Setup An OpenVPN Server On A Synology NAS Running DSM 7
Вставка
- Опубліковано 16 лип 2024
- This video covers setting up OpenVPN on a Synology NAS Running DSM 7.
The video topics include:
• Creating a user specifically for the OpenVPN connection.
• Installing the VPN Server package and configuring OpenVPN.
• Setting up DDNS and port forwarding to enable access to OpenVPN running on a Synology NAS.
• Setting up OpenVPN clients on both a Windows 10 and MacOS system to access the Synology NAS OpenVPN server.
===
SUPPORT THIS CHANNEL
• Buy Me a Coffee - www.buymeacoffee.com/digitala...
• PrivadoVPN - privadovpn.com/#a_aid=digital...
Synology NAS Models I use and recommend (Amazon Affiliate Links)
• Synology 2 Bay NAS DS220+ - amzn.to/3oYkARI
• Synology 2 Bay NAS DS720+ - amzn.to/3sGdjbl
• Synology 4 Bay NAS DS920+ - amzn.to/3EpyOBR
===
In the video I mentioned or referenced the following link:
• Enable Remote Access To Your Synology NAS Running DSM 7 With DDNS And Port Forwarding - • Enable Remote Access T...
• OpenVPN GUI client - openvpn.net/index.php/open-sou...
• OpenVPN Connect VPN Client - openvpn.net/vpn-client/
• How to make the app work with profiles that lack a client certificate/key? - openvpn.net/faq/how-to-make-t...
Timecodes
0:00 | Introduction
0:35 | Create An Account For The OpenVPN Connection
0:58 | Install VPN Server And Overview of VPN Service
2:28 | Setup OpenVPN Server
4:45 | Setup DDNS For OpenVPN
5:46 | Manual Port Forwarding To Access OpenVPN Server
6:09 | Setup Windows 10 To Access OpenVPN Server
7:17 | Full Tunnel and Split Tunnel Explained
8:03 | Setup Windows 10 To Access OpenVPN Server - Continued
9:23 | OpenVPN Connect Client Recommended For MacOS
9:58 | Setup MacOS To Access OpenVPN Server
11:46 | Closing
#synology #dsm7 #openvpn #ddns #portforwarding
This is by far, for my situation in any case, the best tutorial to finally be able to reach my NAS from my iPhone while being away! Especially with the details in configuring the OpenVPN config file with DDNS!!! Thank you so much for this tutorial!!!
You're welcome... Glad to hear that the video was helpful in your setup!!
Finally solved my problem on how to set up an OpenVPN connection to my NAS. I sincerely thank you, mate. The only thing missing, I guess, in this video is how to set up a mapped drive on a remote computer. However, I had already done that part before, so it wasn't a problem for me.
You're welcome!! Glad the video was helpful in getting your OpenVPN connection working properly.
@@digital_alohaPlease help me. 🙏Recently, I changed my ISP and tried this again. An error occurred saying,
"TLS Error: TLS key negotitation failed to occur within 60 seconds (check network connectivity)
TSL Error: TLS handshake failed"
I checked and enabled 'Use TLS 1.0', 'Use TLS 1.1',' and Use TLS 1.2' from my Internet Properties > Advance Setting.
However, I am still getting the error, do you have any suggestions? Thanks in advance. :)
I too am surprised you do not have subs. You are brilliant as a teacher. Thank you so much. I can't get quickconnect to work because of certificates but this will be perfect. Thank you again!
Hi Radha, You're welcome and I appreciate the compliment. I'm hoping my videos cover the topics I cover in an approachable and detailed way and comments like yours makes me think I'm on the right track. Thanks so much!!
This has to be the best Synology content/tutorials ANYWHERE. Your video playlists have saved me countless hours of hunting down information through forums and Synology's own help desk. THANK YOU VERY MUCH. Wow. Seriously.
@bringyourownheart You're welcome!! Thank you for the wonderful review of the content I've been releasing. It is motivating and rewarding to hear reviews like yours!!
Dude thank you so much. Your tip about the full tunnel vs split tunnel setting really helped me.
Hi Jacob, You're welcome. Happy to hear that the video and specifically the coverage on full and split tunnel helped you out!!
Very nice and thorough review. I can't thank you enough for showing everything step by step. It worked like a charm for my Windows setup.
Hi Dennis, You're welcome!! I'm glad the video helped get your OpenVPN and Windows system setup properly.
I watched quite a few and they were all confusing in their own way. Yours is simply the best.. Thank you for posting your videos
You're welcome!! Glad the video was helpful and thank you for the feedback!!
Excellent video. Super easy to follow and get this set up. Thank you!!
@andreyv1 You're welcome. Glad the video was helpful!!
Great video tutorial. It helped me a lot to set up my VPN connection. Thank you so much.
Hi Amado, You're welcome! I'm happy to hear that the video helped you with your VPN setup!!
Clear video, THANK YOU VERY MUCH !!
@dvdm1dvdm1 You're welcome!! Glad the video was helpful!!
Great video...perfectly executed. Thank you.
Hi Andy, You're welcome and thanks for the feedback. I'm happy the video was helpful!!
Great video, especially the "setenv CLIENT_CERT 0" option!!!
Thank you!
Hi Florin, Thank you and you're welcome!! Glad the video was helpful!!
Hi Ferd, Thanks for all your Synology videos - they are so informative and straight forward to follow. Like others I am so surprised you don't have heaps more subscribers - I wish you the best of luck on that side! My problem is that for the life of me I can't get any external macOS or IOS devices (both using OpenVPN Connect) to connect to the Synology VPN. I followed all your setup instructions and have setup DDNS (which works normally without the VPN), forwarded port 1194 on my UDM Pro to the NAS IP address and allowed my Synology Firewall to allow VPN server access. When I try to connect via OpenVPN Connect, be it by iPhone or hotspot on my MBP, the connection times out with "There was an error attempting to connect to the selected server". As an experiment when I try OpenVPN Connect on my LAN (wireless) both the iPhone and hotspot connect successfully. This has me beat - any wise suggestions you can throw my way? Regards
Hi Glen, You're welcome on the videos and I'm glad they are informative and easy to follow. I appreciate the positive feedback on the videos I've been putting out!! Thank you for that!!
Regarding your problem I'm wondering if you used your Synology's internal/LAN IP address instead of your DDNS hostname in your configuration file? I say this because the OpenVPN connection works on your LAN which makes me think that you used the internal/LAN IP address (or maybe you changed your configuration to the internal/LAN IP address in your testing?).
If you do have the DDNS hostname entered correctly then I'd try disabling your Synology Firewall and see if that does the trick. Also, have a look at the logs on both the client and server ends for additional clues.
Hope this helps and best of luck in trying to find the problem.
I have exactly the same problem. Trying to connect through a UDM. Connects on LAN. Remote does not. So far tried only my iPhone13 / OpenVPN Connect app. Disabled the NAS Firewall, still I am stuck with "Peer certificate verification failure". Have you had any progress since your post?
This is the best tutorial on VPN Server on UA-cam....but two suggestions... 1) your screen shoots are too small, in many cases we need to guess. 2) for the port being used for the open Vpn, I suggest you should use the default port but map it to another Outside port on your router...which should help protect the connection for unwanted individuals.
Thanks Francois for the complement on the video and for the suggestions as well. I'll keep in mind the screen size and readability of the content I'm presenting as I create further videos. Good point on leaving the default port on the OpenVPN side and adjusting the external port on the router.
Thanks for the Excellent videos
Very clear, detailed instructions
Hi Joe, You're welcome and thanks for your feedback on my videos. I appreciate it!!
very informative wideo thanks for your help
Hi @mariuszengland, You're welcome!! Glad the video was helpful.
Thanks for the help👌
No problem 👍. You're welcome. Glad the video was helpful!!
Another excellent tutorial. Thanks DA!
I will use this for personal remote access to my Synology NAS.
However, it seems this configuration is suitable for those of us that want complete control and access, but not optimal for say sharing media on say Plex with less technically inclined family members. It would seem port forwarding might be better for those purposes, as it requires less configuration on the user's end.
Am I incorrect here?
@mwolfod You're welcome!! Glad to hear the tutorial was helpful for you. Regarding your comment on sharing media with less technical family members, I do agree that port forwarding would simplify things for them. Good luck with your setup!!
It good but please clarify little more details about port forwarding. In my case, router is asking for External IP address and Internal IP Address. I am perplex on which one is which and what to input there
Thank you for the tutorial, subscribed.
What I don't yet understand: OpenVPN can be used without registering for OpenVPN Cloud (3 free accounts) or OpenVPN Access Server (2 free accounts)?
Hi STG1989, You're welcome and thank you for subscribing!!
Regarding your question, the OpenVPN server that Synology runs is the community edition and doesn't require signing up for the services you mentioned. Hope this helps answer your question and good luck with setting up OpenVPN on your Synology NAS.
Hi. Love the way you narrate.
One query please...
My ISP uses double NAT. So I am not able to set port forwarding on router.
I therefore can acess my Synology DSM220+ through quick connect only. But poor speed.
Can using VPN get me a better connection speed?
Hi Manoj, Glad you like the way I narrate my videos and I appreciate the feedback!!
Regarding your question on double NAT and port forwarding, if you can't setup port forwarding directly on your router(s) then you may be stuck with QuickConnect and the hole punching technology it uses. Also if you want to use a VPN setup you will need to use DDNS and port forwarding so you may be out of luck there as well.
One thing you may want to try is TailScale, which allows endpoint to endpoint connections in a similar way that QuickConnect does, but you may have better luck with speeds. I have a video on it as well - ua-cam.com/video/x7SVbkHaEaA/v-deo.html. Good luck!!
Where can I fiend the 'forward to address' to use in the DDNS and .ovpn file?
Hi, thx, for the video. I would like to ask what DNS server do you have? It is DNS running on your NAS too, or it need to be some other DNS server, outside home network? Thx.
Hi shironator, You're welcome, hopefully the video was helpful to you!! Regarding your question on DNS I've used both a DNS running on my NAS as well as external from my NAS. Generally for external DNS it's been something on my local network though, not one outside of my home network. I've settled on Pi-hole with Unbound at the moment and I have a video on that setup as well if you are interested -> ua-cam.com/video/-546g1w_L3w/v-deo.html. Hope this helps and good luck with your setup!!
Does the OpenVPN connection in the Synology allow a remote user to map NAS Shares as a drive letter rather than "just" providing web access to the unit? That's what I was expecting - but was surprised to see you login to the web interface. Thanks for the excellent presentation.
Hi Adam, You're welcome on the video... And yes you can map a network share as a drive letter if you would like. Thinking about your comment I guess it would have been more impactful if I did map a network share from my Synology NAS, but I thought seeing access to DSM over the VPN was good enough. Thanks for your comment and best of luck in your setup!!
@@digital_aloha map a network share would be extremely useful to see.
Excellent. Thanks both for answering my question. The use case for my remote access would 99% be for accessing files on my NAS. I can't think of a reason I'd want to connect directly. Subscribed!
You are explaining well, but your screenshots are mostly unreadable due to inferior resolution. Which misses the purpose of guiding me when I have to guess what to write or where to click. I would rather read your written guide.
Hi Jo, Sorry about that! I've had other comments regarding my videos resolution and the difficulty in seeing some of the screenshots that I provide. I've since been trying to be more mindful to increase the size of text when I can and will be looking into providing better resolution in future videos as well.
Regarding this video if you have any questions regarding screenshots that you aren't able to see very well please let me know and I'll try to provide you with the details that you may be missing.
Hi, thanks a lot for great tutorials. Setting my my new DS920- and Iam not 100% sure of few things Maybe you can tell me, what do I need to do to 1. Share to people links to files from my Drive with SSL cert (avoid warnings about insecure connection) 2. Let my collegue to access LAN via Open VPN from Windows, with as littlee hassle and setup on the client side as possible. I would really appriciate some guidance here (I do have own domain already by the way), I as looking at your videos but I still not sure which steps to take in my case :) Thanks a lot and keep on with your videos, much appriciated!
Hi Paul, You're welcome on the tutorials and I'm happy you have found value in them!! Sorry for not getting back to you sooner, but regarding your questions I'd use the information from this video (ua-cam.com/video/bvvIoSMYDK4/v-deo.html) to share files with people. The setup described provides a SSL cert and secure way to share files although it is completely independent from Synology Drive. For your second question I think this video (where you commented) covers pretty much everything regarding the OpenVPN setup along with Windows client setup as well. Hope this helps and good luck to you in your setup!
This ddns setup leaves you with a domain that's just exposed to the internet on port 80 -- any way to do it https enabled instead?
Hey thanks a lot, wonderful tutorial! Can I set it up with a "gray/private" dynamic IP, like, if my network is behind provider's NAT and I can't forward ports since my white/public IP is actually not mine?
Hi Throttle Nerd, I actually don't think you can setup OpenVPN access to your Synology NAS if you have a gray IP address from your provider. You'd have to setup port forwarding and that isn't possible from what I am aware of. In this situation I'd recommend either QuickConnect or Tailscale (see this video here on Tailscale -> ua-cam.com/video/x7SVbkHaEaA/v-deo.html). I like Tailscale as well because it opens up more access to your Synology NAS then QuickConnect.
@@digital_aloha Thank you so much! I'll buy public IP option from my provider then )
@@throttlenerd You're welcome and good luck with getting everything setup after enabling the public IP option with your provider.
Hey! I successfully set up OpenVPN and everything works, but when I go ahead to set Pi-hole as my DNS server nothing happens.
Pi-hole’s IP address (running with its own IP on the NAS as a docker container via a MacVLAN interface) is my router’s custom DNS. Pi-hole works well with any device connected to the local network.
When I set “dhcp-option DNS pi.holes.ip.address” ad-blocking does not work for the device using the VPN outside the local network, and on the admin portal in Pihole no queries show up from the device on the VPN outside the local network. I have also tried with “Permit all origins” in PIhole’s DNS settings, and nothing. I also opened port 80 and port 53 on the firewall.
I have tried so many things and cannot get it to work, would you have any idea what might be going on? Thank you! Great video.
Is there a way to access folders on the nas by win name instead of ip address? I was just wonder what best practice was? When they access the folders from the office, use a mapped drive. When they are home, connect to the vpn and access the files through a shortcut on their desktop that points to the ip?
Hi Bergami Family, Great question... There are ways to access folders on the NAS through a hostname over an OpenVPN connection, but it takes a little more work. For background, when a computer is on the same network as the NAS it picks up the NAS's hostname through the NAS broadcasting it's hostname so it can be discovered by systems on the local network. This broadcast doesn't work over an OpenVPN connection.
To allow remote hostname access you can either setup a DNS name server that includes the Synology NAS as a host that can be resolved (here is a link from Synology that covers setting up a DNS server - kb.synology.com/en-us/DSM/tutorial/How_to_set_up_your_domain_with_Synology_DNS_Server) or a simpler way is to edit the local hosts file on your computer (here is a link for Windows - petri.com/easily-edit-hosts-file-windows-10/ and for MacOS - setapp.com/how-to/edit-mac-hosts-file).
Hope this helps? I may release a video or a series of videos on this these topics in the future so consider subscribing if you haven't already. Good luck to you!!
Hi I followed all the steps but connection timeout at the end. Can anyone tell me what goes wrong?
If my DKL has the DCC setting turned on, will it need VGBL configured? I know the DBHM protocol typically doesn't allow THP LCC's. Thanks!
🤣… You’re welcome!!
Hi, I have trouble of not being able to connect to SMB drive stored on my VPN Server, but I still can access SMB drive of other PC in the same network with the VPN Server? I have been searching for solution but none had helped yet.
Hi An, This sounds like a firewall issue to me. I would double check that SMB isn't blocked and/or create a firewall rule to allow SMB access. Hope this helps? Good luck with your setup!!
great video bravo. One question, where do you set the open vpn username and password?
@goudaibrahim6027 Thank you... Glad the video was helpful!! Regarding your question, openvpn uses local users so you'll need to setup an account you would like to use with openvpn and use the username and password associated with the account to login. Hope this helps? Best of luck in your set up!!
I was hoping you might be able to assist me with a problem I’m having with exporting the openvpn configuration file. A zip file is created with two files (readme and openvpn file). The openvpn file is only 5kb and I can’t find a program to open the file on my Mac? Any help would be greatly appreciated. BTW, your videos are excellent!!
Hi Greg, Thanks for the compliment on my videos!!
Regarding your question, you should be able to edit your OpenVPN configuration file using textedit on your Mac. You should be able to right click on the configuration file, select open with and select textedit. Hope this helps and good luck in setting up OpenVPN.
Hi. With this instructions, am I able to power on my synology nas outside my lan network?👍
Hi Valdemar, actually no. The feature that allows you to do this is called Wake-on-LAN and it requires you to be on the same LAN as your Synology NAS to work. It won't work properly over a VPN connection.
Best guide! BUT, for me, everything worked, except i cannot access local devices. the VPN connects just fine, but i cannot acces DSM nor its docker home assistant. I se that the assigned IP is not on the same syntax as the "true" LAN. Is this the issue?
@christianblicher1358 Thanks for the compliment on this video! Regarding your issue have a look at the Synology NAS firewall and, if it is turned on, turn it off and see if access to DSM and home assistant start working. If it does then you probably need to setup an allow/access rule for the IP addresses assigned to the OpenVPN network. Hope this helps and best of luck to you in figuring out the issue!
@@digital_aloha Thanks! will check it ut!
@@christianblicher1358 You're welcome. Hopefully the firewall is the issue. Good luck!!
Hi Can you do a how to set up video for Synology Mail plus. Thanks for all the great vids you maked.
Great suggestion! I'm interested in Synology Mailplus myself and will look into putting together a video on the topic. Thanks for the compliment on my videos as well!!
@@digital_aloha Thank you ahead of time, excitedly waiting for it.
hoaconstrictor (cool name by the way) - I have a couple videos in my queue yet... Look for the Mailplus video in the next couple of weeks.
Also, looking forward to the Mail sever video.
Joe
Hello, may I know what is the problem "no server certificate verification method has been enabled", please help
Hi Kenny, Hopefully you got this resolved already (it's been a while since your comment/question was posted)?
Hello, newbie here! I have a question regarding the port forwarding. I already have a reverse proxy and was wondering if it is possible to use the reverse proxy for OpenVPN, instead of opening another port on my router? For example the reverse proxy goes from the external port 443 to the internal port 1194 used by OpenVPN. Would that work? Thanks in advance for any help! :)
@schlicht. Great question!! You can definitely setup your reverse proxy to manage your OpenVPN connection exactly how you described. Let me know if you do run into any trouble with your setup. I'll formalize the configuration and will release a video if you think it would be useful to you and others. Good luck!!
@@digital_aloha thanks for the quick response! Thanks to your Video I was able to set up OpenVPN without a reverse proxy. Unfortunately, I can't manage to set up OpenVPN with the reverse proxy. My reverse proxy port (XXX) uses TCP, do I have to open it again for the UDP protocol and if so is it worth to use the reverse proxy (for OpenVPN) at all if I can also just open the port for OpenVPN (1194 UDP). I understood that OpenVPN must communicate with my Network from the outside, so when I tried to use it with the reverse proxy I changed the OpenVPN config from [myddns + 1194] to [vpn.myddns + reverse proxy port (XXX)]. Is my understanding correct here? I certanly think a Video would be helpful! Again, thanks in advance for any help!
Is there any way to access my windows or NAS drive using the name. I can access both my Windows computer and NAS via IP, but not using the name. Do I have to edit the config file and put my local DNS settings in, if so, then how? Thanks
@michael6621 You should be able to enter in a local DNS server in the config file. Check out the windows setup section of the video (ua-cam.com/video/Wv4CfZ40rFE/v-deo.html). I'm assuming your DNS server has your local devices setup by name? If not, you could edit the local host file on the client and enter in the IP address and hostname of your devices. Then you should be able to connect to your devices via the hostname that you configured. See this link for reference -> docs.rackspace.com/support/how-to/modify-your-hosts-file/. Hope this helps and best of luck in your setup!!
Are you able to connect your iPhone to your OpenVPN server? I can connect my laptop in full tunnel using my phone hotspot, but from my iPhone I try to use the full tunnel and the internet doesn't work :/
it does connect to the server though, which is weird, but no internet?
Hi, very useful video, but when I export the vpn configuration it does not generate the ca. Generate the openvpn file and the redme but not the third file. I don't understand why. Can you help me?
Thank you very much
Hi Mario, It does seem like the CA file isn't included anymore with the download. I'm seeing the same thing you are and I'm able to use the VPNConfig.ovpn file just fine. See what happens if you just continue through the instructions. I think you'll be okay. Good luck!!
Is it possible to use your synology as a vpn for internet access too? Therefore you always have the ip from you homenetwork?
Hi Baschi, Yes it is possible. You'll need to setup your client with full tunneling and you'll be set. Full tunneling is covered in the video, but if you have any further questions please let me know.
Hi man. Great guide, I can setup OpenVPN successfully. But, there is a problem regarding SMB, which cannot be connected. Any solution?
@keerapatratanasirisawad4040 Sorry for the slow response and thank you for the compliment on my video guide!! Regarding SMB, it should work if it is enabled on your Synology NAS and you are connected through OpenVPN. I wonder if it may be the Synology firewall that could be the issue. If it is on, turn it off and see if SMB works. If that does the trick you just need to enable access to the OpenVPN subnet and you should be set. Hope this helps or, better yet, I hope you already got this problem resolved. In any case, best of luck in getting SMB working through your OpenVPN setup.
Hi thanks for reply. It works actually I don’t know the reason why it didn’t at first. Cheers! Would you consider make some contents related to media server and related apps like Lidarr, Sonarr, etc..
@@keerapatratanasirisawad4040 You're welcome!! Glad to hear you got your SMB issue resolved. Regarding your comment about media servers I'll definitely look into creating some content in the future. Thanks for the suggestion!!
UDP: Connection reset by peer (WSAECONNRESET) (code=10054)
i could not tell if the router portforward or synology config fault
Hi Chi Cago, From what I've read this seems to be a firewall issue. I'd recommend turning off your Synology firewall if you have it on (just to test) and then change the firewall rules if that is the issue. Hope this helps. Good luck to you!!
I have probably seen over 10 different videos on how to set vpn up on my synology but I cant seem to get it working still!
Hi Phantom, what error message or problem are you experiencing?
@@digital_aloha mainly the actual VPN config file to upload on openvpn. Every time I upload the file to openvpn on my mobile device it never seems to connect at all.
@@phantomsynthesizer6171 It is hard to really say exactly where the problem may be from the information you provided because there are a bunch of steps you'll need to go through to get OpenVPN working like setting up DDNS/port forwarding, editing the downloaded configuration file, etc. I think the video covers everything you'll need to do so make sure you go through each step.
Other things you may want to check on is if the configuration file works on your desktop and not just on your mobile device. Also see if you can connect to the OpenVPN server from within your network which will bypass the need to have DDNS/port forwarding properly setup. I also have a couple of videos on VPN setup on mobile devices. This one for iOS - ua-cam.com/video/Yc5lTaFrdkc/v-deo.html and this one for Android - ua-cam.com/video/wuVSJ01cDwA/v-deo.html. Hope some of these tips help? Good luck to you!!
Thank you for your help I will try it again and let you know. I know I'm missing something! Lol
@@phantomsynthesizer6171 You're welcome and let me know if I can assist any further. Good luck to you!!
Does this work on iphone
@eagle1107flyer This does work on an iPhone and I cover how to set things up in this video -> ua-cam.com/video/Yc5lTaFrdkc/v-deo.html. Hope this helps and good luck in your setup!!
Hi. Thanks. Please tell me someone why my Sinology does not give me a ca certificate? It produces only two files: Readme.txt and a configuration file, there is no certificate?
Hi Arhan, You're welcome and I hope you got your OpenVPN connection working!!??
Regarding your question I just exported the configuration file and I see the same thing you do (just the README.txt and VPNConfig.ovpn files). It looks like the CA certificate is included in the OVPN file (bring it up in an editor and scroll to the end) so maybe that is why Synology doesn't include the CA.crt file any more. I also imported the OVPN file into my OpenVPN Connect client and it works perfectly for me. Hope this helps and answers your question!!
@@digital_aloha the extracted certificate file is unfortunately not recognized by the openvpn program. all the time is displayed: WARNING: No server certificate verification method has been enabled.
Hi Damian, what OpenVPN client are you using? I've been using OpenVPN Connect and it worked great both on MacOS and iOS.
@@digital_aloha Hi
as you wrote, the certificate is contained in the .ovpn file
In the case of launching Open VPN Connect, I just click skip the certificate and then it works.
Does it mean that I am unprotected?
And why can't I see my local network computers (DSM firewall port 1194 open)?
@@damianfuture6882 If it is the same warning that I mentioned in the video then continuing through the connection error message is fine and your connection is secure.
As for accessing your local network, what happens if you disable the DSM firewall entirely? If the local network is accessible at that point then you should look at your firewall rules further. Good luck!!
If I implement a VPN, will I be able to MAP drives on my computer as if it was on a local network?
@grem28 Yes, if you setup OpenVPN you will be able to map network drives like you would if you were on the local network.
@@digital_aloha wow. Thanks. I'll give this a shot!
@@grem28 Your welcome!! Good luck to you!!
Hi there. Followed the instructions to the letter and despite it all, I wind up with an "Authentication Failed - User authentication failed" error message. Have went backward step by step to find what I did wrong until I gave up for the moment. Is there something that I would need to check before taking it apart and starting all over again? Thanks!
Hi Garry, I would check to make sure a user is assigned privileges to logon to OpenVPN. This is covered at 2:10 of the video -> ua-cam.com/video/Wv4CfZ40rFE/v-deo.html. When I remove privileges in my testing I get the exact error you get. Good luck!!
What username and password was entered when connecting to the VPN at time stamp 9:04? At what stage was that username and password set up? Getting a bit lost on all usernames and passwords
Hi Imad, The username I used was "openvpn" and the password was one that I entered in when I created the user. The user was created at 0:35 of the video. Good luck in getting everything setup!!
@@digital_aloha thanks. I think I have it set up now. Just need to figure out how to get access to the drive as network folder through the vpn connection
I wonder if there is a way to change the openvpn authentication password. I didn't found some information yet how to do it. It seems dsm 7.1.1. even doesn't have an option to change that.
@hanswelder You should be able to change the password for the user that you are authenticating with by going to Control Panel -> User & Group. Then select the user you would like to work on and select Edit. You'll see the Change Password option from the window that pops up. Hope that helps?
@@digital_aloha Will check it, hadn't thought about that way, thank you!
@@hanswelder You're welcome and good luck with your setup!!
Aloha! nice detailed video. I have a Synology NAS with DSM 7 connected to a TP Link TL-R600VPN wired router that controls my home LAN and I'm trying to set up Synology's VPN. The Internet comes from a cablemodem connected to the R600 router. I correctly port forwarded UDP port 1194 to my NAS in the router, but when I run the NAS' router config it does not detect it (it prompts an orange warning sign in network config). My NAS has a static IP withing my LAN as it should. Any hint? Thanks
Aloha gertwallen, Glad the video was of help to you. Regarding your issue the only thing I can think of is that maybe your Synology NAS firewall is enabled and that is why the router config failed when you ran it? Other than that it sounds like you have the right setup. Hope this helps and good luck to you!
@@digital_aloha Thanks, I'll check that, also, is it better to set up a VPN from the NAS's DSM and run it from there, or directly from the router's included VPN?
@@gertwallen You're welcome!! Regarding your question, I think the opinion varies but, for me personally, I'm fine with running the VPN on the NAS mainly because the interfaces I've seen on the routers I use aren't the greatest and Synology's VPN Server setup is very nice and intuitive. Hope this helps in your decision making?
@@digital_aloha Yes, I agree, generally speaking Synology's DSM is very intuitive not only for setting up the VPN but for any other task too. Regarding my question, it seems that the consensus is that it is always better to run the VPN from the router and not from the NAS or any other device. In particular it seems that the cipher for OpenVPN that Synology uses is outdated and not updated, which is a security concern. You can google this and you'll find many sources of info.
@@gertwallen Ah yes, good point. I've ran into issues with older/outdated software in other aspects of DSM as well.
Do you do consulting (paid) to assist with this?
I do!! My consulting website is digitalaloha.com where I gear consulting toward backups and data protection, but I can definitely assist with OpenVPN setup as well. Feel free to contact me through the website or here through UA-cam, which ever you prefer.
Hello, I followed your instruction and the VPN works, but i'm able to log in with the chosen account even if the VPN is not activated. Do you know why? THANKS.
Hi Tom999, You should be able to use the account to login to DSM and other applications in addition to the VPN. You can check what applications the account has access to from Control Panel -> User & Group then editing the user and selecting Applications. At this point you should be able to allow or deny access as you would like. Hope this helps?
I meant more subs!
Got it... You're welcome and thanks again!!
So I'm guessing, if you setup a VPN, then you also need to install OpenVPN on any client device (like an Android phone), to use apps like DS Cam and DS Photos, right? How much of a pain is it to setup OpenVPN on Android, like... downloading a zip file of settings to the phone seems a bit ... ?
You're right, you would need to install an OpenVPN client and upload the config file to your Android device to be able to use the apps you mentioned. It isn't to much of a pain to setup and I have a video that covers what I used, which was Synology Drive. You can check out the video here -> ua-cam.com/video/wuVSJ01cDwA/v-deo.htmlsi=grs0NExv2PqQbxHk. Hope this helps and best of luck in your setup!!
When I try the client, it says that it is trying to communicate on TCP instead of UDP and it never connects. Is anyone else having this issue?
Hi @fordsrmaster, Did you get this resolved? I'm wondering if your port forwarding is setup for TCP rather than UDP and that is why you can't connect. Hopefully you got this resolved and sorry for the slow response.
@@digital_aloha No, I did not get it resolved. I ran out of time and I haven't been able get back to it to figure it out yet.
When i extract the config file, it doesnt give me a certificate. Why?
@jonathanmatthew5631 At some point the certificate was rolled into the VPNConfig.ovpn file and isn't a separate file any more. The setup should still work if you haven't continued on. Good luck in getting everything working!!
Yes this is easy bit please show us on Android 12 or on iOS ... I think there is problem with import ca.crt because Android say that it's not VPN certificate... How can we fix it ????
@ignacbonifac206 I do have videos that cover both Android and iOS setups for OpenVPN (and other VPN services as well). Here is the Android link -> ua-cam.com/video/wuVSJ01cDwA/v-deo.html and here is the iOS link -> ua-cam.com/video/Yc5lTaFrdkc/v-deo.html.
I think your particular issue is because the certificate is included within the VPNConfig.ovpn file, if you are getting the message "Select Certificate... This profile doesn't include a client certificate...". You can either click Continue to proceed with connecting or, if you check out the MacOS section of this video, I added the line "setenv CLIENT_CERT 0" to the VPNConfig.ovpn file that disables the checking for the client certificate.
Hope this helps? Good luck in getting the certificate message resolved.
@@digital_aloha thank you, I know what you are saying, but I need it to work for me with the certificate. When I click continue, it connects, everything works, but it doesn't solve my problem, where only with that certificate can I get into the systems I need for work. Without a certificate, it's useless to me. I need to solve the issue with the certificate on Android - especially on the Samsung Galaxy Tab S8+ .....
@@ignacbonifac206 You're welcome!! However, Synology's OpenVPN server doesn't use client certificates so there isn't an option to get it working the way you want from what I can tell. Note also that Synology's OpenVPN server does use server certificates so the connection is still secure, it just doesn't allow for both server and client certificates thus the work around that I mentioned earlier. Hope this helps?
@@digital_aloha hmmm thank you very much, but it's not a positive message, but if it is, then I probably don't need to search any further. It's a shame it doesn't work, I think Synology should fix it.
@@digital_aloha I'm sorry I have one more question... Have u got video how to setup protocol LPTSec ??? Thank you
Im getting a Json file not a zip file when exporting !
Hi Guilhem, I haven't run across the problem you are experiencing, but I know a few other viewers commented that they didn't get a zip file either (although in their experience they got a file named entry.cgi when clicking the export link). What I suggested for them was to use the command line to see if the zip file existed by using SSH. Below is a copy of the comment with the commands you can try.
Also what is the Synology NAS model and DSM version you are using? Maybe that will provide clues for me to research on.
Good luck!!
---
I can give you another way to download the openvpn.zip file that you are having problems retrieving.
It does deal with the command line and SSH so hopefully you are comfortable with that. Have a look at my SSH video -> ua-cam.com/video/t213x-sne6A/v-deo.html and pretty much just turn on the SSH service (the first minute of the video) and you'll be set. At this point you'll need to open up a terminal (I'm on a mac) and first I ran "cd Downloads" to change to the Downloads directory. Next I issued the following command:
dsadmin@192.168.81.15:/volume1/@appstore/VPNCenter/etc/openvpn/keys/openvpn.zip .
where
dsadmin is the administrator account on my Synology NAS (your's is probably different)
192.168.81.15 is the IP address of my Synology NAS
/volume1/@appstore/VPNCenter/etc/openvpn/keys/openvpn.zip is the path and openvpn.zip file you need to setup your OpenVPN clients
After the path and openvpn.zip file include a space and a . which means download the file to the current directory.
At this point you should be able to unzip the openvpn.zip file and go through the client setup process.
@@digital_aloha Thanks for this I learnt a thing or two. I was access my NAS over wan, as soon as I accessed on LAN the zip file exported fine
@@MrGeelhem Thanks for sharing your findings! Interesting that the zip file doesn't export properly when done over the wan.
Hello there👋 I think my server have problem. That is openvpn keep say "There was an error attempting to connect to the selected server". What wrong in my server?😭😭 help me..
Hi kk, It is hard to say exactly what the problem may be from the error you provided, but I would point you to looking at your client logs for clues and also your certificates as well. If you have further details on your errors let me know and I can see if I can assist further. Good luck!!
@@digital_aloha Yes. When i run openvpn server. on thing message pop up. And it say"There was an error attempting to connect to the selected server". So i can't use openvpn server..
Hi kk, I can try to help if you provide me the error messages you see in your logs. Hard to give you additional things to try unless I get more info ;)
@@digital_aloha Umm i not sure how to give you error information to you as well. So.. sending file to iphone is okay.. but when i try to turn on VPN server, then i cant use it. Like loading going 1minute.. it say there is error to connect server.. i cant get any information about error..
@@digital_aloha oh yes i’m living in China.. but i’m Korean and i need VPN server to use internet..i’m use my friend’s VPN server. So is there are problem to make VPN server in China??😢
Maybe just for the purpose of more accurate description of logging into OpenVPN, you forgot to mention that you need to set up/ acquire username and password on openVPN site by signing up which is important step.Just to mention since otherwise you went through some trouble to explain VPN in detail .
Hi Andrej, I just ran through setting up OpenVPN on a new Synology NAS and didn't see the need to setup a username and password on the OpenVPN site. There was another comment regarding setting up a username and password, so maybe I'm missing something? If you could point out were in the process the username and password is needed that would be great!! I'd love to get further details and maybe I can create an updated video if there is a need for more accurate instructions.
Thanks for the video, do you have any idea why when I export my OpenVPN config file I'm getting a file called 'entry.cgi' as opposed to a zip file? Inside that file is:
{"error":{"code":119},"success":false}. I've been trying to figure it out for hours!
Glad the video was helpful, although it seems like you ran into an issue I've never experienced before. I don't know how to resolve your specific issue, but I can give you another way to download the openvpn.zip file that you are having problems retrieving.
It does deal with the command line and SSH so hopefully you are comfortable with that. Have a look at my SSH video -> ua-cam.com/video/t213x-sne6A/v-deo.html and pretty much just turn on the SSH service (the first minute of the video) and you'll be set. At this point you'll need to open up a terminal (I'm on a mac) and first I ran "cd Downloads" to change to the Downloads directory. Next I issued the following command:
dsadmin@192.168.81.15:/volume1/@appstore/VPNCenter/etc/openvpn/keys/openvpn.zip .
where
dsadmin is the administrator account on my Synology NAS (your's is probably different)
192.168.81.15 is the IP address of my Synology NAS
/volume1/@appstore/VPNCenter/etc/openvpn/keys/openvpn.zip is the path and openvpn.zip file you need to setup your OpenVPN clients
After the path and openvpn.zip file include a space and a . which means download the file to the current directory.
At this point you should be able to unzip the openvpn.zip file and go through the client setup process.
Hope this helps and good luck to you!!
@@digital_aloha Thanks for taking the time to respond and help. Unfortunately that isn't working for me! In facts it's telling me that the directory doesn't exist. Honestly I'm pulling my hair out now!
Sorry that didn't help. I'm wondering if uninstalling and reinstalling the VPN Server package may help. Maybe there was an issue with the initial install? Also confirm that your Synology NAS model is compatible with VPN Server - www.synology.com/en-us/dsm/packages/VPNCenter. Hope you can get things resolved!!
@@itsThemuRR i have this problem too :c