Need OpenVPN client side setup help

Currently reading
Need OpenVPN client side setup help

65
1
NAS
DS-718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
I setup OpenVPN on my Synology DS-718+ over a year ago and frankly, forgot about it. I bought a new laptop and began setting up the client side. In researching instructions for setup, I searched the forum for the setup tutorial that I used previously, but couldn't locate it. In my research, I did find references to the Let's Encrypt certificate expiring permanently.

I did find the instructions for creating a new certificate and followed those. I've got the certificate in the certificates section of DSM:

1666478027391.png


I exported my configuration from the VPN server package, edited the ovpn file and imported it. Everything appears correct but there is no certificate in OpenVPN, despite a certificate being in the folder with the config file:

1666478191935.png

When I try to import the certificate into the OpenVPN client, OpenVPN does not see the certificate.

I thought that I might have the wrong certificate, so I exported the MYSERVERNAME.synology.me certificate that I created with Let's Encrypt. I get this:

1666478355740.png


OpenVPN also does not recognize any of these files.

Can anyone point me in the right direction?
 

Attachments

  • 1666477964552.png
    1666477964552.png
    14 KB · Views: 7
I setup OpenVPN on my Synology DS-718+ over a year ago and frankly, forgot about it. I bought a new laptop and began setting up the client side. In researching instructions for setup, I searched the forum for the setup tutorial that I used previously, but couldn't locate it. In my research, I did find references to the Let's Encrypt certificate expiring permanently.

I did find the instructions for creating a new certificate and followed those. I've got the certificate in the certificates section of DSM:

View attachment 11186

I exported my configuration from the VPN server package, edited the ovpn file and imported it. Everything appears correct but there is no certificate in OpenVPN, despite a certificate being in the folder with the config file:

View attachment 11187
When I try to import the certificate into the OpenVPN client, OpenVPN does not see the certificate.

I thought that I might have the wrong certificate, so I exported the MYSERVERNAME.synology.me certificate that I created with Let's Encrypt. I get this:

View attachment 11188

OpenVPN also does not recognize any of these files.

Can anyone point me in the right direction?
The cert should be part of the OVPN file (at the bottom of the file).
 
The cert should be part of the OVPN file (at the bottom of the file).
Rusty, I’ve exported the ovpn file from the VPN server app on the Synology several times and I‘ve always had the missing certificate. I figure I’m missing a step, but don’t know what that is.
 
Rusty, what I did was go to Control Panel > Security > Certificate. I clicked "Configure" and change the dropdown for VPN Server to XXXXX.synology.me. I then went to the package center, to VPN Server and exported the configuration. I edited the config file with my server name and imported. I still get the missing certificate and when I navigate to the folder that the ovpn file was located, I see a ca security file and a ca_bundle security file. However, OpenVPN does not recognize either as a certificate.
 
Are you using the openvpn app on your laptop? You have to load the VPNConfig.ovpn into the client with the log in name/password. I use my DDNS when I edit the VPNConfig.ovpn file.

Screenshot_20221025-111800_OpenVPN-Connect.jpg
 
Are you using the openvpn app on your laptop? You have to load the VPNConfig.ovpn into the client with the log in name/password. I use my DDNS when I edit the VPNConfig.ovpn file.

View attachment 11241
Yes, I'm doing this on my laptop. I'm importing the ovpn file onto OpenVPN on the laptop. After import, it asks me for the user name and password, which I enter. I then save it, but it has no certificate attached to the profile.
 
Last edited:
OK, have you tried hitting continue. The certificate their mentioning is not the OpenVPN but a cert from android. Your link is still under the openvpn cert and encrypted.
-- post merged: --

I just fixed mine. in your phone settings, look up key block chain. openvpn somehow stores a certificate in the android block chain wallet. Still trying to understand it!
 
Cheapdad. been reading up on it. doing the keychain store doesn't dismiss the message. It's just a more secure option of encrypting the file. In other words, if someone steals your phone, they won't be able to read the openvpnconfig ifle which is hard to do once it's in the client. I just delete the ovpn file from the download once I import it.
 
OK, have you tried hitting continue. The certificate their mentioning is not the OpenVPN but a cert from android. Your link is still under the openvpn cert and encrypted.
-- post merged: --

I just fixed mine. in your phone settings, look up key block chain. openvpn somehow stores a certificate in the android block chain wallet. Still trying to understand it!
I'm not sure I follow. I'm doing this on my laptop. There's no phone involved and if I were using a phone, it would be an apple device.
 
Sory, I'm using a phone. Again, the corticate choice is for using key block chain service. it has nothing to do with the certificate you created. IOS also supports keyblock chain. On your laptop just hit continue and it should connect with Encryption.
 
Got it. It took me a hot minute to realize what you were saying. Ignore the seemingly empty certificate issue and hit continue. I did so and it seems to work. I'll check the next time I've got my laptop out of the house.
 
NP. took me a bit to figure it out too. Any questions just ask. I or someone will answer.🙃
 
Last edited:
There’s an option in the settings to always disregard the cert so that you don’t keep getting the pop up.

There a line of code that you can add to the config file, see below post.

Secondly, apparently only OpenVPN gui is the official supported OpenVPN app for the synology implementation. OpenVPN connect app is for OpenVPN community edition. It still works but again isn’t fully supported. One of the things that doesn’t work with OpenVPN connect app is dns resolution and search domains, whereas OpenVPN gui works.
 
Gerhard. I looked for the "There’s an option in the settings to always disregard the cert so that you don’t keep getting the pop up.," What is it referred as. "Shortcut minimize is checked." TIA
 
Gerhard. I looked for the "There’s an option in the settings to always disregard the cert so that you don’t keep getting the pop up.," What is it referred as. "Shortcut minimize is checked." TIA
That doesn’t sound familiar, what I was referring to is in the OpenVPN connect app, since I know there was always a very pop up that would show. What you’re referencing sounds like it’s the OpenVPN gui app. Although I don’t ever recall a certificate pop up on the gui app, it will show in the logs.
 
I was just wondering if there is a way to stop this when turning it on?
 

Attachments

  • vpn.jpg
    vpn.jpg
    56.3 KB · Views: 5
I retract my statement before. When using the OPENVPN Connect app, use the below line of code in the config file. It is not a setting in the app or settings.

# prevent certificate pop up missing error
client-cert-not-required
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I would suggest having your VPN server on Synology generate a new profile, and then adjust that profile...
Replies
10
Views
1,939
  • Question
Thanks for all your help! I finally got it to do what I needed to do. I think I just can't connect to eero...
Replies
15
Views
2,109
I don't recommend exposing the NAS directly to the internet. Modem>Powerline>Router>Devices (wired/Wi-Fi)
Replies
18
Views
1,516
  • Question
Firewall rules are for IPv6 only, IPv4 which I'm using uses just the port forwarding.
Replies
16
Views
3,409
What are we talking about here exactly? What troubles you and more importantly what are you planning on...
Replies
1
Views
811
  • Solved
<<<<< SOLVED >>>>> OK so I decide to solve this by myself accordingly. Synology did offer me to go check...
Replies
1
Views
977
  • Solved
You're right, I have several networks/subnets with different purposes. I suppose keeping 192.168.1.x...
Replies
7
Views
2,932

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top