VPN SSL Certificate error

Currently reading
VPN SSL Certificate error

407
81
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Currently using Synology’s quickconnect method to remotely connect to my nas. We’ll use DS File for this example.

I am able to connect with no issues using quickconnect. However, when I turn on OpenVPN to vpn into the nas and then try to log into ds file I receive a message stating “the ssl cert. of the Synology Nas is not trusted. This may mean it’s a self signed cert. or someone maybe trying to intercept your connection.”

Is there anyway to prevent this? Currently I cannot log in to ds file while connected to openvpn
 

Rusty

Moderator
NAS Support
4,642
1,338
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Have you tried to use local nas ip to log into ds file while logged via vpn? There is really no need to use qc name while in local network via the tunnel.

Also that error is caused by a cert error especially if you are accessing via https protocol.
 
407
81
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
Same error when using the local ip over vpn.

It’s just a pain to have to keep switching the connection names and/or turning vpn on/off to do things. I would connect my phone to vpn to use Remote Desktop or browsing to local network. Then when have to work on synology Some access can be quickly done through the apps. However, at times I don’t need the vpn for the other stuff and just need to connect to the synology apps, in which I would have to use the quickconnect (or ddns).

For the record I think this just has to do only with the cert error using the native synology apps. I can access normally by going to the local nas ip in a web browser on vpn. If I uncheck https on the ds file login screen, it will connect with no cert error popping up. So, is there anyway to connect using https?
 
407
81
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Alright sorry another update. If I use the synology ddns name it will connect without throwing the certificate issue. I guess this makes sense since the LE cert is connected to the synology.me ddns name.
 

Rusty

Moderator
NAS Support
4,642
1,338
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Alright sorry another update. If I use the synology ddns name it will connect without throwing the certificate issue. I guess this makes sense since the LE cert is connected to the synology.me ddns name.
As I said before, using https in any case without the exact name covered by the cert you will get a cert error.
 
407
81
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
As I said before, using https in any case without the exact name covered by the cert you will get a cert error.

Is there anyway to include the synology quickconnect name into the cert along with the ddns name?

Is there anyway to include the LAN ip as well?
 

Rusty

Moderator
NAS Support
4,642
1,338
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Is there anyway to include the synology quickconnect name into the cert along with the ddns name?

Is there anyway to include the LAN ip as well?
Not using the qc name, no. Still using a ddns domain name LE cert you can add anything you want to SAN field while creating a cert.
 

fredbert

Moderator
NAS Support
Subscriber
3,142
1,249
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
The certificate error happens when the client detects an issue with the authorised names covered by the certifcate present by the immediate server with which it is communicating. The end-server (your NAS) is hidden from the client when using QC and QC uses a certificate that names itself.

QC will determine the best connectivity method for accessing the NAS, sometimes this is using the QC proxy and sometimes it's a redirect to the NAS. Within the VPN tunnel it would seem that you are getting a redirect.

If you are not directly exposing the NAS to the Internet, for the services you are using (e.g. File Station), then you can use DS file's setting to ignore certificate messages .. and the other apps have the same setting.

Otherwise, if the services are directly accessible from the Internet, you could run an internal DNS that resolves your domain itself and forwards resolving for everything else. Use this for VPN and local devices and set it to mimic your Internet DNS resolution, but for local IPs.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thank you very much but I already have several gateways. Right now I see the server, I see plex from...
Replies
2
Views
174
  • Locked
Hola, tengo dos problemas con la VPN. 1 ° Con el vpn activado descargo un torrent y no me descarga, tengo...
Replies
0
Views
131
I had thought it could be dedicated too. But yesterday I was adding a vDSM 6 VM and saw those two (i) next...
Replies
7
Views
565
Good morning and thanks for the help. In the end I think I have achieved it with these steps, taken from...
Replies
7
Views
1,369
There's no configuration file for the mobile app. Plus there's no reason not to get all the licences for...
Replies
19
Views
859

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top