OVPN SF1200 client to Synology NAS

Mitch99 · September 19, 2022, 6:00pm

Hi

New owner of GL iNet router here, and tbh a bit of a tech biff. I bought the router to connect to my DS713+ in UK, from my house in Belgium. When i try loading the OVPN file that works just fine on my laptop, it comes up failed every time, below is the config file, any help appreciated;

dev tun
tls-client

remote *MY NAS ADDRESS* 1723

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto tcp-client

script-security 2


comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
MIIDTTCCAragAwIBAgIJAJRIAasM8NLSMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD
VQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkxFjAUBgNV
BAoMDVN5bm9sb2d5IEluYy4xHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
eTEZMBcGA1UEAwwQU3lub2xvZ3kgSW5jLiBDQTEjMCEGCSqGSIb3DQEJARYUcHJv
ZHVjdEBzeW5vbG9neS5jb20wHhcNMTUwMTE1MTU0NjA5WhcNMzQxMDAyMTU0NjA5
WjCBpzELMAkGA1UEBhMCVFcxDzANBgNVBAgMBlRhaXdhbjEPMA0GA1UEBwwGVGFp
cGVpMRYwFAYDVQQKDA1TeW5vbG9neSBJbmMuMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxGTAXBgNVBAMMEFN5bm9sb2d5IEluYy4gQ0ExIzAhBgkqhkiG
9w0BCQEWFHByb2R1Y3RAc3lub2xvZ3kuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJD88cI/MESwBnawEaF1xBbWoTYcbflnGd+9vyF9zPVrYu+rHBYM8Q
/0WhrWPUx7XW5dj22lUBtiIqUbMH4ZGn3dZXwzHyGZ6jwHXkIVSOtSD5sN6UCaPt
FCEPQkS/r1daWzVc7gYVluR+6WlTDfOnrQWYzQGjdNmUtTUnAbffvQIDAQABo38w
fTAfBgNVHREEGDAWgRRwcm9kdWN0QHN5bm9sb2d5LmNvbTAPBgNVHRMECDAGAQH/
AgEAMDYGCWCGSAGG+EIBDQQpFidtb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gQ0Eg
Y2VydGlmaWNhdGUwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GB
AHFMlMqbZSqw6rWuXhgtzHZgGVSHYsmbF3eiu3xM5ciaDb8de/S7pmefIknAtC4p
2flRGU6fi8Dyrhc70qXlsRZXNEbo119H33HHRiuNmJZbsqIqmrpmh3SaLYwiTggL
KMRfhoihEvYQTTILs+rxyGK3wefrf7N3v7Py94YYLP0i
-----END CERTIFICATE-----

</ca>

alzhao · September 21, 2022, 8:07am

Can you remove this line

comp-lzo

Mitch99 · September 21, 2022, 10:31am

Compression? I did, and it loaded to router ok, and connected to sysnology ok, but couldn’t browse with it removed, put it back and it’s fine.

Mitch99 · September 21, 2022, 10:33am

Also it seems BT is blocking UDP 1194, as i cannot connect to synology with OPENvpn set to UDP/1194, port is allowed on router.

Mitch99 · September 21, 2022, 10:33am

Hence why i am using tcp/1723

alzhao · September 21, 2022, 10:35am

Can you explain? I thought you said it does not work at all on the router. But this times you said it connects.

Mitch99 · September 21, 2022, 2:49pm

Sorry, i was able to modify file and load, and connect with following;

dev tun
tls-client

remote MY SYNOLOGY IP 1723

float

redirect-gateway def1

pull
proto tcp

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass

-----BEGIN CERTIFICATE-----
MIIDTTCCAragAwIBAgIJAJRIAasM8NLSMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD
VQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkxFjAUBgNV
BAoMDVN5bm9sb2d5IEluYy4xHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
eTEZMBcGA1UEAwwQU3lub2xvZ3kgSW5jLiBDQTEjMCEGCSqGSIb3DQEJARYUcHJv
ZHVjdEBzeW5vbG9neS5jb20wHhcNMTUwMTE1MTU0NjA5WhcNMzQxMDAyMTU0NjA5
WjCBpzELMAkGA1UEBhMCVFcxDzANBgNVBAgMBlRhaXdhbjEPMA0GA1UEBwwGVGFp
cGVpMRYwFAYDVQQKDA1TeW5vbG9neSBJbmMuMR4wHAYDVQQLDBVDZXJ0aWZpY2F0
ZSBBdXRob3JpdHkxGTAXBgNVBAMMEFN5bm9sb2d5IEluYy4gQ0ExIzAhBgkqhkiG
9w0BCQEWFHByb2R1Y3RAc3lub2xvZ3kuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJD88cI/MESwBnawEaF1xBbWoTYcbflnGd+9vyF9zPVrYu+rHBYM8Q
/0WhrWPUx7XW5dj22lUBtiIqUbMH4ZGn3dZXwzHyGZ6jwHXkIVSOtSD5sN6UCaPt
FCEPQkS/r1daWzVc7gYVluR+6WlTDfOnrQWYzQGjdNmUtTUnAbffvQIDAQABo38w
fTAfBgNVHREEGDAWgRRwcm9kdWN0QHN5bm9sb2d5LmNvbTAPBgNVHRMECDAGAQH/
AgEAMDYGCWCGSAGG+EIBDQQpFidtb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gQ0Eg
Y2VydGlmaWNhdGUwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4GB
AHFMlMqbZSqw6rWuXhgtzHZgGVSHYsmbF3eiu3xM5ciaDb8de/S7pmefIknAtC4p
2flRGU6fi8Dyrhc70qXlsRZXNEbo119H33HHRiuNmJZbsqIqmrpmh3SaLYwiTggL
KMRfhoihEvYQTTILs+rxyGK3wefrf7N3v7Py94YYLP0i
-----END CERTIFICATE-----

Am getting about 7mbps to synology over tunnel, which is just enough for BBC iplayer and Netflix, i think i will buy another SF1200 and use as wireguard server in UK

alzhao · September 22, 2022, 5:10am

Can you explain what is the modification exactly?

I could do comparision directly but it would be nice that you just state it explicitly.