Information for DSM 5.0 The certifiactes can be found here: /usr/syno/etc/ssl This page gives you good information how to create home made certificates for your Synology NAS: http://forum.synology.com/wiki/index.php/How_to_generate_custom_SSL_certificates I prefer to let a Certificate Authority sign my certificates. CA Cert offers this as a free services (https://www.cacert.org/). It will not give you 100% guarantee, but it is better then using the self signed certificates from synology:
- You can import the root certificate of the CA to most tools/OS. That way you do not need to add a security exception when connecting.
- Some tools do not allow you to add security exception, so using a self signed certificate is not an option.
Restart OpenVPN server: /var/packages/VPNCenter/target/scripts/openvpn.sh {start|stop|restart} But it does not stop, you need to kill the processes manually. But reastart works, wierd….. /usr/syno/etc/packages/VPNCenter/openvpn/openvpn.conf contains the configuration file for the OpenVPN server. Enable the logging option log-append /var/log/openvpn.log To get useful information on what is happening with the server The SSH keys used for OpenVPN can be found here:
/usr/syno/etc/packages/VPNCenter/openvpn/keys
In the config file openvpn.conf, there are pointers to these files.
note that the certificates we use are probably not from the type “server”. If you get this error when connecting to the server:
VERIFY nsCertType ERROR: CN=<yourHostName>, require nsCertType=SERVER
then remove this line from the client config:
ns-cert-type server