Synology NAS VPN client to Firewalla not working

Comments

5 comments

  • Avatar
    Firewalla

    Do you have any errors screens or error messages?

    0
    Comment actions Permalink
  • Avatar
    MGJ

    It just says failed to connect.

    I've done some searching in the meantime and it appears Synology requires keys to be uploaded in separate files but I have not found too much details.

    So I copied the CA cert section and created a CAcertificate.cert file, similarly a clientcert.cert file, a clientkey.key file and a tsl-auth.txt file. Uploaded each but I then get a invalid key error.



    Researching the error here
    https://kb.synology.com/en-af/DSM/tutorial/I_received_error_message_Invalid_private_key_when_importing_certificate

    It seems formatted accordingly


    0
    Comment actions Permalink
  • Avatar
    John Colby

    I have used the following workaround before with another openvpn provider and synology, and it also works fine for Firewalla. 

    Create a new VPN profile in synology DSM GUI: Enter a dummy username and password. Import the .ovpn file generated by firewalla but first delete the whole <key> section. This will let you add it without the errors you mentioned above.

    SSH as root into your synology NAS and navigate to:

    /usr/syno/etc/synovpnclient/openvpn/

    You will see it copied your .ovpn to something like client_o1234567890, with some additional hooks added at the end.

    Edit this file and add back in the <key> section.

    Edit this file and add the following line:

    askpass private_key_pass.txt

    Create a text file in the same directory named private_key_pass.txt containing only the private key password from the firewalla app. Change permissions so that it is only readable by root:

    sudo chmod 600 private_key_pass.txt

    You will see it has also added the synology GUI options to the file ovpnclient.conf. If you need to change any of these options (e.g. auto reconnect) in the future, change them here and not through the synology GUI. You can leave the dummy username and password here because they won't be used. 

    Now go back into the synology DSM GUI and try to connect your VPN profile. It should work. If it's still not connecting, you can enable logging in the client_01234567890 file by adding something like the following line:

    log openvpn.log

    Good luck!

    0
    Comment actions Permalink
  • Avatar
    MGJ

    Thanks, I'll take a look. Neither Firewalla nor Synology was able to find a solution to that problem.

    0
    Comment actions Permalink
  • Avatar
    Chris Whelan

    @John Colby, thank you so much for your post.  Your instructions worked for me!

    0
    Comment actions Permalink

Please sign in to leave a comment.