-
Content Count
1 -
Joined
... -
Last visited
...
About neolefort
-
Rank
Newbie
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
-
ANSWERED How to configure a Synology device
neolefort replied to afurbano's topic in General & Suggestions
PDF LINK for download with images: https://1fichier.com/?ycqsixfviw WORD LINK if you want to improve this method: https://1fichier.com/?kjmy10cf0s Synology NAS Setup Guide for AIRVPN This guide was produced using Diskstation Manager (DSM) v5 ; DSM's GUI for connecting to OpenVPN doesn't allow for all of the required parameters to be set. Some manual steps are required to complete configuration of an OpenVPN connection to AIRVPN. It requires accessing and copying files outside of the DSM GUI by connecting to the NAS drive through SSH. STEP 0 – PRELIMINARY STEP OPEN TEMPORARY THE SSH PORT (22).To enable SSH access in DSM. Open DSM, navigate to Control Panel -> Terminal & SNMP. STEP 1 - DOWNLOAD THE CONFIGURATION ZIP FILE FROM AIRVPN GENERATORGo to the https://airvpn.org/generator/ page to generate the configuration file. (1. SELECT LINUX OS) (2. SELECT only 1 SERVER AIRVPN – refer to section by single servers ) In this exemple, i will take the FR-MARFIC server. (3. SELECT the Advanced Mode – refer to section connection modes) -select Direct, -protocol UDP, -port 53 -Separate keys/certs from .ovpn file (4. ACCEPT THE RULES OF AIRVPN) Tick the two checkboxes : I have read and I accept the Terms of Service I HEREBY EXPLICITLY ACCEPT POINTS 8, 10, 11 Then click on the GENERATE button. Click on the ZIP button in order to download the AIRVPN configuration files. Unzip the files into a shared folder on your diskstation DSM. In my example, i have created a shared folder on my diskstation /DSM/UPLOAD (Work folder or temp folder) The ZIP archive should contain the following files: - AirVPN_XXXXX_UDP-53.ovpn; XXXXX it is corresponding to your single selected server. -ca.crt -user.crt -user.key STEP 2 – CREATION OF THE VPN PROFILE ON THE DSM SYNOLOGY OS V5To create a VPN profile on the DSM. Open DSM, go to Control Panel -> Network -> Network Interface tab. -Click on Create -> Create VPN profile. - Select OpenVPN radio button and click Next. -In General Settings: Profile Name: AIRVPN_FR_MARFIC (my example, put here the name of your selected server) Adresse Serveur: 195.154.194.18 IP of MARFIC server (you will find the IP of your selected server in the configuration file of AirVPN_XXXXX_UDP-53.ovpn) Login: LOGIN AIRVPN (you use to connect the AIRVPN website) Password: Password AIRVPN (you use to connect the AIRVPN website) Port: 53 Protocol: UDP Certificate: Import here the ca.crt file Then click on the Next button. Define the Advanced settingds (SELECT ALL : EXCEPT the ‘Enable compression on the VPN link’) To finish the creation of the VPN profile, click on Apply button. You'll now have a VPN connection in the Network Interfaces section of your DSM's GUI. Attempting to connect will fail though. It is normal. The DSM configuration file will need to be MODIFIED directly on the NAS drive through SSH port with Putty. STEP 3 – MODIFICATION OF THE VPN PROFILE WITH PUTTY (SSH client) THROUGH SSH PORT TO MAKE IT COMPATIBLE WITH THE AIRVPNConnect directly Putty (SSH client) to your NAS Synology (SSH port is OPENED - refer STEP 0). Open Putty and connect to DSM using the root account. Password will be the same as the 'admin' account password for DSM (you can change this password by logging into DSM using any account that is in the administrator group and going to Control panel -> Users). Execute the following commands, line by line : cd cd .. cd usr/syno/etc/synovpnclient/openvpn dir You must see at least this configuration files, in the folder usr/syno/etc/synovpnclient/openvpn XXXXXXXX = 1378254898 in my example. This is the ID of the connection which is automatically attributed. Copy the file client_oXXXXXXXX to a shared folder somewhere on the diskstation with the commande line below. In my exemple, /volume1/DSM/UPLOAD cp client_oXXXXXXXX /volume1/DSM/UPLOAD Edit the client_oXXXXXXXX file with a text editor like Notepad or Notepad++ which is located in the shared folder. DO THE MODIFICATIONS FOLLOWINGS in order to merge the VPN profile of DSM and AIRVPN configuration files: At the end of the client_oXXXXXXXX file, add all the lines of the AirVPN_XXXXX_UDP-53.ovpn Then insert # before the lines already present to merge the two configurations So, we only keep 11 lines of AirVPN_XXXXX_UDP-53 in this modified client_oXXXXXXXX file and SAVE the modificated client_oXXXXXXXX file. The modificated client_oXXXXXXXX file will look similar to below :dev tun tls-client remote SERVERIP PORT of your selected AIRVPN server pull proto udp up /usr/syno/etc.defaults/synovpnclient/scripts/ovpn-up route-up /usr/syno/etc.defaults/synovpnclient/scripts/route-up ca ca_oXXXXXXXXX.crt ID of your VPN profile redirect-gateway script-security 2 float reneg-sec 0 explicit-exit-notify plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down auth-user-pass /tmp/ovpn_client_up # -------------------------------------------------------- # Air VPN | https://airvpn.org | Sunday 22nd of November 2015 10:42:53 AM # OpenVPN Client Configuration # AirVPN_FR-Paris_Marfic_UDP-53 # -------------------------------------------------------- #client NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE #dev tun NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE #proto udp NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE #remote SERVERIP PORT NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC comp-lzo no #route-delay 5 NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE verb 3 #explicit-exit-notify 5 NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE #ca "ca.crt" NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE cert "user.crt" key "user.key" tls-auth "ta.key" 1 Now, we will replace the client_oXXXXXXXX file by the modificated client_oXXXXXXXX file into the folder usr/syno/etc/synovpnclient/openvpn NOTE: When copying use 'cp –f' to force overwrite of existing files in the destination. In root mode, -f is not mandatory. Check the last modification date of the client_oXXXXXXXX file with the command dir in the current folder usr/syno/etc/synovpnclient/openvpn For my example, execute the command line : cp /volume1/DSM/UPLOAD/client_oXXXXXXXX /usr/syno/etc/synovpnclient/openvpn Do similar for the other downloaded AIR VPN configuration files : cp /volume1/DSM/UPLOAD/user.crt /usr/syno/etc/synovpnclient/openvpn cp /volume1/DSM/UPLOAD/user.key /usr/syno/etc/synovpnclient/openvpn cp /volume1/DSM/UPLOAD/ta.key /usr/syno/etc/synovpnclient/openvpn it s DONE. Ready J Your AIR VPN ACCESS is correctly configurated for SYNOLOGY OS v5. NOTES:Please note that if you make any changes to VPN profile using the DSM GUI the changes you made to the configuration file will be overwritten and it will have to be edited again. Any VPN configuration changes made and saved through the Synology VPN control panel will result in the client_oXXXXXXXX file being overwritten and reset to its original state before the manual edits described above, which basically renders the configuration unusable with AirVPN; if this happens the file should be restored from a previously saved backup using a cp (copy) command like the ones above; so when you get the configuration working, create a backup of the client_XXXXXXXX file somewhere safe. STEP 4 – HOW TO ACCESS TO YOUR SYNOLOGY SERVER FROM INTERNET WHEN AIRVPN IS CONNECTED ON YOUR DSM Fowarding ports from Public IP to connect to your DSM Synology server through AIRVPN connected.(https://www.youtube.com/watch?v=pFcDYptkqBA ) You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048. You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when it is already reserved. https://airvpn.org/faq/port_forwarding/ I advice you to open the forwarded ports on your Client area of AIRVPN website: Forwarded port : XXX0 Protocol : TCP & UDP Local port: 5000 DDNS: my_ds_aliashttp Forwarded port : XXX1 Protocol : TCP & UDP Local port: 5001 DDNS: my_ds_aliashttps Forwarded port : XXX2 Protocol : TCP & UDP Local port: 80 DDNS: my_ds_aliaswebsite Forwarded port : XXX3 Protocol : TCP & UDP Local port: 443 DDNS: my_ds_aliassecurewebsite Access through HTTP or HTTPS according to your DSM connection configuration:( https://www.synology.com/en-us/knowledgebase/tutorials/611 ) http://my_ds_alias.airdns.org:forwarded_port/webman/index.cgi or http://PUBLICIP ofAIRVPNSERVER:forwarded_port/webman/index.cgi https://my_ds_alias.airdns.org:forwarded_port/webman/index.cgi or https://PUBLICIP ofAIRVPNSERVER:forwarded_port/webman/index.cgi my_ds_alias= according to the service you want to access forwarded_port= associated to your service For instance : HTTP ACCESS http:// my_ds_aliashttp.airdns.org:XXX0/webman/index.cgi or http:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX0/webman/index.cgi For instance : HTTPS ACCESS https:// my_ds_aliashttp.airdns.org:XXX1/webman/index.cgi or https:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX1/webman/index.cgi For instance : WEBSITE ACCESS http:// my_ds_aliaswebsite.airdns.org:XXX2 or http:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX2 For instance : SECURE WEBSITE ACCESS https:// my_ds_aliassecurewebsite.airdns.org:XXX3 or https:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX3