How to: Setup Private Internet Access OpenVPN connection on a Synology NAS (DSM 5.0)

I have been using Private Internet Access for many years with my Synology NAS which worked beautifully until recently when out of the blue it just stopped working and starting complaining about a certificate error. It would appear PIA have changed something and the new OpenVPN Configuration Files don’t work with DSM 5.0.

Synology stopped supporting my NAS with DSM updates many years ago, i know i should probably upgrade but if it ain’t broke (or you can fix it), why put your hand in your pocket for a new one.

After a lot of trial and error i did finally land on a solution:

  1. Download the latest OpenVPN Configuration Files, i use UDP port 1198 with AES-128-CBC+SHA1, and connect via an IP address instead of the server name
  2. Log on to Synology, Control Panel > Network > Network Interface
  3. Create VPN Profile > OpenVPN
  4. Server address use the IP address of the VPN server, you can find the IP address by opening the .ovpn file of your chosen server in a text editor
  5. Enter your user name and password for PIA, the same credentials you use for the website (pXXXXXXXX)
  6. Import the certificate
  7. Select, Use default gateway on the remote network, Reconnect when the VPN connection is lost
  8. Click Okay and Save but don’t try and connect just yet as it won’t work
  9. Download and install WinSCP (just google it)
  10. Log on to Synology, Control Panel > Terminal and SNMP
  11. Enable Telnet and Enable SSH
  12. Open WinSCP, type the IP address of your NAS, in the user name enter ‘root’ and in the password type your administrator password
  13. Navigate to /usr/syno/etc/synovpnclient/openvpn
  14. Right click on the ‘client_’ file and select duplicate, at the end of the file name add ‘.bak’ and save (this will create a backup of the original file in case you need to revert back)
  15. Now right click on the ‘client_’ file again and this time select edit
  16. You should see a line with the IP address you entered in step 4, and a port number (1194). Change the port number to 1198
  17. Under that line add the following two lines of code:
    cipher aes-128-cbc
    auth sha1
  18. Save the file and try the connection from Control Panel > Network > Network Interface, it should now connect. If it doesn’t make sure you have forwarded UDP port 1198 to your NAS device in your routers port forwarding page (use google)
  19. Now test the VPN connection is working on your NAS using IPmagnet
  20. Don’t forget to disable Telnet and Enable SSH when you’re done

 

8 thoughts on “How to: Setup Private Internet Access OpenVPN connection on a Synology NAS (DSM 5.0)

  1. Hi, thanks for the write-up! Easy to follow and I logged in as admin, but keep getting a ‘cp: cannot create regular file [file path name] :Permission denied’ error when I attempt to copy or update the client_ file. I cannot see any file access the admin does not already have on the synology admin user so not sure what the root cause is here. Ideas?

    Like

  2. Hi, thanks for the write up! Easy to follow, the only issue I have is that any time I try to save/copy/rename any file on the NAS I get a “cp: cannot create regular file [file path name]: Permission denied” error.

    The admin login to the NAS has all of the necessary access, so I’m not exactly sure why I’m getting this error. Ideas?

    Like

    • Synology made some changes to permissions in DSM 6.0, you need to use the ‘sudo -i’ command to elevate your account in order to make changes to system files. I made a post on this, you can find a guide here.

      Like

      • Not sure I’m on the same page. I used windows and logged into the NAS via cmd window and ssh into it with the ‘admin’ login. Once in I do a sudo -i and enter password. This elevates it to root.

        I then log in with WinSCP with the same admin username, this should now be elevated? I’m still getting the permission error when trying to duplicate/edit anything.

        Many thanks, Vid

        Like

      • Sorry perhaps i should of been a little more clear. Login via SSH and elevate to root as you did previously. Then use vi to edit the ‘client_’ file. Its a different way to edit the file using the command line. HTH.

        Like

  3. I hope you had a fun (and safe) Christmas and New Year.

    Yes, I’ll need help using Vim – I downloaded the Mac client and tried reading through the Help file, but to be honest it made no sense to me and I couldn’t get it to do anything.

    I’m a techie but never had to (Or really had an interest in) manipulating code and have resolved myself to being a script kiddie. Therefore, an ‘Idiot’s Guide’ as to how to get this to work pretty please. I’ve found no other results online for getting this fixed and in a pickle as the only other option is to use a PPTP connection which is not secure.

    (Ideally, what I really need is my Unifi Pro to support OpenVPN, but that’s another story!)

    Like

    • 1. Take a backup of /usr/syno/etc/synovpnclient/openvpn
      2. Login via SSH, using admin account
      3. sudo -i to elevate permissions to edit system files
      4. vi /usr/syno/etc/synovpnclient/openvpn (check the path and the filename exists first!)
      5. with the file open and contents displayed, you can press ‘i’ to enable insert mode
      6. You should see a line with the IP address you entered when creating the ovpn profile, and a port number (1194). Change the port number to ‘1198’
      7. Under that line add the following two lines of code:
      cipher aes-128-cbc
      auth sha1

      8. Press escape to return you to command mode where you can save your changes by typing the following command:
      :wq
      9. Test the connection from Control Panel > Network > Network Interface, it should now connect. If it doesn’t make sure you have forwarded UDP port 1198 to your NAS device in your routers port forwarding page (use google), and also check your using the latest .ovpn configuration files

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s