0
I have a DS 1813+ with DSM 5 4493 Update 1 installed (latest) and am having issues setting up OpenVPN
I have it working internally, (which is strange in itself) but when I remote from my house or coffee shop etc the handshake fails.
Tue Jun 17 12:35:10 2014 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Tue Jun 17 12:35:10 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Tue Jun 17 12:35:23 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 17 12:35:23 2014 UDPv4 link local (bound): [undef]
Tue Jun 17 12:35:23 2014 UDPv4 link remote: [AF_INET] MY STATIC IP:1194
Tue Jun 17 12:36:23 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 17 12:36:23 2014 TLS Error: TLS handshake failed
Tue Jun 17 12:36:23 2014 SIGUSR1[soft,tls-error] received, process restarting
Tue Jun 17 12:36:25 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 17 12:36:25 2014 UDPv4 link local (bound): [undef]
Tue Jun 17 12:36:25 2014 UDPv4 link remote: [AF_INET]MY STATIC IP:1194
I have the DS setup so that it's 3rd interface is directly connected on a static IP, the DS firewall is set for that interface to only allow the VPN app, block all others.
My main LAN uses 192.168.1.x addresses and the DS is connected to that via ports 1 and 2.
OpenVPN is all default on the server, using 10.8.0.x
Here is my config file:
dev tun
tls-client
remote MYSTATICIPISHERE 1194
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
dhcp-option DNS 192.168.1.2
pull
proto udp
script-security 2
ca ca-ds.crt
comp-lzo
reneg-sec 0
auth-user-pass
auth-nocache
#tls-remote synology.com
The DS is set with a self signed cert and I am using the latest OPENVPN GUI with windows 8.1 64bit. I have also tested on win7.
Any ideas? I'm not an expert on this so I am sure I'm just missing some fundamental network thing.
user199124
Posted 2014-06-17T17:45:20.280
Reputation: 1
That looks like the server config file. Can you also post the client config? Have you generated a certificate/key combo for your client? – Jim G. – 2014-06-17T17:53:31.933
Nope, that is the client config, the server is set to not need user certs (aside from the ca.cert); not sure how to get the file though as I only access it from a web gui. The server has a self signed cert; everything is just default per the Synology setup so I think it is a network issue, but I don't really know. – user199124 – 2014-06-17T19:38:34.117
Just one additional random hunch - are you running the OpenVPN GUI as Administrator? If not, right click the shortcut and run as Administrator, see if that makes a difference. – Jim G. – 2014-06-17T20:13:25.083