OpenVPN in VPN Center doesn't generate client certificate

An update to DSM3.1 enhancing support for AirPlay, mobile Apps, and VPN Center Package.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:

https://account.synology.com/support/su ... p?lang=enu



2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
tawalker
Novice
Novice
Posts: 46
Joined: Tue Nov 23, 2010 2:50 pm

OpenVPN in VPN Center doesn't generate client certificate

Unread post by tawalker » Wed May 25, 2011 11:52 pm

I'm beta-testing VPN Center with DiskStation Manager 3.1 (1725), and am in the process of setting up my Ubuntu-based netbook to access it. I'd prefer to use OpenVPN rather than PPTP for this, but the OpenVPN plugin for Ubuntu's "network-manager" app is requesting a "client certificate" and a "private key" in its setup dialogue box, and the VPN Center's "export configuration" option doesn't provide these (only the server certificate).

I am not very experienced with setting up VPNs, so this may simply be my ignorance :wink: How can I find the missing items, or would you suggest simply going with PPTP?

Many thanks,
Tim.
DS110J ("tenchi") with Seagate Barracuda "green" 5900rpm 2TB drive

antoiney
Synology Inc
Synology Inc
Posts: 767
Joined: Thu Jun 18, 2009 3:41 am

Re: OpenVPN in VPN Center doesn't generate client certificat

Unread post by antoiney » Thu May 26, 2011 5:34 am

Greetings tawalker,

The export configuration option provides "ca.crt" and "openvpn.ovpn". I'm not sure whether those client certificates are absolutely necessary in terms of setting up a OpenVPN connection for Ubuntu. However, an quiet easy way to get this solved is to retrieve "ca.crt" and "openvpn.ovpn" from the Synology NAS and upload both files into /etc/openvpn/ on Ubuntu.

Edit "openvpn.ovpn", and fill out the IP address you need to setup the OpenVPN connection for Ubuntu beforehand. You can then execute a command line "sudo openvpn /etc/openvpn/openvpn.ovpn" to dial up the OpenVPN server.

I have tested with a Ubuntu 9.10 PC in advance.

FYR.

Regards,
Antoine
**Please do not Private Message me for support questions; leave it on the forum so all members can learn. Thanks!**
Library ~ SynologyWiki ~ Synology FAQ ~ Compatibility Lists
Forum Links ~ Forum Policy ~ 3rd-party forums ~ Help us help you ~ Posting Images
Demo Links ~ DSM GUI ~ Photo Station
Downloads ~ Firmware Downloads ~ Beta Program
Support ~ Support Form ~ Submit Kernel Log ~ Synology eNews

tawalker
Novice
Novice
Posts: 46
Joined: Tue Nov 23, 2010 2:50 pm

Re: OpenVPN in VPN Center doesn't generate client certificat

Unread post by tawalker » Thu May 26, 2011 11:29 am

Thanks Antoine - I will give this a try :)

One suggestion: I think it would be really useful to have a wiki page (or something like that) with a HOWTO for VPN Center. Whilst I have a reasonable amount of experience with networking and Linux, I have never set up a VPN before, even though I know why I would want it for home use.

I have found the OpenVPN HOWTO, and will look through it shortly; however, it would be useful to have some more documentation on VPN Center-specific topics (e.g. what else do I need to do, to access my DS110j's services remotely over the VPN).

Also: am I correct in thinking that VPN Center provides a routed VPN with OpenVPN, rather than a bridged one?

I think I need to do some serious reading about VPNs... :roll:

Many thanks,
Tim.
DS110J ("tenchi") with Seagate Barracuda "green" 5900rpm 2TB drive

tawalker
Novice
Novice
Posts: 46
Joined: Tue Nov 23, 2010 2:50 pm

Re: OpenVPN in VPN Center doesn't generate client certificat

Unread post by tawalker » Thu May 26, 2011 1:33 pm

I have looked again at the network-manager applet in Ubuntu (which has the OpenVPN plugin installed), and I think I have worked out how to set it up with the configuration files from VPN Center.

What confused me, is that I was trying to do so with the "Authentication type" setting in the "new connection dialogue box, set as "Certificates (TLS)". This assumes that you have a full set of certificate and key files (server and user certs, private key) for password-less authentication; the VPN Center offers password-based authentication, combined with a server certificate.

To set up OpenVPN client access from Ubuntu (via network-manager) to VPN Center, it appears that you have to do the following:
  • Left-click on the Network Manager in the notification panel, and choose "VPN Connections/Configure VPN...".
  • Select "Add".
  • Select "OpenVPN" as the VPN connection type. (If you can't see this, ensure you have installed the network-manager-openvpn package.)
  • Fill out the settings, and set the "Type" drop-down list under "Authentication" (on the "VPN" tab) to "Password". This way, you only need to provide the username, password and server certificate file.
I can't test this out yet, as I need to open UDP port 1194 on my home router. I also don't know if the contents of the "openvpn.ovpn" file are needed (or how I enter them into Network Manager if they are), but I'll try it out and come back here later if I have further news.

Tim
DS110J ("tenchi") with Seagate Barracuda "green" 5900rpm 2TB drive

Post Reply

Return to “DiskStation Manager 3.1 - 1725”