Set up VPN server (synology) + openVPN

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Tobbe
OpenVpn Newbie
Posts: 9
Joined: Sat Sep 29, 2012 2:44 pm

Set up VPN server (synology) + openVPN

Post by Tobbe » Sat Jan 07, 2017 10:54 am

I want to connect to my NAS (synology) via openVPN. My synology act as a VPN server. I have followed the instructions from synology on how to set up VPN server and openVPN:

"Export configuration file from the OpenVPN tab on VPN Server. Unzip the exported file, which contains ca.crt, openvpn.ovpn, and README.txt.
Open openvpn.ovpn with a text editor and replace YOUR_SERVER_IP with the public IP address of your Synology NAS. If your Synology NAS is behind a router, replace YOUR_SERVER_IP with the router's IP address.
Put ca.crt and openvpn.ovpn into the config subdirectory under the OpenVPN directory (i.e. C:\Program Files\OpenVPN\config\).
Double click the OpenVPN GUI icon in the system tray."


Have replaced YOUR_SERVER_IP with "diskstation.synology.me" (my DDNS)

I have a certificate from Lets Encrypt for https connections (in my synology). Don't know if that interrrupts the process?
I have seen 3d party openVPN services around forums. Do I need that?

In the log of openVPN this happens when i try to connect:
"WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 07 10:30:09 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]myDDNSip
Sat Jan 07 10:30:09 2017 UDP link local (bound): [AF_INET][undef]:1194
Sat Jan 07 10:30:09 2017 UDP link remote: [AF_INET]myDDNSip:1194
Sat Jan 07 10:30:09 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 07 10:31:09 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jan 07 10:31:09 2017 TLS Error: TLS handshake failed"


Btw, how do I "use the auth-nocache option to prevent" caching passwords.
"No server certificate verification method has been enabled" - i thought that exporting the ca.crt from my synology to my desktops counted as a "verification method" ?

I appreciate all help I can get!

mwandelaar
OpenVPN Super User
Posts: 219
Joined: Mon Nov 23, 2009 8:24 pm

Re: Set up VPN server (synology) + openVPN

Post by mwandelaar » Sat Jan 07, 2017 12:45 pm

can you increase verbose level (verb 4 or verb 5) on both client and server?
Usually the verbose logfiles inform you about the reason why.

Can you post the config files?

Tobbe
OpenVpn Newbie
Posts: 9
Joined: Sat Sep 29, 2012 2:44 pm

Re: Set up VPN server (synology) + openVPN

Post by Tobbe » Sat Jan 07, 2017 3:17 pm

Sorry for being a newbie, but where and how do I increase verbose level?

dev tun
tls-client

remote my.synology.me 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2


comp-lzo

reneg-sec 0

auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Set up VPN server (synology) + openVPN

Post by TinCanTech » Sat Jan 07, 2017 3:18 pm

See --log & --verb in The Manual v23x

jokej
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 13, 2024 4:51 pm

Re: Set up VPN server (synology) + openVPN

Post by jokej » Wed Nov 13, 2024 5:01 pm

I was trying to enable openvpn on synology nas.
i encountered similar issues, and I managed to resolve the certificate verify failed or error message with Peer certificate verification failure.

I did 2 things:
1. I had to renew my synology security certificate in the settings (because mine was expired)

2. on the ovpn file generated by synology vpn server, I edited the file and updated with a line "client-cert-not-required" in the config file. (you may refer to this youtube video - https://www.youtube.com/watch?v=2gkbwxm72lE

you'll have to do step-1 first before generating the ovpn file (export settings) on vpn server to import the config to your client devices.

Hope this helps!
Cheers,
J

Post Reply