The long and hopefully good documentation on creating the certificates and how to configure OpenVPN on a standard distribution can be found here.Ĭat > keys/my_ds.crt (paste the certificate content and press CRTL-D in an empty line)Ĭat > keys/my_ds.key (paste the private key content and press CRTL-D in an empty line)
Now we create a sub directory and upload our client (=NAS) certificate files. So if we change the OpenVPN configuration file it gets overwritten if we change the GUI config, but we won’t do that anymore -). The file without extension is the configuration for OpenVPN, which gets created from the GUI. You need to log in via ssh (use username root and the admin user password) and change some files and upload some new.ĭrwxr-xr-x 3 root root 4096 Feb 23 20:21.
Use anything as username/password:Īfter that save it. the CA certificate or the server IP address or DNS name. But with some magic it was easily fixed:Ĭonfigure Certificate based authenticationįirst go to the VPN window in Control Panel and configure what is possible via the GUI. First it is not possible to configure a certificate based authentication for OpenVPN in the Synology GUI and secondly if the connection got disconnected it stayed that way. First I though that must be easily done in the GUI as OpenVPN is easy for stuff like this ... but I was wrong. But I still needed to setup a certificate based OpenVPN where the NAS was the client and it needed to stay connected all the time. Normally I use standard Linux distributions as NAS systems, but in this case it had to be a real NAS (size and price was more important than performance) and it was not at my place –> so I chose a Synology DS214se. Configure a Synology NAS as OpenVPN client with certificate authentication (and make it stable)