OpenVPN Server Synology DS - Client Teltonika RUT 955
Posted: Mon Nov 04, 2019 10:44 pm
Hello, probably someone will just snap his fingers and say "What a fool ...".
My issue: I have configured the standard OpenVPN server on my Synology DiskStation. Port forwarding on my Fritzbox is active, I have a static public IP4-adress, the Synology has a static local IP. I have made VPN connections using LTE/4G-mobile networks from my Mac (Tunnelblick app), my iPhone and my iPad (OpenVPN app) while testing, so I know my VPN server is working.
Today I tried to configure my Teltonika router RUT 955. I spend some time to set it up, I spend more time with the Wiki provided by Teltonika and on several forums and blogs. Nice learning, but I could not solve my setup issue.
The standard settings of the OpenVPN server of the Synology simply do not match with the settings options of the RUT 955. The Synology exports 3 files when the server setup is done: VPNConfig.ovpn (in which some modifications are necessary, which I have done), ca.crt (a certificate) and a README.txt. On Mac and iDevices I could just import them, and the setup was done. In addition to the setup files I just enter a user + password that is registered on my Synology, with the rights of access to the directories and files I want to see.
The router asks for this settings in the OpenVPN client setup, and although there are options to import files, they do not match the output from the DS:
Enable: CHECKED
TUN/TAP: TUN
Protocol: UDP
Port: 1194
LZO: CHECKED
Encryption: AES-256-CBC 256
Authentication: TLS
TLS cipher: All
Remote Host/IP address: <my static public IP adress>
Resolve retry: infinite
Keep alive: 10 120
Remote Network IP address: BLANK
Remote Network IP netmask: 255.255.255.0 (= default)
Extra options: NONE
HMAC authentication algorithm: SHA1 (default)
Additional HMAC authentication: NOT CHECKED
Certificate authority: <Uploaded the ca.crt file>
Client certificate: NO FILE
Client key: <Uploaded the VPNConfig.ovpn file>
Private key decryption password (optional): BLANK
These are the settings in my routers client window. Beside that the upload of files do not match, there seems to be no fields for the User + PW I need to enter the Synology. This has to happen automatically, because the RUT955 will be at a remote location. I will send a SMS with a code to the mobile phone number of the SIM in the router, and this will cause the router to set up a VPN connection to the server. It needs the access data preset to do that.
The router does create a log somewhere, but to access it I have to dig into some SSH magic, which I need to figure out how to do. On the routers GUI the log seems to be hidden. Router Firmware is updated to the latest available release (August 2019).
The VPN config file from the Synology reads like this:
dev tun
tls-client
remote xxx.xxx.xxx.xxx 1194 (xxx.xxx.xxx.xxx = my static public IP4)
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxx ...
-----END CERTIFICATE-----
</ca>
It would already help if somebody could post a sample setting of a working VPN client for an OpenVPN connection to a Synology VPN Server.
My issue: I have configured the standard OpenVPN server on my Synology DiskStation. Port forwarding on my Fritzbox is active, I have a static public IP4-adress, the Synology has a static local IP. I have made VPN connections using LTE/4G-mobile networks from my Mac (Tunnelblick app), my iPhone and my iPad (OpenVPN app) while testing, so I know my VPN server is working.
Today I tried to configure my Teltonika router RUT 955. I spend some time to set it up, I spend more time with the Wiki provided by Teltonika and on several forums and blogs. Nice learning, but I could not solve my setup issue.
The standard settings of the OpenVPN server of the Synology simply do not match with the settings options of the RUT 955. The Synology exports 3 files when the server setup is done: VPNConfig.ovpn (in which some modifications are necessary, which I have done), ca.crt (a certificate) and a README.txt. On Mac and iDevices I could just import them, and the setup was done. In addition to the setup files I just enter a user + password that is registered on my Synology, with the rights of access to the directories and files I want to see.
The router asks for this settings in the OpenVPN client setup, and although there are options to import files, they do not match the output from the DS:
Enable: CHECKED
TUN/TAP: TUN
Protocol: UDP
Port: 1194
LZO: CHECKED
Encryption: AES-256-CBC 256
Authentication: TLS
TLS cipher: All
Remote Host/IP address: <my static public IP adress>
Resolve retry: infinite
Keep alive: 10 120
Remote Network IP address: BLANK
Remote Network IP netmask: 255.255.255.0 (= default)
Extra options: NONE
HMAC authentication algorithm: SHA1 (default)
Additional HMAC authentication: NOT CHECKED
Certificate authority: <Uploaded the ca.crt file>
Client certificate: NO FILE
Client key: <Uploaded the VPNConfig.ovpn file>
Private key decryption password (optional): BLANK
These are the settings in my routers client window. Beside that the upload of files do not match, there seems to be no fields for the User + PW I need to enter the Synology. This has to happen automatically, because the RUT955 will be at a remote location. I will send a SMS with a code to the mobile phone number of the SIM in the router, and this will cause the router to set up a VPN connection to the server. It needs the access data preset to do that.
The router does create a log somewhere, but to access it I have to dig into some SSH magic, which I need to figure out how to do. On the routers GUI the log seems to be hidden. Router Firmware is updated to the latest available release (August 2019).
The VPN config file from the Synology reads like this:
dev tun
tls-client
remote xxx.xxx.xxx.xxx 1194 (xxx.xxx.xxx.xxx = my static public IP4)
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxx ...
-----END CERTIFICATE-----
</ca>
It would already help if somebody could post a sample setting of a working VPN client for an OpenVPN connection to a Synology VPN Server.