afurbano 1 Posted ... Hi guys, Anyone knows how to configuration a synology server to work through Airvpn servers? Thanks Quote Share this post Link to post
ranjeetsodhi 0 Posted ... bump!! need help with this as well. I have run the OpenVPN connection on my Mac without any issues, but haven't been able to get the OpenVPN client on Synology to even complete the setup - it just goes into a endless sleep state.. Anybody have a Synology NAS 4.0 or 4.1 Beta configured with AirVPN? Quote Share this post Link to post
Staff 9972 Posted ... Hello! We're sorry, as far as we know the Synology NAS is not fully compatible with OpenVPN in client mode because it does not support double certificate+key authentications. Please refer to the Synology customer support. Kind regards Quote Share this post Link to post
ranjeetsodhi 0 Posted ... Is there any way to get PPTP to work with a Synology NAS (running DSM 4.1Beta)? Quote Share this post Link to post
Staff 9972 Posted ... Is there any way to get PPTP to work with a Synology NAS (running DSM 4.1Beta)?Hello!We don't provide PPTP access. Please refer to the Synology customers' support.Kind regards Quote Share this post Link to post
Shakazulu 0 Posted ... Synology allows for application to built for it. Has anyone built an airvpn application that can be installed on the synology device. Just want to reopen this thread. This seems like a real need for that system. Quote Share this post Link to post
janern 0 Posted ... This was the sole purpose for me just bying the 6 month package. So this was very disappointing. I just took it for granted that it would work. A couple of weeks ago I tried Astrill's free trial, and was completely able to use that on my Synology NAS, they even had a wiki-page about it; http://wiki.astrill.com/index.php/Astrill_Setup_Manual:How_to_get_OpenVPN_working_on_Synology_NAS , (feel free to remove the link from the post if i'm overstepping here. just providing you information about the "competition" ) I was thinking it should work the same way, but i didn't seem to. Quote Share this post Link to post
Staff 9972 Posted ... @janern We are not removing the link because it gives us the option to talk about an important security issue. With our service, you don't even have to create manually a file. Our Configuration Generator will generate all the files needed by OpenVPN. Make sure to tick "Advanced Mode", and then tick "Separate certs/keys from .ovpn file". Unfortunately, the instructions you linked talk only about a ca certificate, as if the Astrill authentication method is based only on that (with, optionally, login and password, which would be even worse). That's really a very bad way to build a secure & trusted VPN. Our authentication method is based on client certificate, server certificate and client key, with TLS re-keying at each connection and every 60 minutes (Perfect Forward Secrecy). No VPN server keeps any database of login names, passwords, user names or anything else. This is the correct way to provide a higher security service with OpenVPN. It is so obvious that we are astonished that you even compare a service without the aforementioned features with AirVPN. Since security and strength of the anonymity layer are one of our highest priorities, we're sure you'll understand our decision to never compromise the system to meet the needs of devices that do not implement all the OpenVPN features (IF it's your case, of course), even if that would mean to have some gullible customers that with the current system we can't have. If some services meet your need and our service does not because it provides a much higher security level, it's unfair to blame us, and not only in consideration of the fact that we clearly list all the systems that are compatible with our service. You should blame VPN providers and manufacturers that do not offer the better security options. We see that you have already asked for a refund and that the refund has been granted, so you are free to pick the service that you prefer. If you think that security is not of your concern, there are literally hundreds of low security, low privacy VPN services on the Internet that you can use. Our service will not compromise security and/or privacy for marketing reasons. Kind regards 4 dickles, efficio, clicktooth and 1 other reacted to this Quote Share this post Link to post
phantasteek 9 Posted ... I have actually been able to successfully connect my Synology DS211j. I got a three day trial, configured it and got it running properly yesterday. The only issue I've had was the inability to reconnect automatically upon disconnect. If Air staff are ok, I can share the steps I've followed to configure the connection. In principle I've generated and downloaded the configuration files, uploaded the cert and key files to the diskstation using a terminal connection, created a placeholder OpenVPN connection in the Synology diskstation's VPN control panel using the user cert I uploaded, then downloaded the configuration file from the station using terminal, modified it to use all Air parameters and keys/certificates and finally uploaded it back to the diskstation and connected. Staff, please let me know if it's ok to post details and if you'd like to see my connection logs to confirm all is good from a security standpoint. Thanks. Quote Share this post Link to post
Staff 9972 Posted ... @phantasteek Hello! Of course, it's just fine, thank you! Also feel free to publish or send us in private the connection logs. Kind regards Quote Share this post Link to post
Royee 10 Posted ... Another possible choice and work around is to use a tomato Router with VPN already ? that way anything connected to the router via ethernet is running through the VPN. All your apps on the Synology torrent etc should in theory be running through the VPN. One can always buy a Asus RT-N16 for around £40-60 off ebay easily, if you add firewall rules you can further safe guard yourself in case the VPN drops out also. I am only guessing the above however ! but in theory it should work Quote Share this post Link to post
Staff 9972 Posted ... @Royee Yes, absolutely. We have very many customers who connect their whole house or office to a VPN server via a Tomato, DD-WRT or other supporting OpenVPN firmware builds. As you can see, we provide instructions to configure both Toastman Tomato and DD-WRT ('OpenVPN-flavored') through the router web interface. One thing to keep in mind, though: consumers' routers CPU processing power is not outstanding for real time AES encryption/decryption. Our OpenVPN Data Channel cipher is AES-256-CBC. Consumers' routers CPU will be able to handle no more than 7-10 Mbit/s AES throughput, due to encryption and decryption on the fly, so the connected devices will be "capped" at that maximum TOTAL throughput. Kind regards Quote Share this post Link to post
phantasteek 9 Posted ... Here's a step-by-step of how I've setup an AirVPN OpenVPN connection on a Synology DS211j running DSM 4.2-3202: Generate the configuration and cert/key files on the AirVPN web site:Choose your Operating System: select Linux (see ChooseOS.jpg attachment)Pick a serverUnder Connection Modes: select Advanced Mode, select Direct, protocol UDP, port 53 and select Separate keys/certs from .ovpn file (see ConnectionModes.jpg)Accept both then click on GenerateClick on ZIP to download a ZIP archive containing all files (see DownloadFiles.jpg); unzip the contents to a work folder; the archive should contain the following files:AirVPN_XXXXX_UDP-53.ovpn; XXXXX reflects the server selected aboveca.crtuser.crtuser.key Create an OpenVPN connection in the Synology diskstation's VPN control panel (see VPN.jpg):use anything for the IP, user and password as they will be changed/removed manually below anywaysimport the ca.crt certificate you extracted into the work folder above (see VPNGeneral.jpg)set advanced settings as desiredapply changesas a result the following files will get created in the /usr/syno/etc/synovpnclient/openvpn folder on the diskstation (see Files.jpg):ca_oXXXXXXXX.crtclient_oXXXXXXXXovpn_oXXXXXXXX.conf, where XXXXXXXX is a number assigned automatically when the OpenVPN connection is saved (probably an Id for the connection) Modify the Synology configuration file created above:telnet into the Synology diskstation using a telnet/ssh app such as Putty, login as root, which should have the same password as the admin userchange directory to the openvpn folder using this command:cd /usr/syno/etc/synovpnclient/openvpn use a command like below to copy the client_oXXXXXXXX described above to a diskstation shared folder to be able to open and change it with a text editor:cp client_oXXXXXXXX /volume1/SharedFolder/where you substitute your specific numbers for XXXXXXXX and your specific volume and folder name for /volume1/SharedFolderopen the file you copied to the shared folder with your favourite text editor (e.g. Notepad or Notepad++) and make the following changes to merge the configuration file generated and downloaded from the AirVPN web site into it:remove all the lines from the client_oXXXXXXXX file except the 3 below:floatreneg-sec 0plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-downthen insert all lines from the AirVPN_XXXXX_UDP-53.ovpn into the file and save itoptionally, if you wish to have a client connection log file for debugging/troubleshooting purposes, you can also include a line like this (with your own folder and file name):log-append /volume1/SharedFolder/AirVPN.logat this point the file should look something like this:# --------------------------------------------------------# Air VPN | https://airvpn.org | Wednesday 4th of September 2013 12:07:47 AM# OpenVPN Client Configuration# AirVPN_Server_UDP-53# --------------------------------------------------------clientdev tunproto udpremote some.server.address.here 53resolv-retry infinitenobindns-cert-type servercipher AES-256-CBCcomp-lzoverb 3explicit-exit-notify 5ca ca_oXXXXXXXX.crtcert user.crtkey user.keyscript-security 2redirect-gatewayfloatreneg-sec 0plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-downwith the proper values for the server and numeric connection id instead of the placeholders "some.server.address.here" and "XXXXXXXX" I've included abovein the telnet app, while continuing to be positioned in the /usr/syno/etc/synovpnclient/openvpn folder, copy the modified client_oXXXXXXXX file back to that folder using a command like: cp /volume1/SharedFolder/client_oXXXXXXXX . using similar commands, also copy the user.crt and user.key files over to the /usr/syno/etc/synovpnclient/openvpn folder: cp /volume1/SharedFolder/user.crt . cp /volume1/SharedFolder/user.key . done NOTES:any VPN configuration changes made and saved through the Synology VPN control panel will result in the client_oXXXXXXXX file being overwritten and reset to its original state before the manual edits described above, which basically renders the configuration unusable with AirVPN; if this happens the file should be restored from a previously saved backup using a cp (copy) command like the ones above; so when you get the configuration working, create a backup of the client_XXXXXXXX file somewhere safe;multiple entries for different AirVPN servers can be created by downloading the configuration and key files for each server from the web site and re-doing the above steps for each entry; the proper ca.crt certificate file should be used for each entry; I believe the user.crt and user.key are the same for all servers as they are user-specific rather than server-specific and therefore they can be reused for all connections (they don't need to be copied over to the usr/syno/etc/synovpnclient/openvpn folder multiple times - last step above, before "done"). 8 0fficer, timelordcardiff, Spronky and 5 others reacted to this Quote Share this post Link to post
SeriousDuke 1 Posted ... @phantasteek Hey man, thanks a lot!Managed to get my Synology (also DS211j) with DSM 4.3-3776 connected to AirVPN thanks to your guidelines.This was even the first time I ever used telnet in my life (but it turns out to be similar to DOS). I did need to repeat the filename at the end op the cp command though or it wouldn't work:cp client_oXXXXXXXX /volume1/SharedFolder/client_oXXXXXXXX There were a few lines in the client_o file that were somewhat different from yours:Some lines with " ":ca "ca_oXXXXXXXXXX.crt"cert "user.crt"key "user.key"And my last line looked like: plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down But it worked! Used telnet to verify my connection with traceroute and everything ok. So Synology owners: give it a try. First I was a bit put off when I saw the technical explanation, but just follow phantasteek's steps and you'll be fine. 1 phantasteek reacted to this Quote Share this post Link to post
phantasteek 9 Posted ... @phantasteek Hey man, thanks a lot!Managed to get my Synology (also DS211j) with DSM 4.3-3776 connected to AirVPN thanks to your guidelines.This was even the first time I ever used telnet in my life (but it turns out to be similar to DOS). I did need to repeat the filename at the end op the cp command though or it wouldn't work:cp client_oXXXXXXXX /volume1/SharedFolder/client_oXXXXXXXX There were a few lines in the client_o file that were somewhat different from yours:Some lines with " ":ca "ca_oXXXXXXXXXX.crt"cert "user.crt"key "user.key"And my last line looked like: plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down But it worked! Used telnet to verify my connection with traceroute and everything ok. So Synology owners: give it a try. First I was a bit put off when I saw the technical explanation, but just follow phantasteek's steps and you'll be fine. Hey SeriousDuke. Glad I could help.Ya, the quotes were in my file, too, but I removed them to simplify things, and since the file names did not contain any spaces that was ok.I'm guessing the plugin line is different due to the different (newer) version of DSM that you have. Thanks. Quote Share this post Link to post
2df46c2fb3 1 Posted ... @phantasteek Thanks very much for your guide. Just tried it and everything is fine, except for that fact that I'm getting "Permission denied" errors when trying to copy the client_xxxxxxx, user.crt and user.key files.I'm logged in as Admin via Putty, si I should have all rights. Any tips?eally appreciate it, thanks! Quote Share this post Link to post
phantasteek 9 Posted ... @phantasteek Thanks very much for your guide. Just tried it and everything is fine, except for that fact that I'm getting "Permission denied" errors when trying to copy the client_xxxxxxx, user.crt and user.key files.I'm logged in as Admin via Putty, si I should have all rights. Any tips?eally appreciate it, thanks! Hi there. You need to login as root (not admin). root should have the same password as admin. 1 chahk reacted to this Quote Share this post Link to post
karmalized 0 Posted ... Hello All, I have tried following these guidelines to get my DS212j setup using DSM 4.3 but I am not able to connect. I am wondering if anyone can see anything wrong with my config file: # --------------------------------------------------------# Air VPN | https://airvpn.org | Friday 1st of November 2013 02:15:05 AM# OpenVPN Client Configuration# AirVPN_CA-Lesath_UDP-53# -------------------------------------------------------- clientdev tunproto udpremote 184.75.221.2 53resolv-retry infinitenobindns-cert-type servercipher AES-256-CBCcomp-lzoverb 3explicit-exit-notify 5ca “ca_o1383270549.crt”cert "user.crt"key "user.key”script-security 2floatreneg-sec 0plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-downlog-append /volume1/Jay/AirVPN.log Here is my file list from the NAS server: JaysServer> pwd/usr/syno/etc/synovpnclient/openvpnJaysServer> ls -aldrwxr-xr-x 2 root root 4096 Nov 1 21:21 .drwxr-xr-x 7 root root 4096 Oct 29 20:55 ..-rw-r--r-- 1 root root 1562 Oct 31 22:35 ca.crt-rwxr-xr-x 1 root root 1562 Oct 31 22:42 ca_o1383270549.crt-rw-r--r-- 1 root root 648 Nov 1 21:23 client_o1383270549-rw------- 1 root root 439 Nov 1 21:13 ovpn_o1383270549.conf-rw-r--r-- 1 root root 5126 Oct 31 22:35 user.crt-rw-r--r-- 1 root root 1675 Nov 1 21:21 user.key Quote Share this post Link to post
Staff 9972 Posted ... Hello! Please try to add the directive log-append to generate a log file which can be very useful for troubleshooting (feel free to send the logs). Kind regards Quote Share this post Link to post
karmalized 0 Posted ... Actually, even though I have the log file append command, I do not see the log file being generated in the folder, and I can't seem to find any logs elsewhere on the DSM system. Is there any other way to get log files generated? Quote Share this post Link to post
Staff 9972 Posted ... Hello! If the log file is not generated, chances are that OpenVPN was not running at all, can you please check? Kind regards Quote Share this post Link to post
Spronky 0 Posted ... You know, I must be thicker than a thick thing because I cannot get these incantations to work.As far as I can tell, I followed phantasteek's instructions to the letter, but it all got messed up around the part where he says "use anything for the IP, user and password as they will be changed/removed manually below anyways".I did as instructed, but when/what/where were they changed manually?I was still stuck with the pretend IP address. a username of "Blah" and a password just as silly.Hey. I pressed "connect" and it did, to 10.8.0.222I disconnected. Put the Nashira IP in - 84.39.116.179My AirVPN usernameMy AirVPN password> no connection. I messed up.Simple instructions. Baby steps, please?tia Susi xx (I modded the client_o....... file. Copied it back, along with the user.crt and user.key over as well.) EDIT: OK. I did all that above as said earlier, but somehow, and I have no idea why, but things got messed up because (it seems) I put in dummy IP, usernames and password.I had to put the proper ones in, re-edit the client_oxxxxxxxx file, as somehow the details had changed, and away it went....I think.The AirVPN "Client Area" says it's connected. So fingers crossed.... Quote Share this post Link to post
karmalized 0 Posted ... Hello! If the log file is not generated, chances are that OpenVPN was not running at all, can you please check? Kind regardsHello, Do you know how to check to see if it is running? In the Synology VPN configuration section, I click on the bottom to connect, but I do not know how to check if OpenVPN is running. Quote Share this post Link to post
karmalized 0 Posted ... Ok, looks like i got it working. Seems the client_oXXXXXXX file for my config, doesn't like the quotation marks around the certificate file names. I restarted this and found that by leaving them off, it now works. Here is my client file: clientdev tunproto udpremote xxx.xxx.xxx.xxx 53resolv-retry infinitenobindns-cert-type servercipher AES-256-CBCcomp-lzoverb 3explicit-exit-notify 5ca ca_o138327XXXX.crtcert user.crtkey user.keyscript-security 2redirect-gatewayfloatreneg-sec 0plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down Quote Share this post Link to post