Last edited:
I have a Synology rt2600ac and 718+. Right now I am running VPN Server on the NAS with openvpn and a Let's Encrypt Certificate. Top picture is from the NAS and bottom is the router. You can see I have 3 certs on the NAS (important to my question): (1) is the self signed, that I don't use (to my knowledge), (2) is my NAS DDNS (that I don't use, and (3) is my DDNS for the router (which I use as the default cert, including for the VPN Server). I port forward the VPN port in the router from all IP/all port to the DSM static IP. My VPN Service seems to work fine. I can't tell from much reading if LE auto-renews or not but I prefer not to have port 80 forwarded unless needed, so I open it for the renewal and close. Then I export the cert from DSM and import to SRM. A few questions:
1 - Should I (or is there a benefit to) changing the default cert (or at least the one for the VPN Server) to the cert for the NAS? Or am I set up correctly already? Could I point the opvn file to the ddns of the NAS (benefit?) or just leave it? I am not a power user; I am at the beginning of this journey (bought router and NAS about 6 months ago); first networking experience.
2 - is there a better way to renew the certificates? One where you do not have to export and then import (without getting crazy with dockers/containers/scripts).
3 - Is there a reason to have a certificate for each ddns (router and nas)?
4 - Interesting that when I log in to my SRM using the DDNS address, I get the happy green lock but with the lan ip address I don't. How do I get that green happy lock to show up when I access the DSM via the DDNS address?
Thanks!
1 - Should I (or is there a benefit to) changing the default cert (or at least the one for the VPN Server) to the cert for the NAS? Or am I set up correctly already? Could I point the opvn file to the ddns of the NAS (benefit?) or just leave it? I am not a power user; I am at the beginning of this journey (bought router and NAS about 6 months ago); first networking experience.
2 - is there a better way to renew the certificates? One where you do not have to export and then import (without getting crazy with dockers/containers/scripts).
3 - Is there a reason to have a certificate for each ddns (router and nas)?
4 - Interesting that when I log in to my SRM using the DDNS address, I get the happy green lock but with the lan ip address I don't. How do I get that green happy lock to show up when I access the DSM via the DDNS address?
Thanks!