OpenVPN Connect not connecting anymore

[aGraphicz]

Hi

Since some hours I cannot longer connect to my Syno using OpenVPN Connect client. The client keep trying to connect

As I am in Homeoffice I cannot go back to the office and check it. My coworker said that looks everything fine in DSM.

What could be another possible issue?

 

[Rusty]

Do you have any other remote or on-premise access to the NAS? Could be a problem with VPN package, certificate problem, or something else. Not really easy to deduce the exact error from this output alone.

Also if you have access to your NAS via SSH (from a different location), looking into /var/log/messages might be worth it.

Does this happen to you alone or any other VPN user?

 

[WST16]

As I mentioned today on another thread, this happened to me twice so far over a long period.
If possible, ask your colleague to restart the VPN package and try. If it doesn’t not work, ask him to restart the NAS if it’s ok.
A shot in the dark, but that solved it for me.

 

[Akira]

It's /dev/net/tun!! (OR at least it was for me) I had this recently (stopped various containers working as they used it as well).

I've added the following script:

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
    if ( [ ! -d /dev/net ] ); then
        mkdir -m 755 /dev/net
    fi
    mknod /dev/net/tun c 10 200
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
    insmod /lib/modules/tun.ko

fi

to run at boot which has stopped it happening for me and made both the containers and OpenVPN work reliably every reboot again.

 

[Telos]

Since some hours I cannot longer connect to my Syno using OpenVPN Connect client. The client keep trying to connect

This happened again to me today... Twice this week.

 

[Telos]

@Akira I ran the script (I have similar issue) with the result...

What am I missing. Thank you.

 

[fredbert]

Have you got Windows linefeeds in the script?

 

[Akira]

rename from .txt to .sh

 

[aGraphicz]

It's /dev/net/tun!! (OR at least it was for me) I had this recently (stopped various containers working as they used it as well).

I've added the following script:

Hey @Akira where do I have to add the script? I am not a profi

Do you have any other remote or on-premise access to the NAS? Could be a problem with VPN package, certificate problem, or something else. Not really easy to deduce the exact error from this output alone.

Also if you have access to your NAS via SSH (from a different location), looking into /var/log/messages might be worth it.

Does this happen to you alone or any other VPN user?

yes it happen also to other users

 

[Telos]

Have you got Windows linefeeds in the script?

It's just raw text, saved as .sh in Notepad++.

 

[Akira]

Hey @Akira where do I have to add the script? I am not a profi

yes it happen also to other users

I've got it saved in:
/volume1/scripts/
as:
fix_tun.sh
Then in DSM - task scheduler - triggered task
User: root
Event: Boot-up
Task settings: bash /volume1/scripts/fix_tun.sh
Enable

then right click and run. (to fix it now)

 

[aGraphicz]

Do you have any other remote or on-premise access to the NAS? Could be a problem with VPN package, certificate problem, or something else. Not really easy to deduce the exact error from this output alone.

Also if you have access to your NAS via SSH (from a different location), looking into /var/log/messages might be worth it.

Does this happen to you alone or any other VPN user?

Hi

I just found out the my IPS changed the IP address. There is a way using OpenVPN to make it a static adress so this does not occurs anymore? Changing the ip address into the config File solved the problem.

@Telos @WST16 @Akira

 

[Rusty]

Hi

I just found out the my IPS changed the IP adress. There is a way using OpenVPN to make it a static adress so this does not occours anymore?

You can configure your OVPN file to use your DDNS name and put that ddns name inside your file as a server address. Ofc you will have to configure DDNS on your NAS to maintain sync with your public IP WAN address change.

DDNS | DSM - Synology Knowledge Center

Synology Knowledge Center offers comprehensive support, providing answers to frequently asked questions, troubleshooting steps, software tutorials, and all the technical documentation you may need.

www.synology.com

 

[aGraphicz]

Ok I will try to do as you suggested. When setting up a new DDNS my local connection to the Syno will continue to work as always or do I need to take care of something there? We are now connected using SMB.

 

[Rusty]

When setting up a new DDNS my local connection to the Syno will continue to work as always or do I need to take care of something there?

Correct. DDNS will be initiated only when you specifically use that FQDN. Locally if you continue to use your connection using an IP address of the NAS, it will not be even aware of the FQDN.

 

[aGraphicz]

Correct. DDNS will be initiated only when you specifically use that FQDN. Locally if you continue to use your connection using an IP address of the NAS, it will not be even aware of the FQDN.

Thanks
There is a difference in using a free hostname offered by Synology (i.e xyz.synology.me) or any other services? I mean in terms of security, how exposed is a synology domain over the internet?

 

[Rusty]

Thanks
There is a difference in using a free hostname offered by Synology or any other services? I mean in terms of security, how exposed is a synology domain over the internet?

Exactly the same. DDNS is just a pointer to your NAS nothing more. *.synology.xxx domain names are registered under Synology but nothing more than that. Their DDNS service when it comes to uptime is really good and I can't recall last time there was any problem in terms that you were not able to connect back to your NAS because your DDNS was not in sync. That's the main task here, nothing more.

 

[aGraphicz]

Exactly the same. DDNS is just a pointer to your NAS nothing more. *.synology.xxx domain names are registered under Synology but nothing more than that. Their DDNS service when it comes to uptime is really good and I can't recall last time there was any problem in terms that you were not able to connect back to your NAS because your DDNS was not in sync. That's the main task here, nothing more.

Assuming that someone search for the domain name, it is possible for hackers to find out the IP address right? Still the OPN VPN config file generated from the syno is necessary in order to connect to the syno right? Like, this add a level of security to it I guess

 

[Rusty]

it is possible for hackers to find out the IP address right?

Correct. They will track your current IP address at that moment.

Still the OPN VPN config file generated from the syno is necessary in order to connect to the syno right?

Not just that but also they need to know VPN user name and pass.

On top of this, you can limit countries that can utilize this service by using your NAS FW (geo firewall rule) to allow connections from only specific countries and further limiting connections and potential attack vectors.

 

[aGraphicz]

Correct. They will track your current IP address at that moment.


Not just that but also they need to know VPN user name and pass.

On top of this, you can limit countries that can utilize this service by using your NAS FW (geo firewall rule) to allow connections from only specific countries and further limiting connections and potential attack vectors.

Many thanks for the tip! In my Firewall rules I have this as setup. Is that what you mean?