OpenVPN Config for Client

[smallnet]

Hi,

I'm new to OpenVPN, I used PPTP before and seems to be a lot easier to configure but I like the idea of safer VPN connection, thats why I'm here. I'm have been searching around for the safest yet work for my situation with no avail.

My situation is simple. I have a Synology NAS that I like to access around the world securely over Internet...that's the only goal, I believe many user have the same thing on their mind.

As for Synology, nothing much you can do on the server side, you managed it through DSM with just options.

On the client side, this is my config :
========================================================================================
dev tun
tls-client

remote XX.XX.XXX.XXX 1194

auth-nocache

pull

route-nopull

proto udp
script-security 2

ca ca.crt

comp-lzo

reneg-sec 0

auth-user-pass
========================================================================================

Status log showing :

WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Options error: option 'route' cannot be used in this context
Options error: option 'route' cannot be used in this context
Options error: option 'route' cannot be used in this context

========================================================================================

My question :

1) How do you enabled server certificate verification method?
2) I read here that we need to use "route-nopull" so that Internet traffic not routed through VPN, but it gave me "Options error: option 'route' cannot be used in this context", what did I do wrong?

Any suggestion to make the connection more secure is REALLY APPRECIATED. Thank you.

[Mimiko]

1) You have to use certificates: http://openvpn.net/index.php/open-sourc ... o.html#pki
2) You don't need "route-nopull" in the client config. Just don't use on server config the 'push "redirect-gateway def1"'.

[smallnet]

1) You have to use certificates: http://openvpn.net/index.php/open-sourc ... o.html#pki
2) You don't need "route-nopull" in the client config. Just don't use on server config the 'push "redirect-gateway def1"'.

Thanks Mimiko, but how do you accomplish all this on a Synology Diskstation?It has OpenVPN support on its operating system, which I believe Unix based...however I used web GUI.



It export the ca.crt certificate to the root, and Synology manual stated just to copy this certificate to the client config.

I can edit the client config, however I'm lost here in editing the server config.

[Mimiko]

"ca.crt" is the server's certificate that you have to indicate in the client's config. Read the manuals on how to use this file: http://openvpn.net/index.php/open-sourc ... l#examples

[Mimiko]

You must ask at Synology team for help on editing more options for OpenVPN. Its theirs implementation of OpenVPN.

[Juice370]

Did you ever find a solution for this, its driving my insane?

As per the Synology instructions I copy the cert into the openvpn folder in programs. you click install and it asks you to find a certificate store and when you do it says install successful. But its actually not been installed correctly. WTF, talk about a waste of a day never to be seen again.

Any ideas appreciated.

[falconsfire]

this post written by mike beach looks pretty straight forward
http://mikebeach.org/2012/04/27/openvpn ... windows-7/
did you guys try this?