Jump to content
Not connected, Your IP: 34.234.83.135
afurbano

ANSWERED How to configure a Synology device

Recommended Posts

Hi,

I followed this tutorial with the correct values inside the address, login and password to avoid problems.

Now when I try to connect I get this log :

Mon Oct 20 15:26:07 2014 OpenVPN 2.1.4 armle-unknown-linux [SSL] [LZO2] [EPOLL] built on Apr  8 2014
Mon Oct 20 15:26:07 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Oct 20 15:26:07 2014 PLUGIN_INIT: POST /lib/openvpn/openvpn-down-root.so '[/lib/openvpn/openvpn-down-root.so] [/usr/syno/etc.defaults/synovpnclient/scripts/ip-down]' intercepted=PLUGIN_UP|PLUGIN_DOWN 
Mon Oct 20 15:26:07 2014 Cannot load CA certificate file ca.crt path (null) (SSL_CTX_load_verify_locations): error:02001002:lib(2):func(1):reason(2): error:2006D080:lib(32):func(109):reason(128): error:0B084002:lib(11):func(132):reason(2)
Mon Oct 20 15:26:07 2014 Exiting

Any idea where this could be coming from ?

by the way I entered europe.vpn.airdns.org as the address, also tried to append :53 at the end of this.

Share this post


Link to post

Hi,

I followed this tutorial with the correct values inside the address, login and password to avoid problems.

Now when I try to connect I get this log :

Mon Oct 20 15:26:07 2014 OpenVPN 2.1.4 armle-unknown-linux [SSL] [LZO2] [EPOLL] built on Apr  8 2014
Mon Oct 20 15:26:07 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Oct 20 15:26:07 2014 PLUGIN_INIT: POST /lib/openvpn/openvpn-down-root.so '[/lib/openvpn/openvpn-down-root.so] [/usr/syno/etc.defaults/synovpnclient/scripts/ip-down]' intercepted=PLUGIN_UP|PLUGIN_DOWN 
Mon Oct 20 15:26:07 2014 Cannot load CA certificate file ca.crt path (null) (SSL_CTX_load_verify_locations): error:02001002:lib(2):func(1):reason(2): error:2006D080:lib(32):func(109):reason(128): error:0B084002:lib(11):func(132):reason(2)
Mon Oct 20 15:26:07 2014 Exiting

Any idea where this could be coming from ?

by the way I entered europe.vpn.airdns.org as the address, also tried to append :53 at the end of this.

 

Did you modify te ca.crt location to ca_oXXXXXX.crt in the client file? Replace XXXXXX with what's behind the client name..

Share this post


Link to post

I have successfully followed this guide to get my DS412+ connected to AirVPN via the "United States" servers.  I've set up some port forwards via https://airvpn.org/ports/ to various services running on my DS (Synology web admin, SABnzbd, CouchPotato, Sick Beard, Plex, etc.,) and everything seems to be working.

 

However...  Even though the downloads are real fast (1.8 Mbps reported by SABnzbd, compared to 2.1 Mbps without VPN,) the uploads are horribly slow.  I'm not sure how to measure it properly, but connecting to my DS' web interface (http://my_ds_alias.airdns.org:forwarded_port/webman/index.cgi) takes up to 5 minutes, as do all the clicks once it finally lets me in.  What can I do to troubleshoot this?  How do I even properly measure the upload speeds via the DS?

Share this post


Link to post

I followed the instruction on DSM 5.1 and it didnd't worked. I wished we could get a config generation for synology servers.

 

There is no special config for it.

Even between the OS flavors there are very minor changes, I.e. the Windows/Linux/OSX in the config generator.

Some routers do not support the "explicit-exit-notify" and "comp-lzo" directives.

If you could paste the logs of what exactly did not work (your OpenVPN logs, not Synology), we might look into that.

Note that all the issues on this topic have been solved by the users themselves, so there is nothing wrong with the setup

or the device, it seems to be supported, and working correctly for others, without any special config.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Synology is now running DSM 5.2-5592. The "best answer" above is for DSM 4.2-3202. Before I start down the road of trying to figure it out is the "best answer" above still 100% applicable?

 

Is there a set up guide somewhere for DSM 5.2-5592?

Share this post


Link to post

remote some.server.address.here 443

 

Never worked for me, I had to use the IP address for some strange reason.  You can ask to resolve the names to IPs when you build the config on the airvpn website.

 

 

use anything for the IP, user and password as they will be changed/removed manually below

 

Never worked for me. I had to use the exact details for the server (again I used the IP address), exact username/password and port number. 

 

Also I used this config along with these "user.crt, key user.key, ta.key" taken from config on the airVPN site.  Also can I suggtes using WinSCP to make the changes and copy the additonal keys to the NAS for those less comfitable with using SSH or telnet.  Please note to use WinSCP you will still need to turn on Telnet/SSH in control panel of NAS.

 

client
dev tun
proto udp
remote IP ADDRESS FROM CONFIG 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
verb 3
explicit-exit-notify 5
ca ca_XXXXXX.crt
cert user.crt
key user.key
tls-auth ta.key 1
script-security 2
redirect-gateway
float
reneg-sec 0
plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down
auth-user-pass /tmp/ovpn_client_up

Share this post


Link to post

Synology is now running DSM 5.2-5592. The "best answer" above is for DSM 4.2-3202. Before I start down the road of trying to figure it out is the "best answer" above still 100% applicable?

 

Is there a set up guide somewhere for DSM 5.2-5592?

 

 

DSM 4 and 5 guides would be almost indentical.

Share this post


Link to post

PDF LINK for download with images:  https://1fichier.com/?ycqsixfviw

WORD LINK if you want to improve this method: https://1fichier.com/?kjmy10cf0s

 

Synology NAS Setup Guide for AIRVPN

This guide was produced using Diskstation Manager (DSM) v5 ;

DSM's GUI for connecting to OpenVPN doesn't allow for all of the required parameters to be set. Some manual steps are required to complete configuration of an OpenVPN connection to AIRVPN.

It requires accessing and copying files outside of the DSM GUI by connecting to the NAS drive through SSH.

 

STEP 0 – PRELIMINARY STEP OPEN TEMPORARY THE SSH PORT (22).

To enable SSH access in DSM. Open DSM, navigate to Control Panel -> Terminal & SNMP.

 

 

 

 

STEP 1 - DOWNLOAD THE CONFIGURATION ZIP FILE FROM AIRVPN GENERATOR

Go to the  https://airvpn.org/generator/ page to generate the configuration file.

(1. SELECT  LINUX OS)

 

 

(2. SELECT only 1 SERVER AIRVPN – refer to section by single servers )

In this exemple, i will take the FR-MARFIC server.

(3. SELECT the Advanced Mode – refer to section connection modes)

-select Direct,

-protocol UDP,

-port 53

-Separate keys/certs from .ovpn file

 

(4. ACCEPT THE RULES OF AIRVPN)

Tick the two checkboxes :

I have read and I accept the Terms of Service
I HEREBY EXPLICITLY ACCEPT POINTS 8, 10, 11

Then click on the GENERATE button.

 

 

Click on the ZIP button in order to download the AIRVPN configuration files.

Unzip the files into a shared folder on your diskstation DSM. In my example, i have created a shared folder on my diskstation  /DSM/UPLOAD  (Work folder or temp folder)

 

The ZIP archive should contain the following files:

- AirVPN_XXXXX_UDP-53.ovpn;  XXXXX it is corresponding to your single selected server.

-ca.crt

-user.crt

-user.key

 

STEP 2 – CREATION OF THE VPN PROFILE ON THE DSM SYNOLOGY OS V5

To create a VPN profile on the DSM. Open DSM, go to Control Panel -> Network -> Network Interface tab.

-Click on Create -> Create VPN profile.   

 

- Select OpenVPN radio button and click Next.

 

-In General Settings:

Profile Name:                   AIRVPN_FR_MARFIC (my example, put here the name of  your selected server)

Adresse Serveur:            195.154.194.18  IP of MARFIC server (you will find the IP of your selected server in the configuration file of AirVPN_XXXXX_UDP-53.ovpn)

Login:    LOGIN AIRVPN (you use to connect the AIRVPN website)

Password:                          Password AIRVPN (you use to connect the AIRVPN website)

Port:                                     53

Protocol:                             UDP

Certificate:                         Import here the  ca.crt file

Then click on the Next button.

 

Define the Advanced settingds (SELECT ALL :  EXCEPT the ‘Enable compression on the VPN link’)

To finish the creation of the VPN profile, click on Apply button.

You'll now have a VPN connection in the Network Interfaces section of your DSM's GUI.  Attempting to connect will fail though. It is normal. The DSM configuration file will need to be MODIFIED directly on the NAS drive through SSH port with Putty.

 

STEP 3 – MODIFICATION OF THE VPN PROFILE WITH PUTTY (SSH client) THROUGH SSH PORT TO MAKE IT COMPATIBLE WITH THE AIRVPN

Connect directly Putty (SSH client) to your NAS Synology (SSH port is OPENED - refer STEP 0).

Open Putty and connect to DSM using the root account. Password will be the same as the 'admin' account password for DSM (you can change this password by logging into DSM using any account that is in the administrator group and going to Control panel -> Users).

 

Execute the following commands, line by line :

cd

cd ..

cd usr/syno/etc/synovpnclient/openvpn

dir

 

You must see at least this configuration files, in the folder usr/syno/etc/synovpnclient/openvpn

 

XXXXXXXX = 1378254898 in my example. This is the ID of the connection which is automatically attributed.

Copy the file client_oXXXXXXXX  to a shared folder somewhere on the diskstation with the commande line below.  In my exemple, /volume1/DSM/UPLOAD

cp client_oXXXXXXXX /volume1/DSM/UPLOAD

 

Edit the client_oXXXXXXXX file with a text editor like Notepad or Notepad++ which is located in the shared folder.  

DO THE MODIFICATIONS FOLLOWINGS in order to merge the VPN profile of DSM and AIRVPN configuration files:

  1. At the end of the client_oXXXXXXXX file, add all the lines of the AirVPN_XXXXX_UDP-53.ovpn
  2. Then insert # before the lines already present to merge the two configurations
    So, we only keep 11 lines of AirVPN_XXXXX_UDP-53 in this modified client_oXXXXXXXX file and SAVE the modificated client_oXXXXXXXX file.
The modificated client_oXXXXXXXX file will look similar to below :

dev tun

tls-client

remote SERVERIP PORT of your selected AIRVPN server

pull

proto udp

up /usr/syno/etc.defaults/synovpnclient/scripts/ovpn-up

route-up /usr/syno/etc.defaults/synovpnclient/scripts/route-up

ca ca_oXXXXXXXXX.crt  ID of your VPN profile

redirect-gateway

script-security 2

float

reneg-sec 0

explicit-exit-notify

plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down

auth-user-pass /tmp/ovpn_client_up

# --------------------------------------------------------

# Air VPN | https://airvpn.org | Sunday 22nd of November 2015 10:42:53 AM

# OpenVPN Client Configuration

# AirVPN_FR-Paris_Marfic_UDP-53

# --------------------------------------------------------

 

#client                                                                NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE

#dev tun                                            NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE

#proto udp                                       NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE

#remote SERVERIP  PORT           NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE

resolv-retry infinite

nobind

persist-key

persist-tun

remote-cert-tls server

cipher AES-256-CBC

comp-lzo no

#route-delay 5                                NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE

verb 3

#explicit-exit-notify 5                   NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE

#ca "ca.crt"                                       NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE

cert "user.crt"

key "user.key"

tls-auth "ta.key" 1

Now, we will replace the client_oXXXXXXXX file by the modificated client_oXXXXXXXX file into the folder usr/syno/etc/synovpnclient/openvpn

NOTE: When copying use 'cp –f' to force overwrite of existing files in the destination. In root mode, -f is not mandatory. Check the last modification date of the client_oXXXXXXXX file with the command dir in the current folder usr/syno/etc/synovpnclient/openvpn

 

For my example, execute the command line :

cp /volume1/DSM/UPLOAD/client_oXXXXXXXX /usr/syno/etc/synovpnclient/openvpn

 

 

Do similar for the other downloaded AIR VPN configuration files :

cp /volume1/DSM/UPLOAD/user.crt /usr/syno/etc/synovpnclient/openvpn

cp /volume1/DSM/UPLOAD/user.key /usr/syno/etc/synovpnclient/openvpn

cp /volume1/DSM/UPLOAD/ta.key /usr/syno/etc/synovpnclient/openvpn

 

it s DONE. Ready J Your AIR VPN ACCESS is correctly configurated for SYNOLOGY OS v5.

NOTES:

Please note that if you make any changes to VPN profile using the DSM GUI the changes you made to the configuration file will be overwritten and it will have to be edited again.

Any VPN configuration changes made and saved through the Synology VPN control panel will result in the client_oXXXXXXXX file being overwritten and reset to its original state before the manual edits described above, which basically renders the configuration unusable with AirVPN; if this happens the file should be restored from a previously saved backup using a cp (copy) command like the ones above; so when you get the configuration working, create a backup of the client_XXXXXXXX file somewhere safe.

STEP 4 – HOW TO ACCESS TO YOUR SYNOLOGY SERVER FROM INTERNET WHEN AIRVPN IS CONNECTED ON YOUR DSM

 

  1. Fowarding ports from Public IP to connect to your DSM Synology server through AIRVPN connected.

(https://www.youtube.com/watch?v=pFcDYptkqBA )

 

You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048. You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when it is already reserved. https://airvpn.org/faq/port_forwarding/

 

 

I advice you to open the forwarded ports on your Client area of AIRVPN website:

 

Forwarded port : XXX0

Protocol : TCP & UDP

Local port: 5000

DDNS: my_ds_aliashttp

 

Forwarded port : XXX1

Protocol : TCP & UDP

Local port: 5001

DDNS: my_ds_aliashttps

 

Forwarded port : XXX2

Protocol : TCP & UDP

Local port: 80

DDNS: my_ds_aliaswebsite

 

Forwarded port : XXX3

Protocol : TCP & UDP

Local port: 443

DDNS: my_ds_aliassecurewebsite

 

 

  1. Access through HTTP or HTTPS according to your DSM connection configuration:

( https://www.synology.com/en-us/knowledgebase/tutorials/611 )

 

http://my_ds_alias.airdns.org:forwarded_port/webman/index.cgi

or

http://PUBLICIP ofAIRVPNSERVER:forwarded_port/webman/index.cgi

 

 

https://my_ds_alias.airdns.org:forwarded_port/webman/index.cgi

or

https://PUBLICIP ofAIRVPNSERVER:forwarded_port/webman/index.cgi

 

 

my_ds_alias= according to the service you want to access

forwarded_port= associated to your service

 

 

 

 

For instance :

HTTP ACCESS

http:// my_ds_aliashttp.airdns.org:XXX0/webman/index.cgi

or

http:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX0/webman/index.cgi

For instance :

HTTPS ACCESS

https:// my_ds_aliashttp.airdns.org:XXX1/webman/index.cgi

or

https:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX1/webman/index.cgi

 

For instance :

WEBSITE ACCESS

http:// my_ds_aliaswebsite.airdns.org:XXX2

or

http:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX2

For instance :

SECURE WEBSITE ACCESS

https:// my_ds_aliassecurewebsite.airdns.org:XXX3

or

https:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX3

Share this post


Link to post

I followed the guide in this thread and managed to set up an AirVPN connection on my Synology DS215j at version 5.2-5592. I subsequently upgraded to 5.2-5644 by resetting to factory settings as I was having some unrelated connectivity issues.

 

I am now trying to configure AirVPN again without success. I tried three different servers and I get the same messages back in the log. When it fails connecting the DSM interface says "Connection failed or certificate expired. Please use a valid certificate issued by the VPN server and try again."

 

My client_oXXXXXXX file looks like this:

 

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Sunday 6th of December 2015 08:39:40 PM
# OpenVPN Client Configuration
# AirVPN_NL-Alblasserdam_Diphda_UDP-53
# --------------------------------------------------------

client
dev tun
proto udp
remote 213.152.161.164 53
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
ca ca_o1449434658.crt
cert user.crt
key user.key
tls-auth ta.key 1

float
reneg-sec 0
plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/
log-append /volume1/Downloads/AirVPN/AirVPN.log

 

This is a cut-down version, but I also used one where all lines from both files (AirVPN .ovpn file and generated client_oXXXXXX file) were kept (except the repeating lines).

 

This how the log files looks :

Sun Dec  6 20:53:39 2015 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct  7 2015
Sun Dec  6 20:53:39 2015 library versions: OpenSSL 1.0.1p-fips 9 Jul 2015, LZO 2.08
Sun Dec  6 20:53:39 2015 PLUGIN_INIT: POST /lib/openvpn/openvpn-down-root.so '[/lib/openvpn/openvpn-down-root.so] [/usr/syno/etc.defaults/synovpnclient/]' intercepted=PLUGIN_UP|PLUGIN_DOWN 
Sun Dec  6 20:53:39 2015 WARNING: file 'user.key' is group or others accessible
Sun Dec  6 20:53:39 2015 WARNING: file 'ta.key' is group or others accessible
Sun Dec  6 20:53:39 2015 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sun Dec  6 20:53:39 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec  6 20:53:39 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec  6 20:53:39 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Dec  6 20:53:39 2015 UDPv4 link local: [undef]
Sun Dec  6 20:53:39 2015 UDPv4 link remote: [AF_INET]213.152.161.164:53
Sun Dec  6 20:53:39 2015 TLS Error: client->client or server->server connection attempted from [AF_INET]213.152.161.164:53
Sun Dec  6 20:53:41 2015 TLS Error: client->client or server->server connection attempted from [AF_INET]213.152.161.164:53
Sun Dec  6 20:53:45 2015 TLS Error: client->client or server->server connection attempted from [AF_INET]213.152.161.164:53
Sun Dec  6 20:53:53 2015 TLS Error: client->client or server->server connection attempted from [AF_INET]213.152.161.164:53
Sun Dec  6 20:54:09 2015 TLS Error: client->client or server->server connection attempted from [AF_INET]213.152.161.164:53
Sun Dec  6 20:54:39 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Dec  6 20:54:39 2015 SYNO_ERR_CERT
Sun Dec  6 20:54:39 2015 TLS Error: TLS handshake failed
Sun Dec  6 20:54:39 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Dec  6 20:54:39 2015 Restart pause, 2 second(s)
Sun Dec  6 20:54:41 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Dec  6 20:54:41 2015 UDPv4 link local: [undef]
Sun Dec  6 20:54:41 2015 UDPv4 link remote: [AF_INET]213.152.161.164:53
Sun Dec  6 20:54:41 2015 TLS Error: client->client or server->server connection attempted from [AF_INET]213.152.161.164:53
Sun Dec  6 20:54:43 2015 TLS Error: client->client or server->server connection attempted from [AF_INET]213.152.161.164:53

 

It always looked similar to this with every failed attempt

 

...and this how the generic ovpnclient.conf file looks like (with username and password removed):


[o1449434658]
nat=no
protocol=udp
redirect-gateway=no
comp-lzo=no
pass=<MyPassword>
port=53
reconnect=yes
conf_name=AirVPN_Diphda_NL
user=<MyUsername>
remote=213.152.161.164

 

 

Any ideas what's wrong?

Share this post


Link to post

Hi nart,

 

I'm using a DS215j on version DSM 5.2-5644 Update 1.  Here is my OpenVPN configuration which works:

 

/usr/syno/etc/synovpnclient/openvpn # cat client_o1447195475
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Thursday 5th of November 2015 10:15:39 PM
# OpenVPN Client Configuration
# --------------------------------------------------------
 
client
dev tun
proto udp
remote 213.152.161.29 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
 
# This option can only be used with UDP
explicit-exit-notify 5
 
ca "keys/ca_o1447195475.crt"
cert "keys/user.crt"
key "keys/user.key"
tls-auth "keys/ta.key" 1
script-security 2
redirect-gateway
float
reneg-sec 0
plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down
auth-user-pass /tmp/ovpn_client_up
log-append /volume1/homes/Stuart/AirVPN/AirVPN.log

Share this post


Link to post

Hey squ1bby,

 

Thanks for replying! Your configuration did work indeed. Any reason you are using port 443 instead of 53 as recommended in the original guide? I regenerated all the files by selecting port 443 via the website wizard, instead of just replacing the port in the file, just to make sure.

 

One thing I noticed is performance is quite bad in transmission (ports are forwarded)...slow speed, connection stopping altogether although the DSM would say it is still connected (Client Area on the website would also show I'm not connected), etc. I wonder if it's the port? Do you have similar problems?

Share this post


Link to post

Hi nart,

 

No specific reason for using port 443.  I seem to recall that when I first tested AirVPN I used this port and it worked well so I keep it as that.  Maybe at some point over the Xmas period I'll reconfigure it to use port 53 and see what performance is like.  I don't have any problems with bad transmission / port speeds etc.  I'm in the UK and my connection is provided as FTTC (Fibre to the Cab) at 40Mbps down / 10Mbps up (although in reality I get about 35Mbps / 6Mbps).  Downloading from the Internet I can usually get 24 - 30Mbps downstream and almost max out my upstream via AirVPN.

 

I'm currently connected to a server in NL and have been for for 3w 2d according to the website.

 

Where are you located, what is your connection speed and which server are you connected to?  What ports are you forwarding - services on your NAS or on a PC?

 

Regards,

 

S.

Share this post


Link to post

Hi,

 

I followed the instructions in this post and have VPN working on my diskstation and have two newbie related questions:

  • If i connect my Diskstation to AirVPN, which is connected to a router AC68U, is my IP and all the diskstation traffic still private and protected? Im assuming it does as that is the whole point behind creating a VPN tunnel however i just wanted to make sure as my diskstation has a static local ip assigned from the router
  • Has anyone had any luck getting VPN and SSL working on a diskstation? I dont mean to crosspost/threadjack but i tried setting it up per the instructions here but havent been successful so far. Forum post with more details are here

Share this post


Link to post

 

  • Has anyone had any luck getting VPN and SSL working on a diskstation? I dont mean to crosspost/threadjack but i tried setting it up per the instructions here but havent been successful so far. Forum post with more details are here

I have the same question. I get very poor speeds on my Airvpn connection and am hoping that SSL helps. There doesn't seem to be a simple set of instructions on the web to get Stunnel working with Synology's openvpn client (using Airvpn connection).

Share this post


Link to post

 

 

  • Has anyone had any luck getting VPN and SSL working on a diskstation? I dont mean to crosspost/threadjack but i tried setting it up per the instructions here but havent been successful so far. Forum post with more details are here

I have the same question. I get very poor speeds on my Airvpn connection and am hoping that SSL helps. There doesn't seem to be a simple set of instructions on the web to get Stunnel working with Synology's openvpn client (using Airvpn connection).

 

Hello everyone,

 

I currently use STUNNEL with AirVPN on a Synology RS815+. My Internet connection can use a maximum of 400Mbit down. With STUNNEL and OpenVPN on the 443 port to reach 350 Mbit at 60% CPU load. Without STUNNEL I come to about 35 Mbit.

Speed Test:

wget -O /dev/null http://cachefly.cachefly.net/100mb.test

 

You can install STUNNEL with IPKG on your Synology.

 

Then start "/opt/sbin/stunnel "/volume1/homes/admin/airvpn/$CONFIG_NAME.ssl". Replace $config_name accordingly.

Then you can start your OpenVPN client of the Synology DiskStation with

synovpnc reconnect --protocol=openvpn --name=$CONFIG_NAME --retry=$CONFIG_RECONNECTION --interval=$CONFIG_INTERVAL

 

 

Greeting, Teran

Share this post


Link to post

Thanks for this guide... I have followed the guide step by step and I believe it is silly but, I am stock at the very end...

 

When I try to copy user.crt, user.key, ta.key to /usr/syno/etc/synovpnclient/openvpn I get this message: cp. cannot create regular '/usr/syno/etc/synovpnclient/openvpn/user.crt' : Permission denied.

 

I have check the permission on the files and nothing seems to be out of normal compared to when I copied back the edited client_oXXXXXXXX... Any hint would be highly appreciated!!

 

SOVED: If anyone runs into this troubles just type *sudo cp* 

Share this post


Link to post

Hi there,

 

I am running DSM 6.0.1-7393 on my DS716+ and I followed your instructions to the letter.

 

However, when I try to connect I get the following message: "Connection failed or certificate expired.  Please use a valid certificate issued by the VPN server and try again"

 

I did it all from start to finish this morning, so I am really stuck as to what might be going wrong.

 

I've tried the help desk, but I'm not getting any response.  I would love some help from an experienced user.  

 

Thank you so much!

Carrey

Share this post


Link to post

With DSM 6, you don't need to follow everything in this tutorial. DSM evolved and now you don't need to SSH at all.

 

Go to Control Panel - Network - Network interfaces

Create - Create VPN profile

Choose 3rd option, "OpenVPN (via importing a .ovpn file)"

In next window click "Advaced options" so it shows everything.

 

If you followed @neolefort tutorial, you will have all needed files after you used AirVPN generator.

Field "Certificate revocaton" you will leave empty.

 

That's all, it works.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...