MT300 Synology OpenVPN does not work

Teebs · April 10, 2024, 12:01pm

I’ve tried following these instructions but I still can’t get the VPN to my synology NAS to work from the GL-MT300 router. When I try to connect I just get this screen.

I’ve tried both TCP and UPD with the same result. The same ovpn file works fine when I use it directly from my laptop. Can anyone tell me what I might be doing incorrectly.

Remaking in or out ‘#redirect-gateway def1’ and ‘#dhcp-option DNS 10.0.0.1’ seems to make no difference. Using the actual Servers IP address on the internet makes no difference.

Here’s my ovpn file contents.

dev tun
tls-client

remote MY-QUICK-CONNECT_ADD 1194	

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS 10.0.0.1

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto tcp

script-security 2


#comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass

client-cert-not-required

<ca>
-----BEGIN CERTIFICATE-----
Removed
-----END CERTIFICATE-----


</ca>

admon · April 11, 2024, 5:40am

Please share the log files of your router showing the issue.

Teebs · April 11, 2024, 6:55am

Thu Apr 11 06:28:10 2024 daemon.info dnsmasq-dhcp[20827]: DHCPACK(br-lan) 192.168.8.216 00:26:b9:06:59:6a Teebs007
Thu Apr 11 07:53:29 2024 user.info : 1249: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn3, serverfile=TeebayWebFullTCP.ovpn
Thu Apr 11 07:53:29 2024 user.debug : ------ss-redir is not running!------
Thu Apr 11 07:53:29 2024 user.info : 1326: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn3/TeebayWebFullTCP.ovpn, glconfig.openvpn.clientid=ovpn3
Thu Apr 11 07:53:31 2024 daemon.info dnsmasq[20827]: exiting on receipt of SIGTERM
Thu Apr 11 07:53:31 2024 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Thu Apr 11 07:53:31 2024 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: started, version 2.80 cachesize 150
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: DNS service limited to local subnets
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq-dhcp[16904]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain test
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain onion
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain localhost
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain local
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain invalid
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain bind
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain lan
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: reading /tmp/resolv.conf.auto
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain test
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain onion
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain localhost
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain local
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain invalid
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain bind
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using local addresses only for domain lan
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: using nameserver 10.0.0.1#53
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: read /etc/hosts - 4 addresses
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq[16904]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Thu Apr 11 07:53:32 2024 daemon.info dnsmasq-dhcp[16904]: read /etc/ethers - 0 addresses

admon · April 11, 2024, 7:03am

These log lines don’t include the OVPN ones. Did you try to reconnect before?

alzhao · April 11, 2024, 8:30am

First, you can upgrade to latest firmware 4.x.

Second, if you still have problems, you can send me a real ovpn file and I can find out the reason quickly.

Teebs · April 11, 2024, 1:23pm

How would I upgrade to 4.x? I have already upgraded to the latest version offered to me via the upgrade menu option, which is 3.216

Teebs · April 11, 2024, 1:26pm

I tried to connect to the OpenVPN and these were the logs produced. It does seem to mention OpenVPN in the first few lines.

Thu Apr 11 06:28:10 2024 daemon.info dnsmasq-dhcp[20827]: DHCPACK(br-lan) 192.168.8.216 00:26:b9:06:59:6a Teebs007
Thu Apr 11 07:53:29 2024 user.info : 1249: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn3, serverfile=TeebayWebFullTCP.ovpn
Thu Apr 11 07:53:29 2024 user.debug : ------ss-redir is not running!------
Thu Apr 11 07:53:29 2024 user.info : 1326: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn3/TeebayWebFullTCP.ovpn, glconfig.openvpn.clientid=ovpn3
Thu Apr 11 07:53:31 2024 daemon.info dnsmasq[20827]: exiting on receipt of SIGTERM
Thu Apr 11 07:53:31 2024 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!

admon · April 11, 2024, 1:26pm

3.x is EOL (more or less)

Upgrading to 4.x is necessary, but must be done manually. All settings will be lost.
You will find the newest updates here: https://dl.gl-inet.com/

Teebs · April 11, 2024, 2:13pm

I’ve upgraded to the latest 4.x firnware but still having problems.

I wanted to send you the complete log but when I try to export it it says it is or has a virus.

admon · April 11, 2024, 2:52pm

The line above looks like the error to me: It appears that the config isn’t correct - maybe it was generated for an older OpenVPN version?

Teebs · April 11, 2024, 4:23pm

The ovpn file is being created by Synology NAS. However I’ve been able to get a connection now. I had to remove the line
‘client-cert-not-required’
from the ovpn file. It seems to be working now, although I’ll have to do some more tests using my phone as the internet connection because currently I’m connected locally to the same network I’m trying to VPN to.

I think I’ve got it now so thanks for the help, it pointed me in the right direction. If I have more problems actually connecting remotely I’ll get back to you.

Thanks for now!

Teebs · April 11, 2024, 4:39pm

I’ve just connected through my phones 4G connection via tethering and it all looks good. Thanks again for the help.