I have been using Private Internet Access for many years with my Synology NAS which worked beautifully until recently when out of the blue it just stopped working and starting complaining about a certificate error. It would appear PIA have changed something and the new OpenVPN Configuration Files don’t work with DSM 5.0.
Synology stopped supporting my NAS with DSM updates many years ago, i know i should probably upgrade but if it ain’t broke (or you can fix it), why put your hand in your pocket for a new one.
After a lot of trial and error i did finally land on a solution:
- Download the latest OpenVPN Configuration Files, i use UDP port 1198 with AES-128-CBC+SHA1, and connect via an IP address instead of the server name
- Log on to Synology, Control Panel > Network > Network Interface
- Create VPN Profile > OpenVPN
- Server address use the IP address of the VPN server, you can find the IP address by opening the .ovpn file of your chosen server in a text editor
- Enter your user name and password for PIA, the same credentials you use for the website (pXXXXXXXX)
- Import the certificate
- Select, Use default gateway on the remote network, Reconnect when the VPN connection is lost
- Click Okay and Save but don’t try and connect just yet as it won’t work
- Download and install WinSCP (just google it)
- Log on to Synology, Control Panel > Terminal and SNMP
- Enable Telnet and Enable SSH
- Open WinSCP, type the IP address of your NAS, in the user name enter ‘root’ and in the password type your administrator password
- Navigate to /usr/syno/etc/synovpnclient/openvpn
- Right click on the ‘client_’ file and select duplicate, at the end of the file name add ‘.bak’ and save (this will create a backup of the original file in case you need to revert back)
- Now right click on the ‘client_’ file again and this time select edit
- You should see a line with the IP address you entered in step 4, and a port number (1194). Change the port number to 1198
- Under that line add the following two lines of code:
cipher aes-128-cbcauth sha1 - Save the file and try the connection from Control Panel > Network > Network Interface, it should now connect. If it doesn’t make sure you have forwarded UDP port 1198 to your NAS device in your routers port forwarding page (use google)
- Now test the VPN connection is working on your NAS using IPmagnet
- Don’t forget to disable Telnet and Enable SSH when you’re done
You can find the Synology range of NAS Storage devices on Amazon here.
Pete's Tech Blog 
[…] have previously written about how to use your Synology NAS to download torrents over a VPN connection using Synology Download Station and OpenVPN, this post shows you how to use your Torrent client of […]
LikeLike
Hi, thanks for the write-up! Easy to follow and I logged in as admin, but keep getting a ‘cp: cannot create regular file [file path name] :Permission denied’ error when I attempt to copy or update the client_ file. I cannot see any file access the admin does not already have on the synology admin user so not sure what the root cause is here. Ideas?
LikeLike
Hi, thanks for the write up! Easy to follow, the only issue I have is that any time I try to save/copy/rename any file on the NAS I get a “cp: cannot create regular file [file path name]: Permission denied” error.
The admin login to the NAS has all of the necessary access, so I’m not exactly sure why I’m getting this error. Ideas?
LikeLike
Synology made some changes to permissions in DSM 6.0, you need to use the ‘sudo -i’ command to elevate your account in order to make changes to system files. I made a post on this, you can find a guide here.
LikeLike
Not sure I’m on the same page. I used windows and logged into the NAS via cmd window and ssh into it with the ‘admin’ login. Once in I do a sudo -i and enter password. This elevates it to root.
I then log in with WinSCP with the same admin username, this should now be elevated? I’m still getting the permission error when trying to duplicate/edit anything.
Many thanks, Vid
LikeLike
Sorry perhaps i should of been a little more clear. Login via SSH and elevate to root as you did previously. Then use vi to edit the ‘client_’ file. Its a different way to edit the file using the command line. HTH.
LikeLike
I hope you had a fun (and safe) Christmas and New Year.
Yes, I’ll need help using Vim – I downloaded the Mac client and tried reading through the Help file, but to be honest it made no sense to me and I couldn’t get it to do anything.
I’m a techie but never had to (Or really had an interest in) manipulating code and have resolved myself to being a script kiddie. Therefore, an ‘Idiot’s Guide’ as to how to get this to work pretty please. I’ve found no other results online for getting this fixed and in a pickle as the only other option is to use a PPTP connection which is not secure.
(Ideally, what I really need is my Unifi Pro to support OpenVPN, but that’s another story!)
LikeLike
1. Take a backup of /usr/syno/etc/synovpnclient/openvpn
2. Login via SSH, using admin account
3.
sudo -ito elevate permissions to edit system files4.
vi /usr/syno/etc/synovpnclient/openvpn(check the path and the filename exists first!)5. with the file open and contents displayed, you can press ‘i’ to enable insert mode
6. You should see a line with the IP address you entered when creating the ovpn profile, and a port number (1194). Change the port number to ‘1198’
7. Under that line add the following two lines of code:
cipher aes-128-cbcauth sha1
8. Press escape to return you to command mode where you can save your changes by typing the following command:
:wq9. Test the connection from Control Panel > Network > Network Interface, it should now connect. If it doesn’t make sure you have forwarded UDP port 1198 to your NAS device in your routers port forwarding page (use google), and also check your using the latest .ovpn configuration files
LikeLike