I want to connect to my NAS (synology) via openVPN. My synology act as a VPN server. I have followed the instructions from synology on how to set up VPN server and openVPN:
"Export configuration file from the OpenVPN tab on VPN Server. Unzip the exported file, which contains ca.crt, openvpn.ovpn, and README.txt.
Open openvpn.ovpn with a text editor and replace YOUR_SERVER_IP with the public IP address of your Synology NAS. If your Synology NAS is behind a router, replace YOUR_SERVER_IP with the router's IP address.
Put ca.crt and openvpn.ovpn into the config subdirectory under the OpenVPN directory (i.e. C:\Program Files\OpenVPN\config\).
Double click the OpenVPN GUI icon in the system tray."
Have replaced YOUR_SERVER_IP with "diskstation.synology.me" (my DDNS)
I have a certificate from Lets Encrypt for https connections (in my synology). Don't know if that interrrupts the process?
I have seen 3d party openVPN services around forums. Do I need that?
In the log of openVPN this happens when i try to connect:
"WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 07 10:30:09 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]myDDNSip
Sat Jan 07 10:30:09 2017 UDP link local (bound): [AF_INET][undef]:1194
Sat Jan 07 10:30:09 2017 UDP link remote: [AF_INET]myDDNSip:1194
Sat Jan 07 10:30:09 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 07 10:31:09 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jan 07 10:31:09 2017 TLS Error: TLS handshake failed"
Btw, how do I "use the auth-nocache option to prevent" caching passwords.
"No server certificate verification method has been enabled" - i thought that exporting the ca.crt from my synology to my desktops counted as a "verification method" ?
I appreciate all help I can get!
Set up VPN server (synology) + openVPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sat Sep 29, 2012 2:44 pm
-
- OpenVPN Super User
- Posts: 219
- Joined: Mon Nov 23, 2009 8:24 pm
Re: Set up VPN server (synology) + openVPN
can you increase verbose level (verb 4 or verb 5) on both client and server?
Usually the verbose logfiles inform you about the reason why.
Can you post the config files?
Usually the verbose logfiles inform you about the reason why.
Can you post the config files?
-
- OpenVpn Newbie
- Posts: 9
- Joined: Sat Sep 29, 2012 2:44 pm
Re: Set up VPN server (synology) + openVPN
Sorry for being a newbie, but where and how do I increase verbose level?
dev tun
tls-client
remote my.synology.me 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
dev tun
tls-client
remote my.synology.me 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Set up VPN server (synology) + openVPN
See --log & --verb in The Manual v23x
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Nov 13, 2024 4:51 pm
Re: Set up VPN server (synology) + openVPN
I was trying to enable openvpn on synology nas.
i encountered similar issues, and I managed to resolve the certificate verify failed or error message with Peer certificate verification failure.
I did 2 things:
1. I had to renew my synology security certificate in the settings (because mine was expired)
2. on the ovpn file generated by synology vpn server, I edited the file and updated with a line "client-cert-not-required" in the config file. (you may refer to this youtube video - https://www.youtube.com/watch?v=2gkbwxm72lE
you'll have to do step-1 first before generating the ovpn file (export settings) on vpn server to import the config to your client devices.
Hope this helps!
Cheers,
J
i encountered similar issues, and I managed to resolve the certificate verify failed or error message with Peer certificate verification failure.
I did 2 things:
1. I had to renew my synology security certificate in the settings (because mine was expired)
2. on the ovpn file generated by synology vpn server, I edited the file and updated with a line "client-cert-not-required" in the config file. (you may refer to this youtube video - https://www.youtube.com/watch?v=2gkbwxm72lE
you'll have to do step-1 first before generating the ovpn file (export settings) on vpn server to import the config to your client devices.
Hope this helps!
Cheers,
J