Synology already released openvpn package for their NAS. If you are using model 209 or other more recent model than you can download and install official package and skip this lengthy article.
The official package, however, give no customization at all.
If you need customize or take full control of openvpn server, continue read this article.
This article describes all the steps to install OpenVPN in my environment so that I can access the resources (samba, ds207+ admin console, audio station..) on my DS207+ from any remote location in a secure way.
* I’ve tested and proved that OpenVPN even working on my DS101j for both server and client setup.
* Also working for DS107+ reported by user from synology forum
DS207+ firmware version DSM 2.1-0844 , 2.2-0959, 3.1-1613
ipkg source http://ipkg.nslu2-linux.org/feeds/optware/syno-x07/cross/unstable/
DS101j firmware version DSM 2.0-0731
ipkg source http://ipkg.nslu2-linux.org/feeds/optware/ds101/cross/stable
Table of Content
|Page 1||Assumptions and Pre-requisites|
|Page 2-7||Installing OpenVPN server on DS207+/DS101j|
|Page 8||Installing OpenVPN client on Windows|
|Page 9||Installing VPN Client on DS101j|
|Page 10||Install TomatoVPN 3.4 as OpenVPN Client|
|Page 11||How to allow vpn clients access all machines in the server network|
|Page 12||Important Tips for Vista|
|Page 13||VPN Server acting as internet gateway, and other useful TIPS|
|Page 14||VPN Server failover|
|Page 15||Dual authentication – Adding username and password verification|
|Page 16||Revoke a client certificate|
(click to enlarge the diagram)
OpenVPN Server network: 192.168.10.0/255.255.255.0
OpenVPN Server deployed on DiskStation with IP 192.168.10.5
OpenVPN Client network: 192.168.20.0/255.255.255.0
OpenVPN Client deployed on IBM X40 with IP 192.168.20.3
OpenVPN Virtual Subnet: 192.168.30.0/255.255.255.0
My DS207+ is located at my home in a network 192.168.10.0/255.255.255.0. My DS207+ has a fix internal IP address of 192.168.10.5. I’ll deploy OpenVPN server to the diskstation.
I’ve an IBM X40 notebook which required to access my diskstation from public environment such as internet cafe or even access via other country. The X40, however, mostly located in a network 192.168.20.0/255.255.255.0. I’ll deploy OpenVPN client (win32) to my x40 notebook.
A new VPN subnet will be created upon VPN connection is successfully established, I defined the virtual subnet as 192.168.30.0/255.255.255.0.
Replace the value above to your IP/network address.
Define the Server and Client ID
First we need to define the [Server ID] and [Client ID]. The ID must be a single word.
[Server ID] is the machine running the OpenVPN server.
[Client ID] is the machine running the OpenVPN client.
[Server ID] = server
[Client ID] = x40
- IMPORTANT! The two machines should be connected to the network with two unique subnets in order to avoid conflict of ip address. From the howto of OpenVPN, it is also suggested to consider using some uncommon subnet such as 10.30.40.0 rather than 192.168.0.1 which is very likely lead to IP conflict (example like public wifi network of airport and internet cafe).
- DS207+ is bootstrapped.
- SSH is enabled on DS207+.
- bash is already installed on ds207+, if not, run ‘ipkg install bash’