeyy,

I moved things around a little, and changed a couple of variable names, but the only new section I recently added is the one that checks for a "stall".

elif [ "$FOUNDPUBIP" = "0" ]

I don't remember adding the section you quote... I guess I could have a long time ago, but are you sure that it was not in an earlier version of the public code? Maybe I was just being paranoid and making sure that I really had a VPN exit IP (i.e., it is different from the public IP).

Actually, now that I look at the original code, perhaps the "stalled" code is not necessary at all, and the original would have taken care of this case.

Yes, the use of $TEST is just to redirect logging to stdout and skip the restart code while debugging the logic.

[Mikeyy 49]

@_sinnerman_

Yes, original code covers situations when VPN tunnel is active, but you can't access internet.

if  [ "$CHECKIP" == 1 ]
	then
		IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}')
		RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}')
		TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}')		
		UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1)
		UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S")
		echo "VPN is up since: $UPTIME" >> $LogFile
		echo "Session Data RX: $RXDATA" >> $LogFile
		echo "Session Data TX: $TXDATA" >> $LogFile
		echo "VPN IP is: $IPADDR" >> $LogFile
		echo "WAN IP is: $PUBIP" >> $LogFile
	else
		start_vpn
	fi

As you can see, if valid public IP is detected then it just reports data, ELSE restarts VPN.

But problem is, sometimes script can't restart VPN connection. Not sure why.
Script detects problem, and tries to restart VPN (it tries over and over again), but can't manage. Only way around it is to manually via GUI click on "Disconnect" and then "Connect".
Don't know how to find what's problem.



 

[kjbxcrzb 3]

19 hours ago, Mikeyy said:

@_sinnerman_
But problem is, sometimes script can't restart VPN connection. Not sure why.
Script detects problem, and tries to restart VPN (it tries over and over again), but can't manage. Only way around it is to manually via GUI click on "Disconnect" and then "Connect".
Don't know how to find what's problem.

This has never happened to me. I'm on the lastest DSM, but I assume you are too?

[regvpn 0]

Hi

I am trying to setup the Air VPN with download station on Synology NAS 6.x, but it's failing to start torrents when connected. AirVPN support replied that they do not support Synology, which is a shame, and redirected me to this forum.

 

Findings:

1 The NAS is making the connection alright, but besides that nothing happen, ie no torrent activity after checking, wating at 0%

2  I am able to use the Utorrent client while connected to Air, works fine.

3 Restart does not help.

 

The moment I disconnect from Air the torrent is activated.

I tried various combinations of options in the generator (Open vpn v< and > 2.4, TCP, 1 server, the hole country).

 

Any ideas how to fix this?

Edited ... by regvpn

[dragontattoo 0]

what is synology??