VPN SSL Certificate error

Currently reading
VPN SSL Certificate error

976
221
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Currently using Synology’s quickconnect method to remotely connect to my nas. We’ll use DS File for this example.

I am able to connect with no issues using quickconnect. However, when I turn on OpenVPN to vpn into the nas and then try to log into ds file I receive a message stating “the ssl cert. of the Synology Nas is not trusted. This may mean it’s a self signed cert. or someone maybe trying to intercept your connection.”

Is there anyway to prevent this? Currently I cannot log in to ds file while connected to openvpn
 
Last edited:
Same error when using the local ip over vpn.

It’s just a pain to have to keep switching the connection names and/or turning vpn on/off to do things. I would connect my phone to vpn to use Remote Desktop or browsing to local network. Then when have to work on synology Some access can be quickly done through the apps. However, at times I don’t need the vpn for the other stuff and just need to connect to the synology apps, in which I would have to use the quickconnect (or ddns).

For the record I think this just has to do only with the cert error using the native synology apps. I can access normally by going to the local nas ip in a web browser on vpn. If I uncheck https on the ds file login screen, it will connect with no cert error popping up. So, is there anyway to connect using https?
 
Alright sorry another update. If I use the synology ddns name it will connect without throwing the certificate issue. I guess this makes sense since the LE cert is connected to the synology.me ddns name.
 
Alright sorry another update. If I use the synology ddns name it will connect without throwing the certificate issue. I guess this makes sense since the LE cert is connected to the synology.me ddns name.
As I said before, using https in any case without the exact name covered by the cert you will get a cert error.
 
As I said before, using https in any case without the exact name covered by the cert you will get a cert error.

Is there anyway to include the synology quickconnect name into the cert along with the ddns name?

Is there anyway to include the LAN ip as well?
 
Is there anyway to include the synology quickconnect name into the cert along with the ddns name?

Is there anyway to include the LAN ip as well?
Not using the qc name, no. Still using a ddns domain name LE cert you can add anything you want to SAN field while creating a cert.
 
The certificate error happens when the client detects an issue with the authorised names covered by the certifcate present by the immediate server with which it is communicating. The end-server (your NAS) is hidden from the client when using QC and QC uses a certificate that names itself.

QC will determine the best connectivity method for accessing the NAS, sometimes this is using the QC proxy and sometimes it's a redirect to the NAS. Within the VPN tunnel it would seem that you are getting a redirect.

If you are not directly exposing the NAS to the Internet, for the services you are using (e.g. File Station), then you can use DS file's setting to ignore certificate messages .. and the other apps have the same setting.

Otherwise, if the services are directly accessible from the Internet, you could run an internal DNS that resolves your domain itself and forwards resolving for everything else. Use this for VPN and local devices and set it to mimic your Internet DNS resolution, but for local IPs.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
It sounds that the main focus is a LAN reconfiguration of DHCP and DNS services so that dynamically...
Replies
1
Views
517
What I've found out: 1.) If I turn off the Kill Switch, then I'm good to go with the local devices 2.) If...
Replies
2
Views
2,204
Also, Quick Connect isn't available for all services... especially if you are going to be relying on the...
Replies
3
Views
1,085
New User Question. I know I can connect one house to another through a VPN, but is it possible to do the...
Replies
0
Views
1,088
Have you ruled out the firewall on the nas? You may have to explicitly add the subnet to the firewall...
Replies
5
Views
1,712

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top