OpenVPN server config file location?

Discussion room for Synology VPN package in DSM 3.1-1725 or above.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://account.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
coffee.isgood
Trainee
Trainee
Posts: 18
Joined: Fri Apr 11, 2014 2:31 pm

OpenVPN server config file location?

Postby coffee.isgood » Mon Oct 16, 2017 2:33 pm

I am interested in modifying some parameters used by the OpenVPN server running on my DS212j (DSM 5.2-5967 Update 4). Does anyone know the location of the config file I need to modify? For the life of me I cannot locate it. I have modified the server config file in the following location:

/var/packages/VPNCenter/etc/openvpn

But this did not seem to do anything. Specifically, I am attempting to change the "cipher" parameter. I add matching lines on both the client and server side config files, but I am not modifying the correct server file because whenever I attempt to connect, the log on the client side tells me the server side is using a different cipher than the one I defined in the config file.

This post: https://forum.synology.com/enu/viewtopic.php?f=173&t=134919&p=498037&hilit=openvpn#p498037 seems to indicate that Synology is behind in updating their OpenVPN version. Am I correct in believing that the version of OpenVPN installed on my NAS is 1.2-2456? That is what Package Center is telling me with DSM. Is it possible to manually update this to v2.4?
User avatar
Rusty1281
Seeker
Seeker
Posts: 1760
Joined: Fri Jun 03, 2011 10:51 pm

Re: OpenVPN server config file location?

Postby Rusty1281 » Mon Oct 16, 2017 2:56 pm

try here:

Code: Select all

/volume1/@appstore/VPNCenter/etc/openvpn
Synology DS412+ (4x3TB WD red - RAID 5) | Synology DS211j (2x2TB WD green - RAID1) | RT1900AC
coffee.isgood
Trainee
Trainee
Posts: 18
Joined: Fri Apr 11, 2014 2:31 pm

Re: OpenVPN server config file location?

Postby coffee.isgood » Mon Oct 16, 2017 2:59 pm

Thanks! I will give this a shot tonight and report back. Any thoughts on updating the version of OpenVPN?
MMD
Versed
Versed
Posts: 293
Joined: Fri Oct 10, 2014 5:53 pm

Re: OpenVPN server config file location?

Postby MMD » Mon Oct 16, 2017 5:44 pm

The correct path is:

Code: Select all

/usr/syno/etc/packages/VPNCenter/openvpn

;)
coffee.isgood
Trainee
Trainee
Posts: 18
Joined: Fri Apr 11, 2014 2:31 pm

Re: OpenVPN server config file location?

Postby coffee.isgood » Mon Oct 16, 2017 6:28 pm

I can confirm that this path did not work:
/volume1/@appstore/VPNCenter/etc/openvpn

Thank you, MMD, for your suggestion. I will try that next and report back.
coffee.isgood
Trainee
Trainee
Posts: 18
Joined: Fri Apr 11, 2014 2:31 pm

Re: OpenVPN server config file location?

Postby coffee.isgood » Tue Oct 17, 2017 2:11 pm

I tried modifying the file at this path as well:

/usr/syno/etc/packages/VPNCenter/openvpn

and I am still experiencing the same issue. Does it matter where in the file I add my cipher line? I have been adding to the very bottom of the config file, but perhaps it needs to be closer to the top?
coffee.isgood
Trainee
Trainee
Posts: 18
Joined: Fri Apr 11, 2014 2:31 pm

Re: OpenVPN server config file location?

Postby coffee.isgood » Fri Oct 20, 2017 4:33 am

For those interested:

In all of my previous attempts, I have been modifying this file: openvpn.conf

Tonight I realized that in the directory /volume1/@appstore/VPNCenter/etc/openvpn/ there is also a file called server.conf

Upon opening this file I realized it looked closer to the examples I have been seeing on the OpenVPN website. I added my cipher line to *this* file and will test tomorrow.
coffee.isgood
Trainee
Trainee
Posts: 18
Joined: Fri Apr 11, 2014 2:31 pm

Re: OpenVPN server config file location?

Postby coffee.isgood » Fri Oct 20, 2017 1:55 pm

Alas, this did not make any difference either. I now have the following three files updated to contain the line 'cipher AES-256-CBC'

/var/packages/VPNCenter/etc/openvpn/openvpn.conf
/volume1/@appstore/VPNCenter/etc/openvpn/openvpn.conf
/volume1/@appstore/VPNCenter/etc/openvpn/server.conf

I was sure to add the same line to my client config file. However, upon attempting to connect from my client, I always receive a warning that there is a mismatch between the ciphers in use. The log states that the local machine is using 256, while the server is using something else. Is there yet *another* file I need to modify somewhere?
MMD
Versed
Versed
Posts: 293
Joined: Fri Oct 10, 2014 5:53 pm

Re: OpenVPN server config file location?

Postby MMD » Fri Oct 20, 2017 2:16 pm

The warning is pretty clear, use the same cipher on server and all clients.
Don`t forget restart after modification.

The correct path on the NAS is already given.
coffee.isgood
Trainee
Trainee
Posts: 18
Joined: Fri Apr 11, 2014 2:31 pm

Re: OpenVPN server config file location?

Postby coffee.isgood » Fri Oct 20, 2017 3:07 pm

AHA! A simple restart of the server was all that it took. My apologies for not trying that sooner. I am not accustomed to having to restart Linux-based systems. My warning is gone and both client and server are now in agreement on the cipher they are using. THANK YOU.
tproko
Novice
Novice
Posts: 45
Joined: Sun Jun 11, 2017 8:58 am

Re: OpenVPN server config file location?

Postby tproko » Sat Oct 21, 2017 6:57 am

Restarting the package VPN Server would be enough.
No need to restart the NAS
dwightery
I'm New!
I'm New!
Posts: 2
Joined: Tue Dec 06, 2016 7:08 pm

Re: OpenVPN server config file location?

Postby dwightery » Thu Dec 07, 2017 6:12 am

quick update ...

I had found a setting in the VPN settings under "General". i had bound both eth0 & eth1 on my synology to "bond0", creating a bonded interface (2 x 1gbps), and in the VPN settings, it had previously been associated/on "eth0". Set this to bond0, but still no joy.

Looking at this other post open OpenVPN:
https://superuser.com/questions/756362/ ... test-fails

I end up editing on my synology, the file :
terra> vi /var/packages/VPNCenter/etc/openvpn/openvpn.conf

and, at teh top of the file


push "route 10.8.0.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"
dev tun
........


I added the bolded line, then restart the OpenVPN server. Once I had this on there, when I bring up the VPN connection on my mac, the route for 192.168.10.0 is shown automatically, though the gateway address is 10.8.0.5 (the vpn address on the client side), not 10.8.0.1 (the vpn server side ip address). In any case, it seems to be working without any intervention on my part. Hope this helps someone out there.

dwight
MMD
Versed
Versed
Posts: 293
Joined: Fri Oct 10, 2014 5:53 pm

Re: OpenVPN server config file location?

Postby MMD » Thu Dec 07, 2017 10:26 am

You shouldn`t have to put the bolded line in there, it should be set when you tick "Allow clients to access server LAN".
bond0 is the right interface in your case, DSM should pick it up automagically when you created the bond.
The gateway address 10.8.0.5 is because Synology`s OpenVPN config (still) still uses deprecated net30 topology.

Return to “VPN Server”

Who is online

Users browsing this forum: No registered users and 1 guest