Hi
I have installed the Synology VPN server plugin to my NAS to enable me to connect to my home network securely whilst traveling
I filled in the various parts as guided and opened the port on my router, I created a specific VPN user and password and created the Synology OpenVPN config
There is then an ability to export the config from the server to import into the iOS app
the files are
ca_bundle.crt
ca.crt
VPNconfig.ovpn
I have edited the VPNconfig.ovpn with my ip address and shared it to iOS and imported to the OpenVPN iOS client. I added my username and password in the client and left the certificate area to none
So far so good - I flick the switch and connect to the nas and am able to browse my network as if I was at home
All great and working i think !!
My issue is the use of certificates - i am not using any. Only user name and password and content of the VPNconfig.ovpn - Is this safe or do I need to do anything else ?
I have tried to add either of the synology provided certificates after renaming them to ca.p12. They import but error and are not usable - do I need to worry about this or is the VPNconfig.ovpn file ok to use without the certificate files
the VPNconfig.ovpn file content as below
I have removed the certificate content sections
Basically I am happy to not use or try and use these cert files so long as the setup is secure without them
Thanks for your help
VPNconfig.ovpn
..............................................
dev tun
tls-client
remote YOUR_SERVER_IP 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth SHA1
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
</ca
...............................................................
Synology OpenVPN and iOS OpenVPN app
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Oct 22, 2019 6:06 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Synology OpenVPN and iOS OpenVPN app
It is highly recommended to use a full PKI.
You should try: https://github.com/TinCanTech/easy-rsa/releases
You should try: https://github.com/TinCanTech/easy-rsa/releases
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Oct 22, 2019 6:06 pm
Re: Synology OpenVPN and iOS OpenVPN app
Hi Thanks for the reply - Not heard of this and my brief look has not helped my understanding unfortunatly !TinCanTech wrote: ↑Tue Oct 22, 2019 8:38 pmIt is highly recommended to use a full PKI.
You should try: https://github.com/TinCanTech/easy-rsa/releases
Are you saying that the current working configuration of the VPNconfig.ovpn with the username and password protection is insecure and I should not be using it ?
Regards
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Oct 22, 2019 6:06 pm
Re: Synology OpenVPN and iOS OpenVPN app
Hi
Has anyone got an update on this query
Is the import of the .ovpn file all I need to be secure in the openVPN ios app
Thanks
Has anyone got an update on this query
Is the import of the .ovpn file all I need to be secure in the openVPN ios app
Thanks
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Mar 23, 2020 3:26 pm
Re: Synology OpenVPN and iOS OpenVPN app
Hi ernsmith,
I trying to get iOS access to my Synology NAS using OpenVPN as well. Did you find a working solution?
Many thanks!
Joop
I trying to get iOS access to my Synology NAS using OpenVPN as well. Did you find a working solution?
Many thanks!
Joop
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm