Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Synology NAS DSM Connection

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
angryhippy
Posts: 2
Joined: Fri Feb 13, 2015 2:51 am

Synology NAS DSM Connection

Postby angryhippy » Fri Feb 13, 2015 3:05 am

Does anyone know how to get connected via the OpenVPN client in Synology's DSM software that comes on their NAS products? It seems straightforward, but fails for me with "Authorization Required".

The only options I have are these:

Server Address: windows-iceland.cstorm.pw
User Name: <Hash of my token>
Password: 93b66e7059176bbfa418061c5cba87dd
Port: 443
Protocol: UDP
Certificate:
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgIJAKekpGXxXvhbMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYD
VQQGEwJDQTELMAkGA1UECBMCUUMxETAPBgNVBAcTCE1vbnRyZWFsMTYwNAYDVQQK
FC1LYXRhbmEgSG9sZGluZ3MgTGltaXRlIC8gIGNyeXB0b3N0b3JtX2RhcmtuZXQx
ETAPBgNVBAsTCFRlY2ggT3BzMRcwFQYDVQQDFA5jcnlwdG9zdG9ybV9pczEnMCUG
CSqGSIb3DQEJARYYY2VydGFkbWluQGNyeXB0b3N0b3JtLmlzMB4XDTE0MDQyNTE3
MTAxNVoXDTE3MTIyMjE3MTAxNVowgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJR
QzERMA8GA1UEBxMITW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBM
aW1pdGUgLyAgY3J5cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMx
FzAVBgNVBAMUDmNyeXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRt
aW5AY3J5cHRvc3Rvcm0uaXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJaOSYIX/sm+4/OkCgyAPYB/VPjDo9YBc+zznKGxd1F8fAkeqcuPpGNCxMBLOu
mLsBdxLdR2sppK8cu9kYx6g+fBUQtShoOj84Q6+n6F4DqbjsHlLwUy0ulkeQWk1v
vKKkpBViGVFsZ5ODdZ6caJ2UY2C41OACTQdblCqaebsLQvp/VGKTWdh9UsGQ3LaS
Tcxt0PskqpGiWEUeOGG3mKE0KWyvxt6Ox9is9QbDXJOYdklQaPX9yUuII03Gj3xm
+vi6q2vzD5VymOeTMyky7Geatbd2U459Lwzu/g+8V6EQl8qvWrXESX/ZXZvNG8QA
cOXU4ktNBOoZtws6TzknpQF3AgMBAAGjggEjMIIBHzAdBgNVHQ4EFgQUOFjh918z
L4vR8x1q3vkp6npwUSUwge8GA1UdIwSB5zCB5IAUOFjh918zL4vR8x1q3vkp6npw
USWhgcCkgb0wgboxCzAJBgNVBAYTAkNBMQswCQYDVQQIEwJRQzERMA8GA1UEBxMI
TW9udHJlYWwxNjA0BgNVBAoULUthdGFuYSBIb2xkaW5ncyBMaW1pdGUgLyAgY3J5
cHRvc3Rvcm1fZGFya25ldDERMA8GA1UECxMIVGVjaCBPcHMxFzAVBgNVBAMUDmNy
eXB0b3N0b3JtX2lzMScwJQYJKoZIhvcNAQkBFhhjZXJ0YWRtaW5AY3J5cHRvc3Rv
cm0uaXOCCQCnpKRl8V74WzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB
AQAK6B7AOEqbaYjXoyhXeWK1NjpcCLCuRcwhMSvf+gVfrcMsJ5ySTHg5iR1/LFay
IEGFsOFEpoNkY4H5UqLnBByzFp55nYwqJUmLqa/nfIc0vfiXL5rFZLao0npLrTr/
inF/hecIghLGVDeVcC24uIdgfMr3Z/EXSpUxvFLGE7ELlsnmpYBxm0rf7s9S9wtH
o6PjBpb9iurF7KxDjoXsIgHmYAEnI4+rrArQqn7ny4vgvXE1xfAkFPWR8Ty1ZlxZ
gEyypTkIWhphdHLSdifoOqo83snmCObHgyHG2zo4njXGExQhxS1ywPvZJRt7fhjn
X03mQP3ssBs2YRNR5hR5cMdC
-----END CERTIFICATE-----

User avatar

cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

Re: Synology NAS DSM Connection

Postby cryptostorm_team » Fri Feb 13, 2015 5:29 am

We put this question to one of our dev team heavyweights, who has perhaps been spending a bit too much time lately working on deepDNS & webRTC to be presentable in civilised company just yet. His reply, verbatim:

my advice with any NAS is to root the bitch and use OpenVPN like a normal hakkar :E


Sooo... we'll put this to the tech support folks & see if they are a bit more constructive; more information to be posted here shortly.

Regards,

~ cryptostorm_team
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm



Topic Author
angryhippy
Posts: 2
Joined: Fri Feb 13, 2015 2:51 am

Re: Synology NAS DSM Connection

Postby angryhippy » Sat Feb 14, 2015 12:02 am

cryptostorm_team wrote:We put this question to one of our dev team heavyweights, who has perhaps been spending a bit too much time lately working on deepDNS & webRTC to be presentable in civilised company just yet. His reply, verbatim:

my advice with any NAS is to root the bitch and use OpenVPN like a normal hakkar :E


Sooo... we'll put this to the tech support folks & see if they are a bit more constructive; more information to be posted here shortly.

Regards,

~ cryptostorm_team


That's what I figured, but if someone had an easy way to force DSM to submit, I was gonna go that way


Raka74
Posts: 11
Joined: Sun Mar 29, 2015 10:24 pm

Re: Synology NAS DSM Connection

Postby Raka74 » Sun Mar 29, 2015 10:39 pm

I actually got this working FYI , don't know if completely correct but:

create a VPN connection choosing OpenVPN as follows:

https://www.dropbox.com/s/r800c4b68gige ... .png?dl=0#

Use the based token as username , something random as password (not sure if token is needed as this is configured later ) and the .crt as provided in this forum

After that ssh into the Synology and go to /usr/syno/etc/synovpnclient/openvpn

vi the client_xxxxx file and delete all lines in there.

paste the contents of the crypto storm-linux conf file u want to use in the client_xxxx file

go to the line that says auth-user-pass and put pass.txt behind this

https://www.dropbox.com/s/4iz3an8by9bhm ... 2.png?dl=0

save the file

vi a new file named pass.txt

on the first line paste the hashed token
on the second line some random password.

save the file


https://www.dropbox.com/s/rrym8hnhzf135 ... 6.png?dl=0


defecta
Posts: 1
Joined: Mon Oct 12, 2015 4:19 pm

Re: Synology NAS DSM Connection

Postby defecta » Wed Oct 21, 2015 2:58 pm

So I was following Raka74's steps above and wrestling with getting this working myself last night and finally ended up getting it to work and learned a few things along the way that I thought I would share for anyone attempting the same thing.

When creating an OpenVPN connection on the Synology it doesn't really matter what details you enter into the fields provided as you will be overwriting them anyway when you SSH into your NAS and replace the config in the client_XXXXXXXXXXX file in the following step. SSL cert included.

Also note that as soon as you use the WebGUI to edit your OpenVPN config you will lose all the required cryptos tom settings you have previously edited and saved in your SSH session and you will have to edit the client_XXXXXXXXXXX file again. (I got caught out by this in my attempts at troubleshooting my non-working connection.

When SSHing in, I had to make sure I was doing so as 'root' or else I didn't have the required permissions to create the pass.txt file.

FWIW, for my working OpenVPN connection I copy/pasted the contents of this config file but you should be able to use any from this page.


poupee

Re: Synology NAS DSM Connection

Postby poupee » Wed Aug 02, 2017 6:17 pm

Hello!
This thread seems a bit old but it is exactly what I was searching for.
I'm planning to subscribe for one year but I wanted first to have a look how to make my Synology NAS connected to the vpn.
the link to .png file is no more valid in the post above. And to be honnest, I'm not used to SSH... I'll try if it is necessary but before I want to try the .ovpn file config that Synology propose in the NAS settings.
I was wondering which .ovpn file I should download from GitHub?
Any idea?
If it is not possible, I would like to know on which line I have to put "pass.txt" in the client_xxxx file (.png no more available in Raka74 post)
Thanks for your help!
Poupee



poupe

Re: Synology NAS DSM Connection

Postby poupe » Thu Aug 03, 2017 4:55 am

Thank you for your answer!
I have tried but I can't manage to get it work.
I have follow the synology settings for openvpn with .ovpn file which are very basic:
-user name: the tocken hash generated
-passwd: anything
- I have imported the ovpn file (cstorm_linux-paris_udp.ovpn) and the ca.crt from Github, as requested in the Synology settings.

It doesn't want to connect, saying "authorisation required".
I am missing something?
thanks for your help!
poupee

User avatar

parityboy
Site Admin
Posts: 1096
Joined: Wed Feb 05, 2014 3:47 am

Re: Synology NAS DSM Connection

Postby parityboy » Thu Aug 03, 2017 5:41 pm

@poupee

Does "authorisation required" come up immediately or after it tries to connect? Can you post any logs? If after, it could be that it is receiving AUTH_FAILED from the exit node. If that's the case, check your token at the token checker in my sig.

It could be that either a) the token hash is incorrect (there's a space at either end) or b your token has hit its session limit.

If you have a Linux machine, you could enter this in a terminal:

Code: Select all

echo -n <token> | sha512sum

This will give you a valid hash.


poupe

Re: Synology NAS DSM Connection

Postby poupe » Thu Aug 03, 2017 7:15 pm

"Authorisation required" alert comes about 10sec after trying to connect. It is not immediate.
DSM synology does not allow me to have a space before or after the hash in the vpn settings. I just copy/paste the hash from the calculator.
I have no other devices using this token. So I should not have session limit.
I'll post the logs later tonight as I'm not home. (well, I'l try to find where it is as I never needed it before).
last, sorry I have not a linux machine.
My question for the moment is: should I try to edit the config file via ssh as shown by Raka74 in this post and creat/add the pass.txt file?
I have not done it because I thought that it was a bit different than what Raka74 did, as I have already import the config file with the .ovpn file importation in Synology.
But if you advice me to do so, where should I had the pass.txt in the config file? Raka74 said "go to the line that says auth-user-pass and put pass.txt behind this". It's not clear to me (.png link Raka74 posted is no more available).
THX for you patience!
Poupee


poupe

Re: Synology NAS DSM Connection

Postby poupe » Thu Aug 03, 2017 7:19 pm

Parityboy said: check your token at the token checker in my sig.

Could you explain me how to do this?
Sorry...!

poupee


poupe

Re: Synology NAS DSM Connection

Postby poupe » Thu Aug 03, 2017 11:16 pm

Here is the log:
Hope it helps.

2017-08-03T15:54:15+02:00 zepto gateway_change hook event: NEW 192.168.1.1 on eth0
2017-08-03T15:54:16+02:00 zepto openvpn[644]: WARNING: file '/tmp/ovpn_client_up' is group or others accessible
2017-08-03T15:54:16+02:00 zepto openvpn[645]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-08-03T15:54:17+02:00 zepto openvpn[645]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-08-03T15:54:24+02:00 zepto gateway_change hook event: DEL 192.168.1.1 on eth0
2017-08-03T15:54:26+02:00 zepto synovpnc: connection.c:1303 CreateOVPNConnection(o1501749863) failed
2017-08-03T15:54:26+02:00

User avatar

parityboy
Site Admin
Posts: 1096
Joined: Wed Feb 05, 2014 3:47 am

Re: Synology NAS DSM Connection

Postby parityboy » Mon Aug 07, 2017 1:50 am

@poupee

Click on the token checker link and then in the input box paste in your token. It will tell you if the token is valid. :)


Return to “member support & tech assistance”

Who is online

Users browsing this forum: No registered users and 14 guests

cron

Login