OpenVPN Server Synology DS - Client Teltonika RUT 955

This is where we can discuss what we would like to see added or changed in OpenVPN.
Post Reply
FastSync
OpenVpn Newbie
Posts: 1
Joined: Mon Nov 04, 2019 9:55 pm

OpenVPN Server Synology DS - Client Teltonika RUT 955

Post by FastSync » Mon Nov 04, 2019 10:44 pm

Hello, probably someone will just snap his fingers and say "What a fool ...".

My issue: I have configured the standard OpenVPN server on my Synology DiskStation. Port forwarding on my Fritzbox is active, I have a static public IP4-adress, the Synology has a static local IP. I have made VPN connections using LTE/4G-mobile networks from my Mac (Tunnelblick app), my iPhone and my iPad (OpenVPN app) while testing, so I know my VPN server is working.

Today I tried to configure my Teltonika router RUT 955. I spend some time to set it up, I spend more time with the Wiki provided by Teltonika and on several forums and blogs. Nice learning, but I could not solve my setup issue.

The standard settings of the OpenVPN server of the Synology simply do not match with the settings options of the RUT 955. The Synology exports 3 files when the server setup is done: VPNConfig.ovpn (in which some modifications are necessary, which I have done), ca.crt (a certificate) and a README.txt. On Mac and iDevices I could just import them, and the setup was done. In addition to the setup files I just enter a user + password that is registered on my Synology, with the rights of access to the directories and files I want to see.

The router asks for this settings in the OpenVPN client setup, and although there are options to import files, they do not match the output from the DS:

Enable: CHECKED
TUN/TAP: TUN
Protocol: UDP
Port: 1194
LZO: CHECKED
Encryption: AES-256-CBC 256
Authentication: TLS
TLS cipher: All
Remote Host/IP address: <my static public IP adress>
Resolve retry: infinite
Keep alive: 10 120
Remote Network IP address: BLANK
Remote Network IP netmask: 255.255.255.0 (= default)
Extra options: NONE
HMAC authentication algorithm: SHA1 (default)
Additional HMAC authentication: NOT CHECKED
Certificate authority: <Uploaded the ca.crt file>
Client certificate: NO FILE
Client key: <Uploaded the VPNConfig.ovpn file>
Private key decryption password (optional): BLANK

These are the settings in my routers client window. Beside that the upload of files do not match, there seems to be no fields for the User + PW I need to enter the Synology. This has to happen automatically, because the RUT955 will be at a remote location. I will send a SMS with a code to the mobile phone number of the SIM in the router, and this will cause the router to set up a VPN connection to the server. It needs the access data preset to do that.

The router does create a log somewhere, but to access it I have to dig into some SSH magic, which I need to figure out how to do. On the routers GUI the log seems to be hidden. Router Firmware is updated to the latest available release (August 2019).


The VPN config file from the Synology reads like this:

dev tun
tls-client

remote xxx.xxx.xxx.xxx 1194 (xxx.xxx.xxx.xxx = my static public IP4)

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2

comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxx ...
-----END CERTIFICATE-----

</ca>


It would already help if somebody could post a sample setting of a working VPN client for an OpenVPN connection to a Synology VPN Server.

vytautas
OpenVpn Newbie
Posts: 1
Joined: Thu Nov 07, 2019 5:41 am

Re: OpenVPN Server Synology DS - Client Teltonika RUT 955

Post by vytautas » Thu Nov 07, 2019 5:56 am

Hi,

As I understand, you have a "ovpn" configuration file from Synology device, correct?
If so try following:

First of all, update routers firmware to the latest one without keep settings: https://wiki.teltonika.lt/view/RUT9xx_Firmware
After update connect to the RUT955 via WinSCP:

File protocol: SCP
Hostname: routers LAN IP, by default 192.168.1.1
User name: root
Password: current routers admin password

After connecting add file VPNConfig.ovpn to /etc/openvpn/

Then connect to RUT955 via SSH and use this command: openvpn --config /etc/openvpn/VPNConfig.ovpn and router should connect to OpenVPN server as a client.

Note.: OpenVPN connection will be up as long as command openvpn --config /etc/openvpn/vpnconfig.ovpn will run if you want to stop OpenVPN on rut simple close SSH connection or use CTRL + C in SSH.

Does this help?

prisonmike
OpenVpn Newbie
Posts: 1
Joined: Thu Nov 07, 2019 6:20 am

Re: OpenVPN Server Synology DS - Client Teltonika RUT 955

Post by prisonmike » Thu Nov 07, 2019 6:31 am

Hey,
I noticed that Synology drive generated only ca.crt file in addition to .ovpn.
Did you try switching authentication option to password? RUT955 then lets you upload .crt file and enter your servers username and password.

EDIT: regarding the logs, you can check them by running command via ssh
logread -f | grep openvpn

Run this command before starting OpenVPN instance

simsasss
OpenVpn Newbie
Posts: 1
Joined: Thu Nov 07, 2019 5:50 am

Re: OpenVPN Server Synology DS - Client Teltonika RUT 955

Post by simsasss » Thu Nov 07, 2019 7:28 am

Hello,
there is few things that I see.

Because you are using auth-user-pass you should select Authentication:TLS/password in RUT955.
Do NOT upload configuration file to client key. Client key: <Uploaded the VPNConfig.ovpn file>. Leave it empty.
Change your hash algo at: HMAC authentication algorithm - SHA512
Then you should add redirect-gateway def1 to Extra options.

To see openvpn log as mentioned above you can use Putty or WinSCP or other app that can do SSH connections. It's not hard to get it working.

Post Reply