TransWikia.com

DiskStation: OpenVPN TLS Handshake error (self-signed cert & defaults)

Super User Asked by user199124 on November 3, 2021

I have a DS 1813+ (DSM 5 4493 Update 1 – latest) and am having issues setting up OpenVPN:

  • DS’ 3rd interface is directly connected on a static IP, with the DS firewall set to only allow the VPN app on that interface, blocking all others
    • LAN: 192.168.1.x (DS connected to it via ports 1 and 2)
    • VPN: 10.8.0.x (using default server config)

I have it working internally, but when I remotely connect, the handshake fails:

  • Log:
    12:35:10 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  5 2014
    12:35:10 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
    12:35:23 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    12:35:23 UDPv4 link local (bound): [undef]
    12:35:23 UDPv4 link remote: [AF_INET] MY STATIC IP:1194
    12:36:23 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    12:36:23 TLS Error: TLS handshake failed
    12:36:23 SIGUSR1[soft,tls-error] received, process restarting
    12:36:25 WARNING: No server certificate verification method has been enabled.  #See http://openvpn.net/howto.html#mitm for more info.
    12:36:25 UDPv4 link local (bound): [undef]
    12:36:25 UDPv4 link remote: [AF_INET]MY STATIC IP:1194
    
  • Config (Windows 8.1 64bit: OpenVPN GUI – latest):
    tls-client
    dev tun
    proto udp
    
    remote xxx.xxx.xxx.xxx 1194
    dhcp-option DNS 192.168.1.2
    redirect-gateway def1
    
    pull
    
    script-security 2
    
    # Self signed cert:
    ca ca-ds.crt
    
    auth-user-pass
    auth-nocache
    #tls-remote synology.com
    
    comp-lzo
    reneg-sec 0
    

Any ideas?

One Answer

There are two LAN's on Synology NAS, LAN1 & LAN2; make sure that Port Forwarding for 1194 is set against the LAN# that is specified in the OpenVPN General Settings page.

Answered by user1176158 on November 3, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP