v2.5 and Synology OpenVPN client
-
Hi, has anyone had any success exporting an OpenVPN client profile for a Synology NAS (DSM 6.2.3-25426U3) from a clean 2.5 install?
I've used the Wizard and default settings, creating a CA, certificate and user along the way.
Using the client export package and selecting "Do not include OpenVPN 2.5 settings in the client configuration", I have an opvn file that includes:
dev tun
persist-tun
persist-key
ncp-disable
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote mydomain.com 1194 udp
verify-x509-name "mydomain.com" name
auth-user-pass
remote-cert-tls server
explicit-exit-notifyTrying to import this into the remote Synology fails with a report that it contains invalid parameters. Commenting out the "ncp-disable" entry allows it to proceed beyond this and create the VPN entry.
However, when I try to start the VPN client, Synology reports an error "Connection failed or certificate expired. Please use a valid certificate issued by the VPN server and try again". I've checked & re-checked and all of the OpenVPN server settings use the correct certificates that were created through the wizard.
My pastebin for the associated pfsense log entries for this are here.
I know that this is probably something to do with the legacy implementation of OpenVPN on the Synology, but am hoping someone may have worked out a way through this.
Thanks