[HOW-TO] Connect to OpenVPN server with Android apps

Discussion room for Synology VPN package in DSM 3.1-1725 or above.
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
Petrovski
I'm New!
I'm New!
Posts: 3
Joined: Tue Jul 09, 2013 8:39 pm

[HOW-TO] Connect to OpenVPN server with Android apps

Postby Petrovski » Tue Feb 04, 2014 1:59 pm

Thought I'd share how I solved the issues I had while setting up a VPN connection from my Android smartphone to my Synology. I'll describe how to get it working with 2 OpenVPN apps available in the Google Play Store: "OpenVPN Connect" and "OpenVPN for Android". Both apps did not work 'out of the box' for me.

OpenVPN Connect (official OpenVPN app by OpenVPN)
Play Store URL: https://play.google.com/store/apps/deta ... pn.openvpn

- Install VPN server package on your Diskstation using Synology's guide: http://www.synology.com/en-uk/support/t ... s/459#t3.2
- Enable the OpenVPN server using default settings
- Export the OpenVPN configuration provided by the button "Export configuration"
- Navigate to control panel > DSM Settings > tab "certificate" > "Export certificate"
- Make sure a Diskstation user has OpenVPN privileges (I created a dedicated user for this, but that's optional)
- Check the port forwarding and firewall settings on your DiskStation and router to make sure the UDP port 1194 is open
- From the exported OpenVPN configuration, open openvpn.ovpn with a text editor
- Edit the openvpn.ovpn file according to the readme.txt provided (remote settings, etc.)
- Edit openvpn.ovpn by adding three sections to it: <cert></cert>, <key></key>, <ca></ca>
- Unzip the archive with exported certificates from DSM settings
- Open the file server.crt with a text editor, copy the key found inside to the <cert> section in openvpn.ovpn
- Open the file ca.key with a text editor, copy the key found inside to the <key> section in openvpn.ovpn
- Open the file ca.crt with a text editor, copy the key found inside to the <ca> section in openvpn.ovpn
- The result will look like this:

<cert>
-----BEGIN CERTIFICATE-----
key string here
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
key string here
-----END RSA PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
key string here
-----END CERTIFICATE-----
</ca>

- Save the file openvpn.ovpn
- Transfer it to the internal memory or sdcard of your phone
- Install the OpenVPN Connect app from the Google Play Store
- Open the app, touch the settings icon, choose Import > Import Profile from SD card
- Navigate to the file openvpn.ovpn, select it, touch Select
- Fill in the username and password of the Diskstation user with OpenVPN privileges (optionally save the password, less secure)
- Touch Connect
- You should now have a working VPN connection to your Diskstation!


OpenVPN for Android (by Arne Schwabe)
Play Store URL: https://play.google.com/store/apps/deta ... kt.openvpn

- Install VPN server package on your Diskstation using Synology's guide: http://www.synology.com/en-uk/support/t ... s/459#t3.2
- Enable the OpenVPN server using default settings
- Export the OpenVPN configuration provided by the button "Export configuration"
- Make sure a Diskstation user has OpenVPN privileges (I created a dedicated user for this, but that's optional)
- Check the port forwarding and firewall settings on your DiskStation and router to make sure the UDP port 1194 is open
- From the exported OpenVPN configuration, open openvpn.ovpn with a text editor
- Edit the openvpn.ovpn file according to the readme.txt provided (remote settings, etc.)
- Save the file openvpn.ovpn
- Transfer openvpn.ovpn and ca.crt to the internal memory or sdcard of your phone
- Install the OpenVPN for Android app from the Google Play Store
- Open the app, touch the + icon on the bottom left of the screen to add a profile
- Touch "Basic"
-- Enter profile name and server address (server address should be equal to the address you entered for the openvpn.ovpn "remote" entry)
-- Set type to Username/Password
-- Touch the Select button for CA Certificate
-- Navigate to the file ca.crt, select it and touch the Select button
-- Fill in the username and password of the Diskstation user with OpenVPN privileges
-- Touch the back softkey or button of your phone
- Touch "IP and DNS"
-- Check Override DNS settings by Server (needed since Syno's OpenVPN server implementation currently does not properly push the DNS servers, the DNS servers suggested by the app are Google's public DNS servers)
-- Touch the back softkey or button of your phone
- Touch "Authentication/Encryption"
-- Uncheck Expect TLS server certificate
-- Touch the back softkey or button of your phone twice to return to the app's Profiles overview page
- Touch your profile's name to connect (the icon with the sliders on the right allows to edit the profile)
- You should now have a working VPN connection to your Diskstation!
tony.w
Apprentice
Apprentice
Posts: 86
Joined: Sat Feb 22, 2014 7:57 am

Re: [HOW-TO] Connect to OpenVPN server with Android apps

Postby tony.w » Wed Apr 12, 2017 10:07 pm

Thanks for posting. I'm finding OpenVPN really difficult to setup on my Android phone and tablet. If Synology folks are reading this, a feature request is for the Export Configuration function to export a .ovpn file that is ready to go. It seems the DS has all the information it needs so why not populate the .ovpn file with everything it needs? The Export Configuration partly does this and inserts the string from the CA certificate. It would be much simpler if the .ovpn file was ready to use.
tarpanet
I'm New!
I'm New!
Posts: 2
Joined: Mon Jan 30, 2017 11:21 pm

Re: [HOW-TO] Connect to OpenVPN server with Android apps

Postby tarpanet » Mon May 08, 2017 12:12 pm

After reading the instructional post above, and finally getting OpenVPN to work, it looks like Synology's changed some things a bit, from the above post's details (Now in 2017). For instance, within the generated VPNConfig.ovpn file, the <ca>, </ca> block is automatically populated. Also, the certificate file names appear to have changed in format a bit.

Now that I understand what's what, it's now easy for me to configure.
Note 1) As of this post, I'm running DSM 6.1.1-15101 Update 1

Note 2) I edit the .ovpn file on a ChromeBox, using the "Caret" text editor. As I understand it, if you edit the file in
Windows, you'd then have to use the 'tr' command in Linux to fix it, due to the way Windows handles line feeds.

In DSM, once you've configured OpenVPN, export its configuration (.zip), and export the certificate (.zip) that you want to use (from Control Panel/Security/Certificates/Export), There's only 3 files among the contents of the 2 .zip files, that you need to concern yourself with. 1) VPNConfig.ovpn, 2) cert.pem, & 3) privkey.pem. Here's how I do it...

a) Open the VPNConfig.ovpn file in the Caret text editor, and make the usual necessary modifications.

b) Below the </ca> tag, add 4 new tags;
<cert>
</cert>
<key>
</key>

c) Open the cert.pem file in the text editor, select all, then copy/paste the contents between the 'cert' tags in the
.ovpn file.

d) Open the privkey.pem file in the text editor, select all, then copy/paste the contents between the 'key' tags in the
.ovpn file.

e) "Save As" the VPConfig.ovpn file to a different name. Then copy it to my Android phone, Open the 'OpenVPN
Connect' app, import the .ovpn file --- and it works.

- Done-

Return to “VPN Server”

Who is online

Users browsing this forum: No registered users and 2 guests