Activate OpenVPN Client on a Synology with DSM 4.0 with Certificates
Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things come a little complicated. Notably complicated if you want to work with a non user based passwordless authentication which works with key/certifcicate files.
I found this solution:
- Create a dummy client profile. Pick an arbitrary user and an arbitrary password. Upload your ca.crt
- Then activate SSH on the Synology
- Then ssh into it as root (with the admin password)
- cd int the following directory:
- create a directory to hold your keys
- store the client's key and certificate (crt and key file) which you previously created by your certificate authority
- edit the file named "client_xxxxxxxxx" to look like this:
client dev tun remote (your OpenVPN server) (port) proto tcp-client tls-client remote-cert-tls server ca (your previously uploaded ca.crt - Watch out, is has a different file name! ca_oxxxxxxxxxxx.crt) cert keys/your_client's.crt key keys/your_client's.key script-security 2 #reneg-sec 0 #plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-down comp-lzo cipher (the one you are using on your OpenVPN server) tls-cipher (the one you are using on your OpenVPN server)
- This is just a sample, and you must make sure to consider the server settings.
- Then go to the DSM's web configuration gui and click on "connect"