Synology OpenVPN and iOS OpenVPN app

[ernsmith]

Hi
I have installed the Synology VPN server plugin to my NAS to enable me to connect to my home network securely whilst traveling
I filled in the various parts as guided and opened the port on my router, I created a specific VPN user and password and created the Synology OpenVPN config
There is then an ability to export the config from the server to import into the iOS app
the files are
ca_bundle.crt
ca.crt
VPNconfig.ovpn

I have edited the VPNconfig.ovpn with my ip address and shared it to iOS and imported to the OpenVPN iOS client. I added my username and password in the client and left the certificate area to none
So far so good - I flick the switch and connect to the nas and am able to browse my network as if I was at home
All great and working i think !!
My issue is the use of certificates - i am not using any. Only user name and password and content of the VPNconfig.ovpn - Is this safe or do I need to do anything else ?
I have tried to add either of the synology provided certificates after renaming them to ca.p12. They import but error and are not usable - do I need to worry about this or is the VPNconfig.ovpn file ok to use without the certificate files

the VPNconfig.ovpn file content as below
I have removed the certificate content sections

Basically I am happy to not use or try and use these cert files so long as the setup is secure without them
Thanks for your help

VPNconfig.ovpn
..............................................
dev tun
tls-client

remote YOUR_SERVER_IP 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2

reneg-sec 0

cipher AES-256-CBC

auth SHA1

auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----

</ca
...............................................................

[TinCanTech]

It is highly recommended to use a full PKI.

You should try: https://github.com/TinCanTech/easy-rsa/releases

[ernsmith]

It is highly recommended to use a full PKI.

You should try: https://github.com/TinCanTech/easy-rsa/releases

Hi Thanks for the reply - Not heard of this and my brief look has not helped my understanding unfortunatly !
Are you saying that the current working configuration of the VPNconfig.ovpn with the username and password protection is insecure and I should not be using it ?

Regards

[ernsmith]

Hi
Has anyone got an update on this query
Is the import of the .ovpn file all I need to be secure in the openVPN ios app

Thanks

[Joop]

Hi ernsmith,
I trying to get iOS access to my Synology NAS using OpenVPN as well. Did you find a working solution?

Many thanks!

Joop

[TinCanTech]

viewtopic.php?f=30&t=22603