I'm getting the attached error when trying to login in to my vpn server on my DS718+ through the openvpn app on my iphone. I have an email from the Expiry Bot at LE that says the certificate expires on 11/21 (so, not expired). I haven't changed any settings and this has been working for a couple of years for me. Not sure what changed now. Upgraded DSM to the latest (update 4 that just came out), but no solve. Any ideas?
Certificate Verification Error
- Thread starter daptap
- Start date
- Latest activity Latest activity:
- Replies 11
- Views 4,674
Currently reading
Certificate Verification Error
- Original poster
- #4
Nov 21, 2019. Point being - not expired.
- Original poster
- #5
not an option in iOS. In the settings for this profile, none is selected for certificate.
Yep for iOS, don't select certificate.
However, I think that if you have changed settings in the OpenVPN server then it's best to export the .ovpn again and reinstall on you devices. I don't use the DSM VPN Server rather VPN Plus on SRM, and there may be subtle differences.
However, I think that if you have changed settings in the OpenVPN server then it's best to export the .ovpn again and reinstall on you devices. I don't use the DSM VPN Server rather VPN Plus on SRM, and there may be subtle differences.
- Original poster
- #7
i will probably have to try that next. Or maybe first I’ll renew LÊ cert and see if it changes anything. I remember setting up the first time was hard for me. iOS doesn’t accept any files with the keys and so i had to put it in the opvn file at the bottom. Not sure i remember full process. Any links on how to do this (which file to pull from once the three files are exported from DSM?).
maybe i should look in to changing to srm as well since i have rt2600ac router. Wouldn’t have to port fwd then to DSM. Any drawbacks?
Last edited:
I was going to say no drawbacks but there are things to think about:
Each NAS/router has a limit on the number of connections to each type of VPN. My DS218+ allows 30 concurrent connections which is more than the RT2600ac's 20, but I've never hit this limit.
The 'plus' VPNs require a licence per concurrently connected user (it's per account so two connections on the same account is 1 licence). You have a free one and extras are $10 + vat and non-transferrable to a new RT/MR.
We discussed this a bit here too VPN server: on DSM or SRM?
**Rusty will say to run the letsencrypt Docker container to resolve this, but I still haven't sat down and worked this through.
- Do you want normal users logging onto the router? I don't so:
- Installed LDAP Server on the NAS and created a set of users on there plus a vpnusers group
- Connected the RT to the LDAP server and assigned VPN Plus access to vpnusers.
- The NAS can be used by these accounts to manage their passwords etc. and I stopped permission to access other NAS services.
- LE certificate renewal is tricky or manual if you have to share one IP between devices. Synology's SSL-VPN service will use the one certificate that SRM supports so you need to decide how to maintain it (or resign yourself to self-signed). ... this isn't really a drawback since SSL-VPN isn't on the NAS VPN server.**
Each NAS/router has a limit on the number of connections to each type of VPN. My DS218+ allows 30 concurrent connections which is more than the RT2600ac's 20, but I've never hit this limit.
The 'plus' VPNs require a licence per concurrently connected user (it's per account so two connections on the same account is 1 licence). You have a free one and extras are $10 + vat and non-transferrable to a new RT/MR.
We discussed this a bit here too VPN server: on DSM or SRM?
**Rusty will say to run the letsencrypt Docker container to resolve this, but I still haven't sat down and worked this through.
- Original poster
- #9
OK. I'm an idiot. the DDNS associated with my DS718+ was not expired, but the DDNS associated with my rt2600ac was expired. And the latter is what I point the openvpn config file to...ergo, the certificate verification error. All is well now.
I'm going to post another question though related to my process of renewing the certs and which DDNS I should really be using. After racquetball late tonight!!
I'm going to post another question though related to my process of renewing the certs and which DDNS I should really be using. After racquetball late tonight!!
- Original poster
- #12
Last edited:
It appears it was advice I got from this website to fix dns leaking: adding "block-outside-dns" to the config file of openvpn. This worked for sometime for me but at some point stopped (wonder if DNS over HTTPS in SRM update affected this?). It looked like it wouldn't resolve DNS queries once connected to the VPN. Removing the line allows a connection...at least on my windows 10 laptop. Now to check the iphone.
EDIT: Yep, that was the issue on the iphone as well. Strange that it was working before and now it did not.
EDIT: Yep, that was the issue on the iphone as well. Strange that it was working before and now it did not.
Create an account or login to comment
You must be a member in order to leave a comment
Create account
Create an account on our community. It's easy!
Log in
Already have an account? Log in here.
Similar threads
A couple of weeks ago I updated my RT2600ac to SRM 1.2.4-8081 Update 2. Over the course of a week or so, I...
That is correct.
Yes you’re :)
But I’m sure your tinkering habits will get the best of you and you’ll need to restart soon :)
Welcome to SynoForum.com!
SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.
Registration is free, easy and fast!
Trending threads
-
NVMe storagepools with non-Synology drives?- Started by oRBIT
- Replies: 3
-
DSM 7.1 How do I actually get files into synology Drive on the NAS so I can see them ony PC?- Started by The Sorbz
- Replies: 2
-
-
SRM Update Version: 1.3.1-9346 Update 4
- Started by fredbert
- Replies: 5
-
DSM 7.1 Connect surveillance station to Hikvision DVR?
- Started by The Sorbz
- Replies: 3
-