Synology OpenVPN and iOS OpenVPN app
Posted: Tue Oct 22, 2019 7:00 pm
Hi
I have installed the Synology VPN server plugin to my NAS to enable me to connect to my home network securely whilst traveling
I filled in the various parts as guided and opened the port on my router, I created a specific VPN user and password and created the Synology OpenVPN config
There is then an ability to export the config from the server to import into the iOS app
the files are
ca_bundle.crt
ca.crt
VPNconfig.ovpn
I have edited the VPNconfig.ovpn with my ip address and shared it to iOS and imported to the OpenVPN iOS client. I added my username and password in the client and left the certificate area to none
So far so good - I flick the switch and connect to the nas and am able to browse my network as if I was at home
All great and working i think !!
My issue is the use of certificates - i am not using any. Only user name and password and content of the VPNconfig.ovpn - Is this safe or do I need to do anything else ?
I have tried to add either of the synology provided certificates after renaming them to ca.p12. They import but error and are not usable - do I need to worry about this or is the VPNconfig.ovpn file ok to use without the certificate files
the VPNconfig.ovpn file content as below
I have removed the certificate content sections
Basically I am happy to not use or try and use these cert files so long as the setup is secure without them
Thanks for your help
VPNconfig.ovpn
..............................................
dev tun
tls-client
remote YOUR_SERVER_IP 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth SHA1
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
</ca
...............................................................
I have installed the Synology VPN server plugin to my NAS to enable me to connect to my home network securely whilst traveling
I filled in the various parts as guided and opened the port on my router, I created a specific VPN user and password and created the Synology OpenVPN config
There is then an ability to export the config from the server to import into the iOS app
the files are
ca_bundle.crt
ca.crt
VPNconfig.ovpn
I have edited the VPNconfig.ovpn with my ip address and shared it to iOS and imported to the OpenVPN iOS client. I added my username and password in the client and left the certificate area to none
So far so good - I flick the switch and connect to the nas and am able to browse my network as if I was at home
All great and working i think !!
My issue is the use of certificates - i am not using any. Only user name and password and content of the VPNconfig.ovpn - Is this safe or do I need to do anything else ?
I have tried to add either of the synology provided certificates after renaming them to ca.p12. They import but error and are not usable - do I need to worry about this or is the VPNconfig.ovpn file ok to use without the certificate files
the VPNconfig.ovpn file content as below
I have removed the certificate content sections
Basically I am happy to not use or try and use these cert files so long as the setup is secure without them
Thanks for your help
VPNconfig.ovpn
..............................................
dev tun
tls-client
remote YOUR_SERVER_IP 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth SHA1
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CONTENT REMOVED
-----END CERTIFICATE-----
</ca
...............................................................