Jump to content
TorGuard
Guest

Synology Download Station with OpenVPN

Rate this topic

Recommended Posts

Guest

I have been struggling with setting up the Download Station P2P service on my Synology DiskStation. I want it to operate over an OpenVPN connection to my TorGuard VPN service. I've finally cracked it, so thought I'd record the steps for posterity. The problem is that the Synology VPN Client assumes the port used for the OpenVPN connection is port 1194, when it is actually port 443. To fix this, perform the following:

 

1. Download the VPN certificate files from TorGuard. http://torguard.net/downloads/TorGuardPRO.zip

2. Open the Diskstation Control Panel via the Synology Web UI.

3. Configure an OpenVPN connection using the Synology VPN Client UI. Set up the IP address of the VPN Server you wish to use, and your username and password. Import the appropriate .crt certificate from the zip file.

4. Once all is set up and saved, try to set up the connection. The connection attempt will fail. This is because the port is wrong, but it won't tell you that.

5. You now need to correct the port.

6. Enable telnet access to the Diskstation in the Terminal app of the Control Panel.

7. Login using the username root and password

8. Navigate to /usr/syno/etc/synovpnclient/openvpn

9. This is where the config files for the VPN connection are stored. If you have only set up one, there should be 3 files: a certificate file .crt, a config file .cfg and a file without an extension.

10. Copy the two files that aren't the certificate file to somewhere convenient on the shared volume on /volume1, so that they can be accessed by the file manager and edited from the PC.

11. Edit both files in something convenient like wordpad that sorts out the carriage returns. In both files the IP address of the VPN Server will be followed by the port number. Set the port number to the port number used by the server, in this case 443. The port number can be confirmed by inspecting the relevant .ovpn file downloaded in the zip file.

12. While you have the .cfg file open, ensure the redirect gateway parameter is set : redirect-gateway=_ON_ This ensures that DNS will operate over the VPN and the Download Station will be able to access the tracker URLs.

13. Once finished, save the files and overwrite the ones in the openvpn folder via telnet.

14. Now when you access the VPN Client UI and connect, the connection will succeed.

15. Note, don't press save on the VPN Client UI, else your good work will be overwritten, and you will have to start again. That's all there is to it. Once the VPN connection is set up, all network accesses that the Download Station makes will go over the VPN. You can check this by monitoring the byte count on the VPN whilst downloading.

Share this post


Link to post
Share on other sites
diskord

Hey Lee

 

This is exactly what I need. I tired to edit the files but unfortunately I cant change file permissions on them at all. Every time I try to overwrite with the new files I get a error. Any insight on that? Thanks

Share this post


Link to post
Share on other sites
Guest

When you edit and save the files, what user are they saved as? If you type ls -als * in the directory, it should show you. If the user is not the same user as the files you are trying to overwrite, you can change it by using chown. If the permissions aren't right, try chmod. Parameters for these commands can be found on the internet.

Share this post


Link to post
Share on other sites
diskord

Hey Lee,

 

I figured out what I was doing wrong. I was logging in as admin when I should have been logging in as root.

 

Thanks.

Share this post


Link to post
Share on other sites
Guest

hi i just got torguard too and i have a problem

i cant do step

8. Navigate to /usr/syno/etc/synovpnclient/openvpn

i get permission denied

i have try login as admin and as root non of them let me do it what can i do to fix that ?

Share this post


Link to post
Share on other sites
Guest

LEE G...do you notice that once you got the VPN to work in the DSM, that you can no longer access the DSM Externally? So I wanted to add it to my DD-WRT router instead...I followed their instructions and the script isn't working...Are you having the same problem as me accessing the DSM externally?

Share this post


Link to post
Share on other sites
Guest

I followed the directions and still can't connect; my login credentials work fine connecting from my Mac using Viscosity, but when I log my attempt to connect to VPN from the Synology unit I get the following logs from a failed connection:

 

Sun Dec 15 17:10:06 2013 OpenVPN 2.1.4 armle-unknown-linux [sSL] [LZO2] [EPOLL] built on Sep 16 2013

Sun Dec 15 17:10:06 2013 WARNING: file '/tmp/ovpn_client_up' is group or others accessible

Sun Dec 15 17:10:06 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Sun Dec 15 17:10:06 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Sun Dec 15 17:10:06 2013 UDPv4 link local (bound): [undef]:1194

Sun Dec 15 17:10:06 2013 UDPv4 link remote: 96.44.147.138:443

 

I've changed the ports in both of the vpn config files. Would really appreciate some input as to what to do next.

Share this post


Link to post
Share on other sites
Support

Hey RobM

 

Could you post us the full log please - I'm not seeing anything with this part of the log file.

 

Cheers

Share this post


Link to post
Share on other sites
Guest

That's all there is; I'm not sure if the Synology unit offers any more detailed logging option. If so I'm happy to try it again and post the results.

Share this post


Link to post
Share on other sites
Support

Hey RobM

 

Have you tried the PPTP option to see if this works ok for you or do you specifically want OpenVPN ?

 

Regards

Share this post


Link to post
Share on other sites
Guest

I can get PPTP to work, I can not get openVPN or LT2P/IPSec to work from the Synology box.

 

Is PPTP sufficient to avoid detection of bit torrent traffic?

Share this post


Link to post
Share on other sites
Support

Yes it will hide your IP as any VPN will.

 

Regards

Share this post


Link to post
Share on other sites
PeterR

Interesting... I was considering Synology as my next NAS, but wasn't sure if they provided root user telnet access. I take it from the above comments that they do... cool. My current Buffalo LS-Pros piss me off since I can't get to the OS...

 

That said, I presume that the OS on Synology is some flavor of BusyBox, and then likely is using a version of OpenVPN not unlike what the DD-WRT routers are using, right?

 

If that is all true, then the scripting that I have in place for my router may be of use for a Synology box, with a few tweaks for file path issues it may be directly applicable.

 

Using the torguard's supplied DD-WRT script as a basic starting point, I disassembled it creating standalone .crt, .conf, .sh files in order to reduce the use of nvram which was at its limit with all that scripting in the routers start-up script. Since my router does not have any permanent file system storage, (a problem Synology does NOT have!) I installed a "mega" version firmware build that has SAMBA support, allowing me to use a NAS share for the router on start-up. If I am connecting the dots correctly, this makes Synology's environment and mine fairly similar.

 

Share this post


Link to post
Share on other sites
Support

Hi Peter

 

Yes the synology does provide root access via SSH - its pretty stable and works really well, i have sued it for a good couple of years now.

 

And your correct we can create a script similar to what your using for the NAS, actually i should really post all these scripts on here for future reference, i will do that in the near future :)

 

Cheers

Share this post


Link to post
Share on other sites
Guest

Thanks Heaps. That worked, and there is no way I would have figured that by myself.

Share this post


Link to post
Share on other sites
Guest

Has anyone made an update for this issue? I tried the telnet fix and I was not able to get it to work.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...