Setup An OpenVPN Server On A Synology NAS Running DSM 7

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video i'll be setting up an openvpn server on a synology nas running dsm-7 i'll start off by creating a user specifically for the openvpn connection next i'll install the vpn server package and go through the steps to configure openvpn i'll then set up a ddns domain name to use with openvpn and enable external access to the openvpn port on the synology nas using port forwarding finally i'll setup and connect to the openvpn server from both the macos and windows 10 system let's start by creating an account that we'll use for the openvpn connection i'll open control panel then user and group here i'll click create user to start up the user creation wizard and enter in a username and password for the user and that's all that needs to be done so i'll click through the rest of the wizard screens to finish up the setup next we'll need to add the vpn server package from the package center and launch the application either directly from within package center or from the main menu this brings us to the overview screen where we can see the list of vpn servers that we can configure which includes openvpn under manage vpn service connection lists will display the currently connected users and give us the option to disconnect the user if needed log will provide us information on the vpn server including who connected and server status general settings lets us configure the network interface and account type to use in my case i'll leave it as lan 1 for network interface and local users for the account type being that i haven't added any other account options we can grant vpn permissions for any new local users we create which i'll uncheck and enable or disable auto block which blocks an ip address automatically if the number of failed logins within a specified period of time is reached i'll enable auto block in my setup privilege lets us specify what users can access the specific vpn servers i'll just set the user that was created earlier to be able to connect to openvpn and disable privileges for all other servers and users and apply the changes openvpn is configured under the setup vpn server section here i'll enable openvpn server which then allows me to adjust the remaining options listed on screen i'll leave these settings mostly as default but i'll run through them just in case you need to adjust them in your environment for dynamic ip address the main thing to look for is that the ip range that you choose does not conflict with any ip range you use on your lan change the default ip address range if it does maximum connection number limits how many concurrent connections can be made to the vpn server maximum connections of an account is the number of connections by an individual account that can be made at a specific point in time to the openvpn server port defaults to 1194 and you should leave it as is unless you have a good reason to change it in my case i do need to change the port number because i have another instance of openvpn running on my network using port number 1194. so i'll change the port to 1195 instead protocol is set to udp which is fine and makes for a quicker vpn connection encryption and authentication are both set by default to a very secure encryption standard and cryptographic hash algorithm respectively so i'd recommend not changing these mss fix option value limits the maximum segment size of packets sent over the vpn and the default value recommended for openvpn is 1450. enable compression on the vpn link compresses data during transfer allow clients to access server's lan permits clients to access your local lan i'll enable this option enable ipv6 server mode enables openvpn to send ipv6 addresses once you're done making changes click on apply to save your settings and click ok on this message window regarding port forwarding and firewall settings we'll use the export configuration button which downloads the configuration file and certificate needed to set up openvpn client applications a little later in the video next we'll set up ddns and port forwarding i covered both topics in a video i created earlier on remotely accessing your synology nas running dsm-7 with ddns and port forwarding where i covered each topic extensively so i won't go into much detail in this video if you'd like to view that video i'll link it in the card above and in the description below as well for ddns the goal is to set up a domain name that remains consistent as the ip address assigned by our isp changes this is all set up from the control panel in dsm-7 under external access then ddns like my earlier video i'll be using synology as the ddns provider and enter in a host name i'd like to use for openvpn i won't check the box to get a certificate from let's encrypt because we don't need an ssl certificate to set up a vpn i'll test the connection and click ok to finalize everything for port forwarding my router doesn't support upnp so i need it to manually forward ports on the router itself here is a screenshot of the port forwarding rule for openvpn note that i used port 1195 in my setup but you'll likely use port 1194 if you use the default settings in the openvpn setup earlier with the openvpn server pdns and port forwarding all set up we can now start configuring the client systems to use the vpn i'll start off by setting up a windows 10 virtual machine here i'm logged into dsm 7 and i'll go to main menu vpn server bring up the openvpn server setup and click export configuration to download the openvpn configuration zip file i'll extract the contents of the zip file and i'll open both the readme and the vpn config file the readme recommends using the openvpn client called openvpn gui and provides a link where you can download the client i'll link to the download page for the openvpn gui client in the description below as well i've already downloaded and installed the openvpn gui client so i'll start setting up the configuration file the first thing i'll do is change the server ipplaceholder text with the ddns domain name i set up earlier next we have the choice of redirecting all traffic through the vpn what is referred to as full tunneling or just traffic local to the vpn network and all other public or internet traffic goes out the client's default gateway which is called split tunneling there is a use case for each and it's up to you to decide what works best for your setup but note that full tunneling is generally considered more secure with performance taking a hit while split tunneling is the opposite performance is better but it isn't as secure of a setup in the open vpn configuration file uncommenting the redirect gateway line implements full tunneling while keeping the line commented implements split tunneling for this setup i'll uncomment the redirect gateway line for full tunneling next if you have a specific domain name server you would like to use you can uncomment the dhcp option line and enter in the ip address of the domain name server in my case i have a local dns server that i run so i'll uncomment the line and enter in its ip address you can also leave this entry disabled to use the domain name server the system is currently using i'll save the changes and copy the configuration file into the program files openvpn config directory and now openvpn gui should be all set up to test the openvpn connection i'll connect my macbook which is the host system for this windows 10 virtual machine to my iphone hotspot i should be able to launch the openvpn gui client and then right click on its icon from the windows toolbar select connect enter in the username and password and connect to the openvpn server now i'm able to connect to my synology nas and log onto dsm which is only accessible on my lan through the vpn and connect to a public website like youtube all through openvpn as well next i'll set up a mac os system using the openvpn connect client provided by openvpn inc i'll leave a link where you can download the openvpn connect client in the description below note also that the readme mentions the openvpn client tunnelblick and while i have used and still use tunnelblick i found that it doesn't work properly with the configuration file provided by synology in my testing so i'm recommending using openvpn connect because it works seamlessly with minimal changes to the configuration file i've already downloaded and installed openvpn connect on my macbook so i'll move on with the setup i've also unzipped the exported file that i downloaded from the openvpn server set up on my synology nas and i'll open the vpn config file here like the windows 10 setup i'll enter in the ddns domain name that i set up earlier in this setup i'll leave the redirect gateway line disabled to implement split tunneling so only network traffic destined to my lan uses the vpn i'll uncomment the dhcp option line and enter in the ip address of my local domain name server finally i'll add in this entry to disable the missing external certificate message that will pop up while connecting to the vpn which occurs because of the way the configuration is set up i'll also leave a link in the description below explaining this entry in further detail those are all the changes that are needed so i'll close the configuration file launch openvpn connect and import the profile in as a file by dragging the configuration file into the application i can now update the profile name enter in my username save the password if i would like and connect after importing which i'll leave unchecked once this is all set up i'll click add and now the openvpn profile is all set i'll test the vpn connection by connecting to my iphone personal hotspot and once connected i'll toggle the switch on for the openvpn profile to connect to the vpn now i'm able to access services on my lan like connecting to dsm on my synology nas as well as access sites on the internet i hope this video on setting up openvpn was helpful and if so make sure to give this video a thumbs up also let me know if you have any questions on any of the topics covered by leaving a comment down below lastly if you like this type of content consider subscribing to this channel as well thanks so much for watching

Info

Channel: Digital Aloha

Views: 52,649

Rating: undefined out of 5

Keywords: dsm 7, dsm 7.0 synology, open vpn for pc windows 10, openvpn, openvpn server, openvpn server setup, openvpn server windows, openvpn synology, synology, synology dsm 7, synology nas vpn, synology openvpn, synology vpn, synology vpn server, synology vpn server setup, vpn synology

Id: Wv4CfZ40rFE

Channel Id: undefined

Length: 12min 7sec (727 seconds)

Published: Fri Jul 23 2021