OpenVPN Config

Discussion room for Synology VPN package in DSM 3.1-1725 or above.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
KDM
I'm New!
I'm New!
Posts: 2
Joined: Tue Nov 07, 2017 9:30 am

OpenVPN Config

Postby KDM » Tue Dec 05, 2017 12:32 pm

I'm having trouble with my Synology Open VPN config and after weeks of researching I'm come to a dead end. I tried using these instructions but they failed https://forum.synology.com/enu/viewtopi ... 3&t=100066

Log file error

Code: Select all

Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:60887, sid=265d0303 fe9e1f12
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) OpenSSL: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS_ERROR: BIO read tls_read_plaintext error
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS Error: TLS object -> incoming plaintext read error
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) SYNO_ERR_CERT
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) TLS Error: TLS handshake failed
Sat Nov  4 19:28:02 2017 ::ffff:x.x.x.x(60887) SIGUSR1[soft,tls-error] received, client-instance restarting


Server config

Code: Select all

push "route 192.168.0.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management 127.0.0.1 63742
server 10.8.0.0 255.255.255.0
# The backup task will include this location
dh /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/dh2048.pem
ca /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/ca.crt
cert /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/server.crt
key /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/server.key
tls-auth /usr/syno/etc/packages/VPNCenter/openvpn/mykeys/ta.key 0
max-clients 5
comp-lzo
persist-tun
persist-key
verb 3
# Don't forget logrotate script
log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf

# KEEP THIS DISABLED
#client-cert-not-required

username-as-common-name
duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6
port 63742
cipher AES-256-CBC
auth SHA256


Client Config

Code: Select all

client
dev tun
proto udp
# Change <your-ip-or-hostname> to your IP or hostname
remote x.x.x.x 63742
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
auth-user-pass

cipher AES-256-CBC
auth SHA256
key-direction 1
# This is for using PKCS12 certs imported into Windows credential storage.
#cryptoapicert "THUMB:XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX"

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-auth>
## 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

Return to “VPN Server”

Who is online

Users browsing this forum: No registered users and 2 guests