How to edit OpenVPN server config files?

Currently reading
How to edit OpenVPN server config files?

4
0
NAS
DS218+
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Hi there,
I installed OpenVPN on a Virtual DSM and would like to make the host DSM on the same subnet accessible for mobile clients (i.e. my iPhone). From what I understand, I need to set up a push route in the server config file and a pull command in the client config file. Port forwarding in the router, DDNS in VM and connection from remote to OpenVPN server inside the Virtual DSM do already work.

But how do I edit the server config file? And which one is the one I need to edit?

Possible config files, found in another forum:

/var/packages/VPNCenter/etc/openvpn/openvpn.conf
/volume1/@appstore/VPNCenter/etc/openvpn/openvpn.conf
/volume1/@appstore/VPNCenter/etc/openvpn/server.conf <-- my guess

I got as far as setting up a SSH connection via Terminal on MacOS and Putty on Windows. But when I navigate i.e. to the server.conf and try to use the command open "server.conf" I get the error message -sh: open: command not found

There is also this folder:
/usr/syno/etc/synovpnclient/openvpn$

I tried to follow the instructions here: Including multiple machines on the server side when using a routed VPN (dev tun), but I don't know how to do it with DSM.

Can anyone help?
 
would like to make the host DSM on the same subnet accessible for mobile clients
If your VDSM is on the same subnet as your NAS, connecting to the openvpn should give you access to vdsm and by extension to all of your LAN in the same subnet.

Do you have vdsm in a different subnet then the host machine?

Have you configured NAS FW to allow access to your LAN subnet from the configured VPN subnet.
 
My NAS is on the same subnet as the VDSM (both have 192.168.178.xyz IPs). I guess it is the setup as "dev tun" why the client can only see the device running OpenVPN. But I cannot use "tap" as it's not compatible with iOS. That is why I would like to route the remote client towards the private subnet.

I found this explanation, which describes what I'd like to do:

The remote clients connect with the virtual "tun-ip" of the client, i.e. 10.8.0.xxx, on virtual interface 10.8.0.1 - the network that we specified in "server.conf" after "server". In order for them to reach devices internally, the IP must be rewritten to internal network, i.e. internal server IP 192.168.178.xxx.

Just how?

Yes I did some FW configuration, both on the VDSM as on the host DSM (not knowing exactly where the right place is). I'll share screenshots when I'm back home.
 
In order for them to reach devices internally, the IP must be rewritten to internal network, i.e. internal server IP 192.168.178.xxx.

Just how?
There is no need to edit the config file. VPN will do its own NAT from VPN subnet to your LAN subnet. This is the reason why I asked if vdsm and dsm are on the same subnet.

Think FW checkup would be the 1st things that need inspection (on both layers).
 
Okay, thank you for the explanation.
This is my firewall setup both on the host DSM and the virtual DSM:
243823D9-82AB-4115-83B4-871E3A7BC635.jpeg


I did the basic firewall setup which allows connection from my local network and subnet (192.x.x.x), the virtual network and subnet (10.8.x.x), and my residence country Germany. Any other connection attempt will be denied. I am certainly not sure if it is necessary to set up both firewalls in the same way or if an additional entry is required. But it seemed somehow logical to me to do it this way.
 
Important news: by chance I made the discovery that I can see the host DSM after all and even log in to it. But ONLY when my mobile phone is on mobile connection (LTE). But I can't get to the host DSM login screen via Safari or to my host IP via the Drive client app when I'm using a WiFi network, such as at my friends' house, although I can connect to the OpenVPN when I'm using my friends' WiFi network.
 
Important news: by chance I made the discovery that I can see the host DSM after all and even log in to it. But ONLY when my mobile phone is on mobile connection (LTE).
So from this, it looks like that VPN works fine while outside your lan. That is the whole point.

But I can't get to the host DSM login screen via Safari or to my host IP via the Drive client app when I'm using a WiFi network
In this case of the Drive app are you entering the port parameter as well or just the IP address? Also, using Safari is that the mobile or desktop version? What output happens when you try to access it via the browser?

Guessing these are issues not related to the VPN nor is the VPN connection being used.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Everything else that I have asked you. This could be a cap at work. Maybe network team is controlling...
Replies
4
Views
1,320
My apologies to all. Recently had to rebuild my PC and reset my phone. Just deleted everything from...
Replies
10
Views
1,392
I have WireGuard running on my router and can access my local LAN and Synology from outside and browse the...
Replies
0
Views
971
  • Question
An update for the next victim after finally getting RT6600ax OpenVPN client to establish a tunnel to a...
Replies
1
Views
976
  • Question
So you have two sites with identical local IP subnets and even IP assignments? If trying to connect from...
Replies
2
Views
1,196

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top