Activate OpenVPN Client on a Synology with DSM 4.0 with Certificates

Aus Markus' Wiki
Version vom 26. Februar 2013, 15:55 Uhr von Markus (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things come a little complicated. Notably complicated if you want to work with a non user based passwordless authentication which works with key/certifcicate files.

I found this solution:

  • Create a dummy client profile. Pick an arbitrary user and an arbitrary password. Upload your ca.crt
  • Then activate SSH on the Synology
  • Then ssh into it as root (with the admin password)
  • cd int the following directory:
/usr/syno/etc/synovpnclient/openvpn
  • create a directory to hold your keys
/usr/syno/etc/synovpnclient/openvpn/keys
  • store the client's key and certificate (crt and key file) which you previously created by your certificate authority
  • edit the file named "client_xxxxxxxxx" to look like this:
client
dev tun
remote (your OpenVPN server) (port)
proto tcp-client
tls-client
remote-cert-tls server
ca (your previously uploaded ca.crt - Watch out, is has a different file name! ca_oxxxxxxxxxxx.crt)
cert keys/your_client's.crt
key keys/your_client's.key
script-security 2
#reneg-sec 0
#plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-down
comp-lzo
cipher (the one you are using on your OpenVPN server)
tls-cipher (the one you are using on your OpenVPN server)
This is just a sample, and you must make sure to consider the server settings.
  • Then go to the DSM's web configuration gui and click on "connect"