Hi,
I'm new to OpenVPN, I used PPTP before and seems to be a lot easier to configure but I like the idea of safer VPN connection, thats why I'm here. I'm have been searching around for the safest yet work for my situation with no avail.
My situation is simple. I have a Synology NAS that I like to access around the world securely over Internet...that's the only goal, I believe many user have the same thing on their mind.
As for Synology, nothing much you can do on the server side, you managed it through DSM with just options.
On the client side, this is my config :
========================================================================================
dev tun
tls-client
remote XX.XX.XXX.XXX 1194
auth-nocache
pull
route-nopull
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
========================================================================================
Status log showing :
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Options error: option 'route' cannot be used in this context
Options error: option 'route' cannot be used in this context
Options error: option 'route' cannot be used in this context
========================================================================================
My question :
1) How do you enabled server certificate verification method?
2) I read here that we need to use "route-nopull" so that Internet traffic not routed through VPN, but it gave me "Options error: option 'route' cannot be used in this context", what did I do wrong?
Any suggestion to make the connection more secure is REALLY APPRECIATED. Thank you.
OpenVPN Config for Client
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVPN Config for Client
1) You have to use certificates: http://openvpn.net/index.php/open-sourc ... o.html#pki
2) You don't need "route-nopull" in the client config. Just don't use on server config the 'push "redirect-gateway def1"'.
2) You don't need "route-nopull" in the client config. Just don't use on server config the 'push "redirect-gateway def1"'.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Dec 17, 2011 7:24 pm
Re: OpenVPN Config for Client
Thanks Mimiko, but how do you accomplish all this on a Synology Diskstation?It has OpenVPN support on its operating system, which I believe Unix based...however I used web GUI.Mimiko wrote:1) You have to use certificates: http://openvpn.net/index.php/open-sourc ... o.html#pki
2) You don't need "route-nopull" in the client config. Just don't use on server config the 'push "redirect-gateway def1"'.
It export the ca.crt certificate to the root, and Synology manual stated just to copy this certificate to the client config.
I can edit the client config, however I'm lost here in editing the server config.
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVPN Config for Client
"ca.crt" is the server's certificate that you have to indicate in the client's config. Read the manuals on how to use this file: http://openvpn.net/index.php/open-sourc ... l#examples
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVPN Config for Client
You must ask at Synology team for help on editing more options for OpenVPN. Its theirs implementation of OpenVPN.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Jul 07, 2012 8:39 pm
Re: OpenVPN Config for Client
Did you ever find a solution for this, its driving my insane?
As per the Synology instructions I copy the cert into the openvpn folder in programs. you click install and it asks you to find a certificate store and when you do it says install successful. But its actually not been installed correctly. WTF, talk about a waste of a day never to be seen again.
Any ideas appreciated.
As per the Synology instructions I copy the cert into the openvpn folder in programs. you click install and it asks you to find a certificate store and when you do it says install successful. But its actually not been installed correctly. WTF, talk about a waste of a day never to be seen again.
Any ideas appreciated.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Dec 29, 2012 11:43 pm
Re: OpenVPN Config for Client
this post written by mike beach looks pretty straight forward
http://mikebeach.org/2012/04/27/openvpn ... windows-7/
did you guys try this?
http://mikebeach.org/2012/04/27/openvpn ... windows-7/
did you guys try this?