0

I have a DS 1813+ (DSM 5 4493 Update 1 - latest) and am having issues setting up OpenVPN:

  • DS' 3rd interface is directly connected on a static IP, with the DS firewall set to only allow the VPN app on that interface, blocking all others
    • LAN: 192.168.1.x (DS connected to it via ports 1 and 2)
    • VPN: 10.8.0.x (using default server config)

I have it working internally, but when I remotely connect, the handshake fails:

  • Log: 
    12:35:10 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  5 2014
12:35:10 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
12:35:23 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
12:35:23 UDPv4 link local (bound): [undef]
12:35:23 UDPv4 link remote: [AF_INET] MY STATIC IP:1194
12:36:23 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
12:36:23 TLS Error: TLS handshake failed
12:36:23 SIGUSR1[soft,tls-error] received, process restarting
12:36:25 WARNING: No server certificate verification method has been enabled.  #See http://openvpn.net/howto.html#mitm for more info.
12:36:25 UDPv4 link local (bound): [undef]
12:36:25 UDPv4 link remote: [AF_INET]MY STATIC IP:1194
  • Config (Windows 8.1 64bit: OpenVPN GUI - latest): 
    tls-client
dev tun
proto udp

remote xxx.xxx.xxx.xxx 1194
dhcp-option DNS 192.168.1.2
redirect-gateway def1

pull

script-security 2

# Self signed cert:
ca ca-ds.crt

auth-user-pass
auth-nocache
#tls-remote synology.com

comp-lzo
reneg-sec 0

Any ideas?

Improve this question
3
  • That looks like the server config file. Can you also post the client config? Have you generated a certificate/key combo for your client?
    – Jim G.
    Commented Jun 17, 2014 at 17:53
  • Nope, that is the client config, the server is set to not need user certs (aside from the ca.cert); not sure how to get the file though as I only access it from a web gui. The server has a self signed cert; everything is just default per the Synology setup so I think it is a network issue, but I don't really know.
    – user199124
    Commented Jun 17, 2014 at 19:38
  • Just one additional random hunch - are you running the OpenVPN GUI as Administrator? If not, right click the shortcut and run as Administrator, see if that makes a difference.
    – Jim G.
    Commented Jun 17, 2014 at 20:13

1 Answer 1

Reset to default
0

There are two LAN's on Synology NAS, LAN1 & LAN2; make sure that Port Forwarding for 1194 is set against the LAN# that is specified in the OpenVPN General Settings page.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .