neolefort

PDF LINK for download with images:  https://1fichier.com/?ycqsixfviw
WORD LINK if you want to improve this method: https://1fichier.com/?kjmy10cf0s
 
Synology NAS Setup Guide for AIRVPN
This guide was produced using Diskstation Manager (DSM) v5 ;
DSM's GUI for connecting to OpenVPN doesn't allow for all of the required parameters to be set. Some manual steps are required to complete configuration of an OpenVPN connection to AIRVPN.
It requires accessing and copying files outside of the DSM GUI by connecting to the NAS drive through SSH.
 
STEP 0 – PRELIMINARY STEP OPEN TEMPORARY THE SSH PORT (22).To enable SSH access in DSM. Open DSM, navigate to Control Panel -> Terminal & SNMP.
 
 
 
 
STEP 1 - DOWNLOAD THE CONFIGURATION ZIP FILE FROM AIRVPN GENERATORGo to the  https://airvpn.org/generator/ page to generate the configuration file.
(1. SELECT  LINUX OS)
 
 
(2. SELECT only 1 SERVER AIRVPN – refer to section by single servers )
In this exemple, i will take the FR-MARFIC server.
(3. SELECT the Advanced Mode – refer to section connection modes)
-select Direct,
-protocol UDP,
-port 53
-Separate keys/certs from .ovpn file
 
(4. ACCEPT THE RULES OF AIRVPN)
Tick the two checkboxes :
I have read and I accept the Terms of Service
I HEREBY EXPLICITLY ACCEPT POINTS 8, 10, 11
Then click on the GENERATE button.
 
 
Click on the ZIP button in order to download the AIRVPN configuration files.
Unzip the files into a shared folder on your diskstation DSM. In my example, i have created a shared folder on my diskstation  /DSM/UPLOAD  (Work folder or temp folder)
 
The ZIP archive should contain the following files:
- AirVPN_XXXXX_UDP-53.ovpn;  XXXXX it is corresponding to your single selected server.
-ca.crt
-user.crt
-user.key
 
STEP 2 – CREATION OF THE VPN PROFILE ON THE DSM SYNOLOGY OS V5To create a VPN profile on the DSM. Open DSM, go to Control Panel -> Network -> Network Interface tab.
-Click on Create -> Create VPN profile.   
 
- Select OpenVPN radio button and click Next.
 
-In General Settings:
Profile Name:                   AIRVPN_FR_MARFIC (my example, put here the name of  your selected server)
Adresse Serveur:            195.154.194.18  IP of MARFIC server (you will find the IP of your selected server in the configuration file of AirVPN_XXXXX_UDP-53.ovpn)
Login:    LOGIN AIRVPN (you use to connect the AIRVPN website)
Password:                          Password AIRVPN (you use to connect the AIRVPN website)
Port:                                     53
Protocol:                             UDP
Certificate:                         Import here the  ca.crt file
Then click on the Next button.
 
Define the Advanced settingds (SELECT ALL :  EXCEPT the ‘Enable compression on the VPN link’)
To finish the creation of the VPN profile, click on Apply button.
You'll now have a VPN connection in the Network Interfaces section of your DSM's GUI.  Attempting to connect will fail though. It is normal. The DSM configuration file will need to be MODIFIED directly on the NAS drive through SSH port with Putty.
 
STEP 3 – MODIFICATION OF THE VPN PROFILE WITH PUTTY (SSH client) THROUGH SSH PORT TO MAKE IT COMPATIBLE WITH THE AIRVPNConnect directly Putty (SSH client) to your NAS Synology (SSH port is OPENED - refer STEP 0).
Open Putty and connect to DSM using the root account. Password will be the same as the 'admin' account password for DSM (you can change this password by logging into DSM using any account that is in the administrator group and going to Control panel -> Users).
 
Execute the following commands, line by line :
cd
cd ..
cd usr/syno/etc/synovpnclient/openvpn
dir
 
You must see at least this configuration files, in the folder usr/syno/etc/synovpnclient/openvpn
 
XXXXXXXX = 1378254898 in my example. This is the ID of the connection which is automatically attributed.
Copy the file client_oXXXXXXXX  to a shared folder somewhere on the diskstation with the commande line below.  In my exemple, /volume1/DSM/UPLOAD
cp client_oXXXXXXXX /volume1/DSM/UPLOAD
 
Edit the client_oXXXXXXXX file with a text editor like Notepad or Notepad++ which is located in the shared folder.  
DO THE MODIFICATIONS FOLLOWINGS in order to merge the VPN profile of DSM and AIRVPN configuration files:
At the end of the client_oXXXXXXXX file, add all the lines of the AirVPN_XXXXX_UDP-53.ovpn Then insert # before the lines already present to merge the two configurations
So, we only keep 11 lines of AirVPN_XXXXX_UDP-53 in this modified client_oXXXXXXXX file and SAVE the modificated client_oXXXXXXXX file. The modificated client_oXXXXXXXX file will look similar to below :dev tun
tls-client
remote SERVERIP PORT of your selected AIRVPN server
pull
proto udp
up /usr/syno/etc.defaults/synovpnclient/scripts/ovpn-up
route-up /usr/syno/etc.defaults/synovpnclient/scripts/route-up
ca ca_oXXXXXXXXX.crt  ID of your VPN profile
redirect-gateway
script-security 2
float
reneg-sec 0
explicit-exit-notify
plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down
auth-user-pass /tmp/ovpn_client_up
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Sunday 22nd of November 2015 10:42:53 AM
# OpenVPN Client Configuration
# AirVPN_FR-Paris_Marfic_UDP-53
# --------------------------------------------------------
 
#client                                                                NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE
#dev tun                                            NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE
#proto udp                                       NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE
#remote SERVERIP  PORT           NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
#route-delay 5                                NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE
verb 3
#explicit-exit-notify 5                   NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE
#ca "ca.crt"                                       NE PAS GARDER CETTE LIGNE ACTIVE-DO NOT KEEP ACTIVE THIS LINE
cert "user.crt"
key "user.key"
tls-auth "ta.key" 1
Now, we will replace the client_oXXXXXXXX file by the modificated client_oXXXXXXXX file into the folder usr/syno/etc/synovpnclient/openvpn
NOTE: When copying use 'cp –f' to force overwrite of existing files in the destination. In root mode, -f is not mandatory. Check the last modification date of the client_oXXXXXXXX file with the command dir in the current folder usr/syno/etc/synovpnclient/openvpn
 
For my example, execute the command line :
cp /volume1/DSM/UPLOAD/client_oXXXXXXXX /usr/syno/etc/synovpnclient/openvpn
 
 
Do similar for the other downloaded AIR VPN configuration files :
cp /volume1/DSM/UPLOAD/user.crt /usr/syno/etc/synovpnclient/openvpn
cp /volume1/DSM/UPLOAD/user.key /usr/syno/etc/synovpnclient/openvpn
cp /volume1/DSM/UPLOAD/ta.key /usr/syno/etc/synovpnclient/openvpn
 
it s DONE. Ready J Your AIR VPN ACCESS is correctly configurated for SYNOLOGY OS v5.
NOTES:Please note that if you make any changes to VPN profile using the DSM GUI the changes you made to the configuration file will be overwritten and it will have to be edited again.
Any VPN configuration changes made and saved through the Synology VPN control panel will result in the client_oXXXXXXXX file being overwritten and reset to its original state before the manual edits described above, which basically renders the configuration unusable with AirVPN; if this happens the file should be restored from a previously saved backup using a cp (copy) command like the ones above; so when you get the configuration working, create a backup of the client_XXXXXXXX file somewhere safe.
STEP 4 – HOW TO ACCESS TO YOUR SYNOLOGY SERVER FROM INTERNET WHEN AIRVPN IS CONNECTED ON YOUR DSM 
Fowarding ports from Public IP to connect to your DSM Synology server through AIRVPN connected. (https://www.youtube.com/watch?v=pFcDYptkqBA )
 
You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048. You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when it is already reserved. https://airvpn.org/faq/port_forwarding/
 
 
I advice you to open the forwarded ports on your Client area of AIRVPN website:
 
Forwarded port : XXX0
Protocol : TCP & UDP
Local port: 5000
DDNS: my_ds_aliashttp
 
Forwarded port : XXX1
Protocol : TCP & UDP
Local port: 5001
DDNS: my_ds_aliashttps
 
Forwarded port : XXX2
Protocol : TCP & UDP
Local port: 80
DDNS: my_ds_aliaswebsite
 
Forwarded port : XXX3
Protocol : TCP & UDP
Local port: 443
DDNS: my_ds_aliassecurewebsite
 
 
Access through HTTP or HTTPS according to your DSM connection configuration: ( https://www.synology.com/en-us/knowledgebase/tutorials/611 )
 
http://my_ds_alias.airdns.org:forwarded_port/webman/index.cgi
or
http://PUBLICIP ofAIRVPNSERVER:forwarded_port/webman/index.cgi
 
 
https://my_ds_alias.airdns.org:forwarded_port/webman/index.cgi
or
https://PUBLICIP ofAIRVPNSERVER:forwarded_port/webman/index.cgi
 
 
my_ds_alias= according to the service you want to access
forwarded_port= associated to your service
 
 
 
 
For instance :
HTTP ACCESS
http:// my_ds_aliashttp.airdns.org:XXX0/webman/index.cgi
or
http:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX0/webman/index.cgi
For instance :
HTTPS ACCESS
https:// my_ds_aliashttp.airdns.org:XXX1/webman/index.cgi
or
https:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX1/webman/index.cgi
 
For instance :
WEBSITE ACCESS
http:// my_ds_aliaswebsite.airdns.org:XXX2
or
http:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX2
For instance :
SECURE WEBSITE ACCESS
https:// my_ds_aliassecurewebsite.airdns.org:XXX3
or
https:// PUBLICIPOF AIRVPNSERVER.airdns.org:XXX3