OpenVPN

Recommended

This is the tutorial on how to set up your Synology NAS based on DiskStation Manager (DSM) 5.1 version. The instructions were made for connection to the Swedish #3 server. Special thanks to @davmojo for providing these instructions.

1. Login to your Synology NAS control panel.


SynologyOpenVPN1

2. Go to Control Panel.


SynologyOpenVPN2

3. Go to Network.


SynologyOpenVPN3

4. Create a new VPN Profile.


SynologyOpenVPN4

5. Choose OpenVPN option.


SynologyOpenVPN5

6. Download the latest CA certificates from this link and extract the package.

7. Return to your web browser and enter the following details:

Profile Name – choose any name you like;
Server Address – the VPNexpress server hostname or IP address;
User name – your VPNexpress  username;
Password – your VPNexpress  password;
Port – 1194 (recommended);
Protocol – UDP (recommended);
Cerificate – go to the folder where you have extracted the CA certificates and select the corresponding CA certificate to the server you will use.

Click Next.


SynologyOpenVPN7

8. On the Advanced settings screen – enable all the options.


SynologyOpenVPN8

9. Click Apply and you will return to the Network Interface list.


SynologyOpenVPN9

10. If you click the VPN Profile you have just created and click connect you will see the following error in red.


SynologyOpenVPN10

 

11. You will now need to manually edit the OpenVPN profile on your Synology NAS. To do so you need to SSH as root.
Firstly enable SSH from the Terminal & SNMP option.


SynologyOpenVPN11
12. Now open your favorite terminal/ssh program (Mac OSX Terminal shown here) and type:


ssh [email protected](ip of your synology).
The root password is the password of your administrator user (you may have changed it when initializing your NAS).


SynologyOpenVPN12

13. Now you need to change directories. Type and then press enter at the end of the line:
cd /usr/syno/etc/synovpnclient/openvpn
ls -al

In the screenshot below you see three files:
– ca_.crt is the certificate you have uploaded (ca.crt);
– client_ is the file containing the OpenVPN configuration;
– ovpnclient.conf contains the Synology setup for OpenVPN connections.
SynologyOpenVPN13

14. You need to create a new file which contains the tls-auth key.
Using vi is the easiest way to do this. Type: (replace with the actual connection id)
vi tls_auth_.key


SynologyOpenVPN14

15. Return to the directory where you have extracted CA certificates. You can also see the TLS-AUTH.key files there. Select the corresponding TLS-AUTH.key file to the server you are setting up the connection with and open it with a text editor program. Copy all the text in the file.

16. Open the terminal window again. Press A and then paste the text you have copied from the TLS-auth.key file. It should look similar to the text below.


SynologyOpenVPN16

17. Press Escape and then type :wq


SynologyOpenVPN17

18. If you would list the content of the directory using ls -al command you should see something similar to the image below.


SynologyOpenVPN18

19. Now you need to finish the client_(connection_id) file. Using vi open the file and add the following (note: remember to replace the TLS-AUTH.key file with the name of the keyfile you have created earlier):

# _ _ ___ ______ _ _
# | | | ___ _ __ __| / / _ | | |
# | | |/ _ | ‘__/ _` | / /| |_) | | |
# | | | (_) | | | (_| | V / | __/| | |
# |_| _|___/|_| __,_| _/ |_| |_| _|
#
cipher AES-256-CBC
remote-cert-tls server
tls-auth tls_auth_o1430912123.key 1
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
# uncomment to log
# log-append /volume1/tmp/VPNexpress.log

It should look similar to the image below.


SynologyOpenVPN19

20. Save the file by pressing Escape, typing :wq

21. Return to your web browser window. Click Connect and you will see the Connecting sign. Please wait for up to 2 minutes.


SynologyOpenVPN21

22. If everything is done properly you will be connected to VPN.


SynologyOpenVPN22

23. To disconnect simply click on Disconnect button in the Synology Network list.