Activate OpenVPN Client on a Synology with DSM 4.0 with Certificates
Aus Markus' Wiki
Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things come a little complicated. Notably complicated if you want to work with a non user based passwordless authentication which works with key/certifcicate files.
I found this solution:
- Create a dummy client profile. Pick an arbitrary user and an arbitrary password. Upload your ca.crt
- Then activate SSH on the Synology
- Then ssh into it as root (with the admin password)
- cd int the following directory:
/usr/syno/etc/synovpnclient/openvpn
- create a directory to hold your keys
/usr/syno/etc/synovpnclient/openvpn/keys
- store the client's key and certificate (crt and key file) which you previously created by your certificate authority
- edit the file named "client_xxxxxxxxx" to look like this:
client dev tun remote (your OpenVPN server) (port) proto tcp-client tls-client remote-cert-tls server ca (your previously uploaded ca.crt - Watch out, is has a different file name! ca_oxxxxxxxxxxx.crt) cert keys/your_client's.crt key keys/your_client's.key script-security 2 #reneg-sec 0 #plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-down comp-lzo cipher (the one you are using on your OpenVPN server) tls-cipher (the one you are using on your OpenVPN server)
- This is just a sample, and you must make sure to consider the server settings.
- Then go to the DSM's web configuration gui and click on "connect"