Activate OpenVPN Client on a Synology with DSM 4.0 with Certificates
Aus Markus' Wiki
Version vom 19. Februar 2013, 00:23 Uhr von Markus (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things co…“)
Synology DSM 4.0 upwards brings along an OpenVPN client. It supports authentication by login credentials. However when you operate with certificates, things come a little complicated. I found this solution:
- Create a dummy client profile. Pick an arbitrary user and an arbitrary password. Upload your ca.crt
- Then activate SSH on the Synology
- Then ssh into it as root (with the admin password)
- cd int the following directory:
/usr/syno/etc/synovpnclient/openvpn
- create a directory to hold your keys
/usr/syno/etc/synovpnclient/openvpn/keys
- edit the file named "client_xxxxxxxxx" to look like this:
client dev tun remote (your OpenVPN server) (port) proto tcp-client tls-client remote-cert-tls server ca (your previously uploaded ca.crt - Watch out, is has a different file name! ca_oxxxxxxxxxxx.crt) cert keys/your_client's.crt key keys/your_client's.key script-security 2 #reneg-sec 0 #plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-down comp-lzo cipher (the one you are using on your OpenVPN server) tls-cipher (the one you are using on your OpenVPN server)
- This is just a sample, and you must make sure to consider the server settings.
- Then go to the DSM's web configuration gui and click on "connect"