QNAP version 4.2.1 broke my AirVPN client connection - Here's how I fixed it

[Caliban 4]

This is how I got AirVPN working on my QNAP NAS running 4.2.1 (which broke my old solution)

 

This very quick guide assumes you know how to do some things.  (Download configs, use SSH, copy and edit files via the command line, etc.)

 

This guide should also work for other VPN providers if you reason out which lines from their .ovpn file need to be used in Step 4.

 

1. Create and download your config (linux / seperate files) into a directory somewhere on your NAS.  (Mine are in /share/CACHEDEV1_DATA/homes/<user>/VPN)

 

2. Create an openVPN connection in the QNAP Control Panel UI - Put whatever you want for the info because we're going to replace it all in the config file.  It will make you import a ca.crt, so go ahead and do that just to get the connection created.

 

3. Go to /mnt/HDA_ROOT/.config/openvpn/clients and make a copy of client1  (cp client1 ./client1.orig)

 

4. Edit the contents of client1 so they look like this:

 

dev tun2001

proto udp

remote nl.vpn.airdns.org 53  <---- or whatever this line says in your generated .ovpn file 

client

nobind

persist-key

persist-tun

remote-cert-tls server

cipher AES-256-CBC

comp-lzo no

script-security 3

explicit-exit-notify 5

ca /share/CACHEDEV1_DATA/homes/<user>/VPN/ca.crt  <------ path to where YOUR file is

cert /share/CACHEDEV1_DATA/homes/<user>/VPN/user.crt  <------ path to where YOUR file is

key /share/CACHEDEV1_DATA/homes/<user>/VPN/user.key  <------ path to where YOUR file is

tls-auth /share/CACHEDEV1_DATA/homes/<user>/VPN/ta.key 1  <------ path to where YOUR file is

float

reneg-sec 0

writepid /var/run/openvpn.client1.pid

remap-usr1 SIGTERM

connect-retry-max 1

auth-retry nointeract

route-noexec

up /etc/openvpn/openvpn_up

down /etc/openvpn/openvpn_down

daemon openvpn-client

log-append /share/CACHEDEV1_DATA/homes/<user>/VPN/openvpn.log  <------ just for tshooting if there is a problem, otherwise I don't use this.

tls-exit

plugin /usr/lib/vpn_ext.so 1

 

5. Once you save the changes, try making the connection via the Control Panel UI.  Mine works, so if yours doesent there's still hope that you're close.  Once it's working, copy the client1 file to a safe location, such as where all your other connection files are from Step 1. 

 

Note: The updated client1 persists through reboots.  I don't know if an OS update would screw it up, but if so it would be a simple matter of copying the client1 file from it's backup location from Step 5.  It's always possible that QNAP will change the OpenVPN setup again someday and break this solution, but for now it seems to work.

 

There are ways you can set it up to automatically copy the working file into the needed location every reboot, but it does not seem to be neccesary for this solution.

 

 

-Doc

[erioao 0]

Hey Doc,

 

thanks for sharing this. I'm trying to configure my QNAP (4.2.0, not 4.2.1 as yours), but have the problem of not finding the `/mnt/HDA_ROOT/.config/openvpn/clients` dir. I've also looked everywhere else, but couldn't find it. (yes, I've created a VPN connection with sample data first).

Any idea on that?..

 

Thanks

- Konstantin

[kraymer 0]

Hi Erioao,

 

The instructions above weren't bad, but if you haven't found it already there was another post relating to Qnaps (I have a TS231) and the above didn't work, so I followed what was written by kradsith here:

 

http://forum.qnap.com/viewtopic.php?f=231&t=102248&hilit=vpn+client

 

Basically after SSHing to the Qnap do the following as they wrote:

 

1. Make a New folder someplace on your share. eg /share/Qmultimedia/vpn/

2. Edit the first part of the "/etc/init.d/vpn_openvpn_client.sh" file to this

 

#!/bin/sh

OPENVPN=/usr/sbin/openvpnclient
PIDFILE="/var/run/openvpn.client.pid"
OPENVPN_CONF_PATH="/etc/openvpn"
VPN_CONF="/etc/config/vpn.conf"
VPN_NUM="$2"
VPN_CLIENT="OPENVPN_CLIENT""${VPN_NUM}"
OPENVPN_CONF="/share/Qmultimedia/vpn/client""${VPN_NUM}"".ovpn"
MAX_VPN_INDEX="255"

 

I actually just changed mine to (specifying the .ovpn file in the OpenVPN_Conf variable)

 

OPENVPN=/usr/sbin/openvpnclient

PIDFILE="/var/run/openvpn.client.pid"

OPENVPN_CONF="/share/homes/AirVPN.ovpn"

OPENVPN_CONF_PATH="/etc/openvpn"

VPN_CONF="/etc/config/vpn.conf"

VPN_NUM="$2"

VPN_CLIENT="OPENVPN_CLIENT""${VPN_NUM}"

MAX_VPN_INDEX="255"

 

I also opted to not split the ovpn file (as in the thread referenced above on page 2 it doesn't matter), the <CA... etc just flows on>, you do need to make the entry in the VPN client on the QNAP, but as you have hardcoded the ovpn file what you put in there is mostly irrelevant.

 

# Air VPN | https://airvpn.org | Saturday 4th of June 2016 03:35:39 AM

# OpenVPN Client Configuration.

# AirVPN_CA-Vancouver_Cetus_UDP-2018

# --------------------------------------------------------

 

client

dev tun

script-security 3

proto udp

remote <serverIP> <port>

resolv-retry infinite

nobind

persist-key

persist-tun

remote-cert-tls server

cipher AES-256-CBC

comp-lzo no

route-delay 5

verb 3

explicit-exit-notify 5

reneg-sec 0

log-append /share/homes/openvpn.log

keepalive 10 60

writepid /var/run/openvpn.client.pid

up /etc/openvpn/openvpn_up

down /etc/openvpn/openvpn_down

 

<ca>

-----BEGIN CERTIFICATE-----

[DarkKman 2]

Basically after SSHing to the Qnap do the following as they wrote:

 

1. Make a New folder someplace on your share. eg /share/Qmultimedia/vpn/

2. Edit the first part of the "/etc/init.d/vpn_openvpn_client.sh" file to this

 

#!/bin/sh

OPENVPN=/usr/sbin/openvpnclient

PIDFILE="/var/run/openvpn.client.pid"

OPENVPN_CONF_PATH="/etc/openvpn"

VPN_CONF="/etc/config/vpn.conf"

VPN_NUM="$2"

VPN_CLIENT="OPENVPN_CLIENT""${VPN_NUM}"

OPENVPN_CONF="/share/Qmultimedia/vpn/client""${VPN_NUM}"".ovpn"

MAX_VPN_INDEX="255"

 

I actually just changed mine to (specifying the .ovpn file in the OpenVPN_Conf variable)

 

OPENVPN=/usr/sbin/openvpnclient

PIDFILE="/var/run/openvpn.client.pid"

OPENVPN_CONF="/share/homes/AirVPN.ovpn"

OPENVPN_CONF_PATH="/etc/openvpn"

VPN_CONF="/etc/config/vpn.conf"

VPN_NUM="$2"

VPN_CLIENT="OPENVPN_CLIENT""${VPN_NUM}"

MAX_VPN_INDEX="255"

Hey there... Does this work for you on 4.2.1? This USED to work for me before the last QNAP Firmware (4.2.1) but isn't working now. At the moment I just rolled back to 4.2.0 and this works fine. I'll try this again but will try out Doc's solution too.

[Caliban 4]

Sorry about abandoning this thread early on ... I was disgusted with QNAP and rolled back to 4.2 and the old way of doing things.

 

The reason I bailed on 4.2.1 is because, while my instructions in this post would get it to connect, there was a bug in how QNAP was routing VPN traffic (Basically, they weren't.) so despite being connected, no traffic was actually using the VPN.  They effectively left out the "redirect gateway" function.  Um, oops.

 

A note here is that the instructions for versions older than 4.2.1 are completely different.  4.2.1 saw a completely new implimentation of the OpenVPN client from QNAP.   That's why it had to be figured out from scratch again, but also why there are some conflicting instructions in this thread.  Prior to 4.2.1, everyhting was done differently.

 

Now 4.2.2 is out and supposedly fixes the routing bug.  That's great since I figured out how to get the connection itself to work .. should be a snap now, right?

 

HA HA HA!   Qnap is at it again ... now using the same method in my original post, which worked for establishing the connection to AirVPN, it now won't connect at all.  So that means that they changed more than just fixing the routing issue, which means I now get to figure out how it works all over again. 

 

Luckily my 4.2 install still works fine ... I didn't fall for the claim that 4.2.2 made thigns all better, and picked up an open box TS131 for $100 and am using that to figure this out before touching my real NAS.

 

-Doc

[reptilian_skin236 2]

Hi Caliban

Thanks for your instructions. I'm sure your method now works fine on 4.2.2 as I have it working, but just to clarify some of your great instructions I will add:

• Step 1 Airvpn config generator
  • choose OS Linux, choose required Servers
  • in section "3.Connection Mode" choose Advanced mode,
  • choose UDP443
  • tick "Seperate keys/certs from .ovpn file"
  • Generate
  • download zip file and extract and copy files to QNAP
• Step 2 In QNAP Control Panel UI VPN Client​
  • Create new openvpn entry
  • set server correctly
  • set UDP port to 443
  • tick "Use default gateway on remote network"
  • upload ca.crt you got from Airvpn

 

• Step 4 edit clientx file where x is a number eg client2

dev tun2002

proto udp

remote VPNSERVER.vpn.airdns.org 443

client

nobind

cipher AES-256-CBC

comp-lzo

cert /share/CACHEDEV1_DATA/homes/youruser/VPN/user.crt      <--- change to your path

key /share/CACHEDEV1_DATA/homes/youruser/VPN/user.key       <--- change to your path

tls-auth /share/CACHEDEV1_DATA/homes/youruser/VPN/ta.key 1  <--- change to your path

writepid /var/run/openvpn.client2.pid

reneg-sec 0

tls-cipher TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

tls-exit

remap-usr1 SIGTERM

connect-retry-max 1

auth-retry nointeract

resolv-retry infinite

route-noexec

auth-user-pass /etc/config/openvpn/clients/client2.auth

log-append /share/CACHEDEV1_DATA/homes/youruser/VPN/openvpn.log  <----- Log file "Initialization Sequence Completed" = good 

script-security 3

up /etc/openvpn/openvpn_up

down /etc/openvpn/openvpn_down

daemon openvpn-client

plugin /usr/lib/vpn_ext.so 2

 

I've tried this on 4.2.2 and it works fine, just upgrading qnap atm and will see how it behaves .This is how I checked it works:

1. I think it's a good idea to have a Linux station running or HD Desk station on the nas as you can open a browser on there and goto www.ipchicken.com or https://www.privateinternetaccess.com/pages/whats-my-ip/ (nice map shows you where you are supposed to be )to get your IP, this should be different to your ISP IP/DNS
2. Using the same method above goto https://www.iplocation.net too
3. traceroute a website e.g. traceroute airvpn.org, this will return hops that do not use your ISP servers.
4. Check Airvpn website Client Area --> Overview to see the connection
5. tail -f /share/CACHEDEV1_DATA/homes/youruser/VPN/openvpn.log "Initialization Sequence Completed" = good

Hope this helps someone. 

Once again thanks for your excellent post

[kyrusdemnati 1]

mines not working 

any update to this? connection failure

[gugis 0]

My problems with OpenVPN and Qnap sent me here:

I have TS-231 with 4.2.2 (updated 2.11.2016) and recently I've subscribed to nordVPN. They have setup for qnap here: https://support.nordvpn.com/hc/en-us/articles/206930719-QNAP-NAS-setup

 

I've followed setup exactly as it is described and couldn't connect to VPN because of "TLS handshake failed" problem. that was on UDP server. So searching someone said that problem could be due ISP not letting port 1194 out. So I tried with TCP with 443 port and also couldn't connect but now due "no route to the host".

 

Is that also due conflicting instructions or is it my problem elsewhere? also does nordVPN setup works for airvpn and vice versa?

[Blizzaro 0]

I have a ts-459p+ running 4.2.3

 

I followed reptilian_skin236's guide almost exactly except the path to my certs etc was /share/homes/*YOURUSERNAMEHERE*/VPN/*YOURSTUFFHERE.FILENAME*

It worked perfectly and solved my issue.

 

I spent far to long messing about getting this working before I tried this because I was unsure of vim but after spending 5 minutes on youtube learning how to insert, save, and quit. I feel much more comfortable with the nas.

[goosevpn 0]

Gah.  I've been trying all night to get this to work.  I tried following reptilian_skin236's instructions, and according to my reading of the openvpn log, it *looks* like the client is connected, but when i traceroute to airvpn.org on my QNAP, I see that traffic is in fact being routed through my ISP and not AirVPN.    Can someone shed some light on why that might be?  My QNAP firmware is 4.2.4. and my config and logs are as follows:

 

dev tun2002

proto udp

remote america.vpn.airdns.org 443

client

nobind

cipher AES-256-CBC

comp-lzo

ca /share/CACHEDEV1_DATA/homes/bob/AirVPN/ca.crt

cert /share/CACHEDEV1_DATA/homes/bob/AirVPN/user.crt

key /share/CACHEDEV1_DATA/homes/bob/AirVPN/user.key

tls-auth /share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key 1

writepid /var/run/openvpn.client1.pid

reneg-sec 0

tls-cipher TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

tls-exit

remap-usr1 SIGTERM

connect-retry-max 1

auth-retry nointeract

resolv-retry infinite

route-noexec

auth-user-pass /etc/config/openvpn/clients/client1.auth

log-append /etc/config/openvpn/openvpn.log

script-security 3

up /etc/openvpn/openvpn_up

down /etc/openvpn/openvpn_down

daemon openvpn-client

plugin /usr/lib/vpn_ext.so 1

 

 

Thu Apr  6 00:14:18 2017 OpenVPN 2.3.6 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 13 2017

Thu Apr  6 00:14:18 2017 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.05

Thu Apr  6 00:14:18 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr  6 00:14:18 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Thu Apr  6 00:14:18 2017 UDPv4 link local: [undef]

Thu Apr  6 00:14:18 2017 UDPv4 link remote: [AF_INET]184.75.221.202:443

Thu Apr  6 00:15:06 2017 event_wait : Interrupted system call (code=4)

Thu Apr  6 00:15:06 2017 SIGTERM[hard,] received, process exiting

Thu Apr  6 00:47:12 2017 OpenVPN 2.3.6 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 13 2017

Thu Apr  6 00:47:12 2017 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.05

Thu Apr  6 00:47:12 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr  6 00:47:12 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Thu Apr  6 00:47:12 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/user.key' is group or others accessible

Thu Apr  6 00:47:12 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' is group or others accessible

Thu Apr  6 00:47:12 2017 Control Channel Authentication: using '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' as a OpenVPN static key file

Thu Apr  6 00:47:12 2017 UDPv4 link local: [undef]

Thu Apr  6 00:47:12 2017 UDPv4 link remote: [AF_INET]71.19.251.247:443

Thu Apr  6 00:47:12 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Thu Apr  6 00:47:29 2017 [server] Peer Connection Initiated with [AF_INET]71.19.251.247:443

Thu Apr  6 00:47:31 2017 TUN/TAP device tun2002 opened

Thu Apr  6 00:47:31 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Thu Apr  6 00:47:31 2017 /sbin/ifconfig tun2002 10.4.17.90 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255

Thu Apr  6 00:47:31 2017 /etc/openvpn/openvpn_up tun2002 1500 1558 10.4.17.90 255.255.0.0 init

Thu Apr  6 00:47:31 2017 Initialization Sequence Completed

Thu Apr  6 00:48:01 2017 event_wait : Interrupted system call (code=4)

Thu Apr  6 00:48:01 2017 /sbin/ifconfig tun2002 0.0.0.0

Thu Apr  6 00:48:01 2017 /etc/openvpn/openvpn_down tun2002 1500 1558 10.4.17.90 255.255.0.0 init

Thu Apr  6 00:48:02 2017 SIGTERM[hard,] received, process exiting

Thu Apr  6 00:48:17 2017 OpenVPN 2.3.6 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 13 2017

Thu Apr  6 00:48:17 2017 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.05

Thu Apr  6 00:48:17 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr  6 00:48:17 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Thu Apr  6 00:48:17 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/user.key' is group or others accessible

Thu Apr  6 00:48:17 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' is group or others accessible

Thu Apr  6 00:48:17 2017 Control Channel Authentication: using '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' as a OpenVPN static key file

Thu Apr  6 00:48:17 2017 UDPv4 link local: [undef]

Thu Apr  6 00:48:17 2017 UDPv4 link remote: [AF_INET]71.19.251.247:443

Thu Apr  6 00:48:17 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Thu Apr  6 00:48:23 2017 [server] Peer Connection Initiated with [AF_INET]71.19.251.247:443

Thu Apr  6 00:48:26 2017 TUN/TAP device tun2002 opened

Thu Apr  6 00:48:26 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Thu Apr  6 00:48:26 2017 /sbin/ifconfig tun2002 10.4.17.90 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255

Thu Apr  6 00:48:26 2017 /etc/openvpn/openvpn_up tun2002 1500 1558 10.4.17.90 255.255.0.0 init

Thu Apr  6 00:48:26 2017 Initialization Sequence Completed

[Caliban 4]

QNAP support has been telling me that this will be fixed in the next firmware update for almost a year now.  Updates come and go and it's not fixed.  I even spoon-fed them how to fix it.   

 

Switched back to Synology a few months ago and am perfectly happy again.  The QNAP is keeping dust off of a patch of shelf space in the utility closet.  If they ever fix this I may fire it up again.  Until then.... I can't be bothered to use it any more than they can be bothered to fix it.

 

-Doc

Gah.  I've been trying all night to get this to work.

[kyrusdemnati 1]

anyone got a fix for this on 4.3.3 latest firmware please

it hangs on connecting

[rogueleader 0]

I don't have any issues with connecting, but can anyone tell me how to set up persistence in case the VPN goes down or the QNAP NAS gets rebooted?

[bitbrain 0]

 

Gah.  I've been trying all night to get this to work.  I tried following reptilian_skin236's instructions, and according to my reading of the openvpn log, it *looks* like the client is connected, but when i traceroute to airvpn.org on my QNAP, I see that traffic is in fact being routed through my ISP and not AirVPN.    Can someone shed some light on why that might be?  My QNAP firmware is 4.2.4. and my config and logs are as follows:

 

dev tun2002

proto udp

remote america.vpn.airdns.org 443

client

nobind

cipher AES-256-CBC

comp-lzo

ca /share/CACHEDEV1_DATA/homes/bob/AirVPN/ca.crt

cert /share/CACHEDEV1_DATA/homes/bob/AirVPN/user.crt

key /share/CACHEDEV1_DATA/homes/bob/AirVPN/user.key

tls-auth /share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key 1

writepid /var/run/openvpn.client1.pid

reneg-sec 0

tls-cipher TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

tls-exit

remap-usr1 SIGTERM

connect-retry-max 1

auth-retry nointeract

resolv-retry infinite

route-noexec

auth-user-pass /etc/config/openvpn/clients/client1.auth

log-append /etc/config/openvpn/openvpn.log

script-security 3

up /etc/openvpn/openvpn_up

down /etc/openvpn/openvpn_down

daemon openvpn-client

plugin /usr/lib/vpn_ext.so 1

 

 

Thu Apr  6 00:14:18 2017 OpenVPN 2.3.6 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 13 2017

Thu Apr  6 00:14:18 2017 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.05

Thu Apr  6 00:14:18 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr  6 00:14:18 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Thu Apr  6 00:14:18 2017 UDPv4 link local: [undef]

Thu Apr  6 00:14:18 2017 UDPv4 link remote: [AF_INET]184.75.221.202:443

Thu Apr  6 00:15:06 2017 event_wait : Interrupted system call (code=4)

Thu Apr  6 00:15:06 2017 SIGTERM[hard,] received, process exiting

Thu Apr  6 00:47:12 2017 OpenVPN 2.3.6 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 13 2017

Thu Apr  6 00:47:12 2017 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.05

Thu Apr  6 00:47:12 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr  6 00:47:12 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Thu Apr  6 00:47:12 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/user.key' is group or others accessible

Thu Apr  6 00:47:12 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' is group or others accessible

Thu Apr  6 00:47:12 2017 Control Channel Authentication: using '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' as a OpenVPN static key file

Thu Apr  6 00:47:12 2017 UDPv4 link local: [undef]

Thu Apr  6 00:47:12 2017 UDPv4 link remote: [AF_INET]71.19.251.247:443

Thu Apr  6 00:47:12 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Thu Apr  6 00:47:29 2017 [server] Peer Connection Initiated with [AF_INET]71.19.251.247:443

Thu Apr  6 00:47:31 2017 TUN/TAP device tun2002 opened

Thu Apr  6 00:47:31 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Thu Apr  6 00:47:31 2017 /sbin/ifconfig tun2002 10.4.17.90 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255

Thu Apr  6 00:47:31 2017 /etc/openvpn/openvpn_up tun2002 1500 1558 10.4.17.90 255.255.0.0 init

Thu Apr  6 00:47:31 2017 Initialization Sequence Completed

Thu Apr  6 00:48:01 2017 event_wait : Interrupted system call (code=4)

Thu Apr  6 00:48:01 2017 /sbin/ifconfig tun2002 0.0.0.0

Thu Apr  6 00:48:01 2017 /etc/openvpn/openvpn_down tun2002 1500 1558 10.4.17.90 255.255.0.0 init

Thu Apr  6 00:48:02 2017 SIGTERM[hard,] received, process exiting

Thu Apr  6 00:48:17 2017 OpenVPN 2.3.6 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Mar 13 2017

Thu Apr  6 00:48:17 2017 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.05

Thu Apr  6 00:48:17 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr  6 00:48:17 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Thu Apr  6 00:48:17 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/user.key' is group or others accessible

Thu Apr  6 00:48:17 2017 WARNING: file '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' is group or others accessible

Thu Apr  6 00:48:17 2017 Control Channel Authentication: using '/share/CACHEDEV1_DATA/homes/bob/AirVPN/ta.key' as a OpenVPN static key file

Thu Apr  6 00:48:17 2017 UDPv4 link local: [undef]

Thu Apr  6 00:48:17 2017 UDPv4 link remote: [AF_INET]71.19.251.247:443

Thu Apr  6 00:48:17 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Thu Apr  6 00:48:23 2017 [server] Peer Connection Initiated with [AF_INET]71.19.251.247:443

Thu Apr  6 00:48:26 2017 TUN/TAP device tun2002 opened

Thu Apr  6 00:48:26 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Thu Apr  6 00:48:26 2017 /sbin/ifconfig tun2002 10.4.17.90 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255

Thu Apr  6 00:48:26 2017 /etc/openvpn/openvpn_up tun2002 1500 1558 10.4.17.90 255.255.0.0 init

Thu Apr  6 00:48:26 2017 Initialization Sequence Completed

 

You've probably moved on from your issue at this point.  But in case you haven't, I think we might be in the same situation.

 

Try viewing all the interfaces you have on your QNAP:

% netstat -r

 

You should see "eth0" and "tun2002"

I believe the problem is that all commands and apps we run on QNAP by default are routed through "eth0".  If you route through the VPN interface, you will use AirVPN.

 

Try these two commands.  The website tells you which IP you are coming from:

curl --interface eth0  http://checkip.dyndns.org

curl --interface tun2002  http://checkip.dyndns.org

 

I've been looking for an easy way to bind all Download Manager traffic to "tun2002", but haven't found one yet

If I monkey around with iptables, I'm pretty sure I can route only torrent traffic through AirVPN.  But that's certainly not easy (for me).

If I can route ALL QNAP traffic through the VPN, that might be ok too.