Activate OpenVPN Client on a Synology with DSM 4.0 with Certificates: Unterschied zwischen den Versionen
Aus Markus' Wiki
Markus (Diskussion | Beiträge) |
Markus (Diskussion | Beiträge) |
||
Zeile 1: | Zeile 1: | ||
− | Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things come a little complicated. I found this solution: | + | Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things come a little complicated. Notably complicated if you want to work with a non user based passwordless authentication which works with key/certifcicate files. |
+ | |||
+ | I found this solution: | ||
* Create a dummy client profile. Pick an arbitrary user and an arbitrary password. Upload your ca.crt | * Create a dummy client profile. Pick an arbitrary user and an arbitrary password. Upload your ca.crt |
Aktuelle Version vom 26. Februar 2013, 16:55 Uhr
Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things come a little complicated. Notably complicated if you want to work with a non user based passwordless authentication which works with key/certifcicate files.
I found this solution:
- Create a dummy client profile. Pick an arbitrary user and an arbitrary password. Upload your ca.crt
- Then activate SSH on the Synology
- Then ssh into it as root (with the admin password)
- cd int the following directory:
/usr/syno/etc/synovpnclient/openvpn
- create a directory to hold your keys
/usr/syno/etc/synovpnclient/openvpn/keys
- store the client's key and certificate (crt and key file) which you previously created by your certificate authority
- edit the file named "client_xxxxxxxxx" to look like this:
client dev tun remote (your OpenVPN server) (port) proto tcp-client tls-client remote-cert-tls server ca (your previously uploaded ca.crt - Watch out, is has a different file name! ca_oxxxxxxxxxxx.crt) cert keys/your_client's.crt key keys/your_client's.key script-security 2 #reneg-sec 0 #plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-down comp-lzo cipher (the one you are using on your OpenVPN server) tls-cipher (the one you are using on your OpenVPN server)
- This is just a sample, and you must make sure to consider the server settings.
- Then go to the DSM's web configuration gui and click on "connect"