OpenVPN Config

Discussion room for Synology VPN package in DSM 3.1-1725 or above.
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
KDM
I'm New!
I'm New!
Posts: 2
Joined: Tue Nov 07, 2017 9:30 am

OpenVPN Config

Unread post by KDM » Tue Dec 05, 2017 12:32 pm

I'm having trouble with my Synology Open VPN config and after weeks of researching I'm come to a dead end. I tried using these instructions but they failed https://forum.synology.com/enu/viewtopi ... 3&t=100066

Log file error

Code: Select all

Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:60887, sid=265d0303 fe9e1f12
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) OpenSSL: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS_ERROR: BIO read tls_read_plaintext error
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS Error: TLS object -> incoming plaintext read error
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) SYNO_ERR_CERT
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS Error: TLS handshake failed
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) SIGUSR1[soft,tls-error] received, client-instance restarting
Server config

Code: Select all

push "route 192.168.0.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management 127.0.0.1 63742 
server 10.8.0.0 255.255.255.0
# The backup task will include this location
dh /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/dh2048.pem
ca /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/ca.crt
cert /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/server.crt
key /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/server.key
tls-auth /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/ta.key 0
max-clients 5
comp-lzo
persist-tun
persist-key
verb 3
# Don't forget logrotate script
log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf

# KEEP THIS DISABLED
#client-cert-not-required

username-as-common-name
duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6
port 63742
cipher AES-256-CBC
auth SHA256
Client Config

Code: Select all

client
dev tun
proto udp
# Change <your-ip-or-hostname> to your IP or hostname
remote x.x.x.x 63742
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
auth-user-pass

cipher AES-256-CBC
auth SHA256
key-direction 1
# This is for using PKCS12 certs imported into Windows credential storage.
#cryptoapicert "THUMB:XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX"

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-auth>
## 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

Locked

Return to “VPN Server”