Synology OpenVPN and iOS OpenVPN app

Post Reply
ernsmith
OpenVpn Newbie
Posts: 5
Joined: Tue Oct 22, 2019 6:06 pm

Synology OpenVPN and iOS OpenVPN app

Post by ernsmith » Tue Oct 22, 2019 7:00 pm

Hi
I have installed the Synology VPN server plugin to my NAS to enable me to connect to my home network securely whilst traveling
I filled in the various parts as guided and opened the port on my router, I created a specific VPN user and password and created the Synology OpenVPN config
There is then an ability to export the config from the server to import into the iOS app
the files are
ca_bundle.crt
ca.crt
VPNconfig.ovpn

I have edited the VPNconfig.ovpn with my ip address and shared it to iOS and imported to the OpenVPN iOS client. I added my username and password in the client and left the certificate area to none
So far so good - I flick the switch and connect to the nas and am able to browse my network as if I was at home
All great and working i think !!
My issue is the use of certificates - i am not using any. Only user name and password and content of the VPNconfig.ovpn - Is this safe or do I need to do anything else ?
I have tried to add either of the synology provided certificates after renaming them to ca.p12. They import but error and are not usable - do I need to worry about this or is the VPNconfig.ovpn file ok to use without the certificate files

the VPNconfig.ovpn file content as below
I have removed the certificate content sections

Basically I am happy to not use or try and use these cert files so long as the setup is secure without them
Thanks for your help

VPNconfig.ovpn
..............................................
dev tun
tls-client

remote YOUR_SERVER_IP 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2

reneg-sec 0

cipher AES-256-CBC

auth SHA1

auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----

</ca
...............................................................

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7131
Joined: Fri Jun 03, 2016 1:17 pm

Re: Synology OpenVPN and iOS OpenVPN app

Post by TinCanTech » Tue Oct 22, 2019 8:38 pm

It is highly recommended to use a full PKI.

You should try: https://github.com/TinCanTech/easy-rsa/releases

ernsmith
OpenVpn Newbie
Posts: 5
Joined: Tue Oct 22, 2019 6:06 pm

Re: Synology OpenVPN and iOS OpenVPN app

Post by ernsmith » Wed Oct 23, 2019 3:38 pm

TinCanTech wrote:
Tue Oct 22, 2019 8:38 pm
It is highly recommended to use a full PKI.

You should try: https://github.com/TinCanTech/easy-rsa/releases
Hi Thanks for the reply - Not heard of this and my brief look has not helped my understanding unfortunatly !
Are you saying that the current working configuration of the VPNconfig.ovpn with the username and password protection is insecure and I should not be using it ?

Regards

ernsmith
OpenVpn Newbie
Posts: 5
Joined: Tue Oct 22, 2019 6:06 pm

Re: Synology OpenVPN and iOS OpenVPN app

Post by ernsmith » Sun Nov 03, 2019 8:42 am

Hi
Has anyone got an update on this query
Is the import of the .ovpn file all I need to be secure in the openVPN ios app

Thanks

Joop
OpenVpn Newbie
Posts: 1
Joined: Mon Mar 23, 2020 3:26 pm

Re: Synology OpenVPN and iOS OpenVPN app

Post by Joop » Mon Mar 23, 2020 7:49 pm

Hi ernsmith,
I trying to get iOS access to my Synology NAS using OpenVPN as well. Did you find a working solution?

Many thanks!

Joop

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7131
Joined: Fri Jun 03, 2016 1:17 pm

Re: Synology OpenVPN and iOS OpenVPN app

Post by TinCanTech » Mon Mar 23, 2020 8:34 pm


Post Reply