We are really stuck on OpenVPN 2.3.x on Synology?

I am new to the Synology world – and am setting up a DS920+ to sit away from home to as an off-site backup. I’m trying to get OpenVPN Client running and it wasn’t importing my OVPN config file. Dropping to command line, I find that it’s still running OpenVPN 2.3.17? Are you kidding me? This version is from 19-May-2017!!

So I will have to make my VPN insecure in order to get the Synology to connect to my VPN server? This is bonkers!

Does anyone know of a 3rd party community package with OpenVPN 2.4.x? I’ve been searching around and so far no luck – just other people complaining about being stuck on an such an old version.

EDIT: Since there was seemingly no easy way to get OpenVPN 2.4.x running, I moved over to Wireguard which does work fine. Thanks to user PastureWatch who shared the github repo to install the package on Synology.

I ditched OpenVPN on my Diskstation and started using the built-in OpenVPN-server on my Asus router…

Welcome to Synology. Don’t dare look at the output of uname -a.

I wouldn’t recommend using a vpn server on a NAS. All synology packages are outdated , docker is the same. If you want VPN search for a wireguard capable router.

Yup, it’s terrible and convinced me that security can’t be a major concern for Synology.

That being said since you are on a plus model you can use docker and install a container running the latest OpenVPN version.

Is this also the case on SRM vpnplus package?

​

Thank you

Is it feasible to run it in docker container?

I encountered this exact situation a year ago. My solution was to make a second vpn server running on my pfsense router on a different port that was much more locked down to make up for the poorer security.
I only had To change I believe the code from channel from TLS-auth in order to make it work.

What are the main security concerns in 2.3.17? Of course those that impact this use case.

As for reason: maybe they’re just delaying because of compatibility on older devices. I imagine some Synology NAS are still on kernel 3.*. Long term support is a double-edged sword.

DSM 7.0 drops old devices. It may open a path to update a few modules.

I’m new also. Can you tell me how to make this works?

1. Install VPN server on Sinology (setup port forwarding, setup dynamic ip to use synology.me as static ip, setup user that able to use the VPN)
2. Export cert in Synology server and change the IP to 192.168.x.x in the cert
3. Then go to Android Phone, Import the cert. Continue without client cert.
4. Sign in using username password

But I keep getting client rejected.

What did I do wrong?

They should release the package source on github including build script and howtobuild.

What is the best way to install wireguard server on DS720? I’m running a Ubuntu VM on it. Is it the best approach to have it running on Ubuntu or should I use Docker or something else?

Ideally it should be right on your edge device

There’s a few tutorials about to harden the OpenVPN on the NAS if that is your only route. I’ve just changed routers and the new router supports Wireguard. Just got it working and I am thinking that I am going to retire the VPN via the NAS in favour of that.

This. I switched my multisite OpenVPN network to WireGuard over the lockdown, and haven’t looked back - speeds are better, reliability is as good or better.

What’s the benefit of running wireguard as the custom Synology package instead of in docker?

Thanks for this, I was looking for a Pi but got a stuck and this is perfect for my new NAS (1511 → 1621).

Ok great – I have Wireguard up and running. I like it – simpler setup without having to manage a CA for certificates like OpenVPN. Thanks again for the suggestion!

I’m trying configure the NAS as a OpenVPN client. (My server is running 2.4.x already.) This device is going to be sitting off-site and this is how I was going to access it, etc. I’m using a cipher and TLS-crypt which both aren’t supported on 2.3.

Did this as well, had to set it to reboot daily though as it gets slowdowns after a couple of nights