How to Create an OpenVPN Network Interface on a Synology NAS!

  • Post author:WunderTech
  • Post published:August 25, 2020
  • Post last modified:December 11, 2023
  • Post category:Synology / VPN
  • Reading time:7 mins read
  • Post comments:3 Comments

In this tutorial, we are going to look at how to create an OpenVPN network interface on a Synology NAS.

The process is very straight forward, but incredibly powerful. Before you can connect, you need to ensure that you have OpenVPN setup. I have a tutorial created on how you can setup OpenVPN on a Synology NAS if you haven’t set it up yet.

The process is very straight forward, but incredibly powerful. Before you can connect, you need to ensure that you have OpenVPN setup. I have a tutorial created on how you can setup OpenVPN on a Synology NAS if you haven’t set it up yet.

1. Instructions – Synology NAS OpenVPN Network Interface

1. Open the Control Panel, select Network, and then Network Interface. Select Create, then Create VPN Profile.

create vpn profile on synology dsm

2. Select OpenVPN and select Next.

openvpn selection

3. Open the .ovpn file that you will be using and add the line below. This will allow us to troubleshoot at later steps if we run into issues.

log-append /var/log/OpenVPN.log

4. At this screen, we need to configure a few different settings. Enter a Profile Name, Username, Password, and the .ovpn file that you are using from your VPN Server. NOTE: Not everyone following this tutorial will have set up OpenVPN on a Synology NAS. If you have a certificate or client key, you will need to add those as well.

adding the openvpn settings to the profile

5. The next section will determine how you’d like to connect. I select Use default gateway on remote network and Reconnect when the VPN connection is lost. I have no use for the other setting (Allow other network devices to connect through this Synology server’s internet connection), but if you have a reason for that, you can select it. Select Apply.

selecting the settings for the gateway

6. The VPN connection is now setup! To connect, right-click on the VPN profile and select Connect.

openvpn network interface

2. Troubleshooting – Synology NAS OpenVPN Network Interface

It’s very difficult to determine what’s wrong if the OpenVPN connection doesn’t work. The way that we can validate what’s happening is by creating a log file and viewing the contents of that log file. The log file will be in the location that we created above.

1. SSH into your Synology NAS and navigate to the log file. NOTE: you will need to be superuser to view the log file.

sudo su
cd /var/log
vi OpenVPN.log
connecting to the log location in synology dsm if you run into issues

2. Use the PgDn key on your keyboard to scroll to the bottom of the log. You will hopefully get some clarity on what exactly is going wrong. When I entered the wrong password, the error below is what I received.

error message in log location

3. Fix the error and try and connect!

3. Remote Backup

The majority of people will use this for off-site backups as it’s very easy to set up. If you intend on backing up terabytes of data, picking up a cheap DS220+ will save you money in the long run, as cloud storage prices are fairly expensive when you back up terabytes of data.

If you are interested in backing up your NAS to a remote Synology NAS, I created a tutorial on how you can do that.

4. Conclusion

Static route setup: by default, your local NAS will not be able to connect to your remote NAS as they are on different subnets (reverse should work). In order to get this to work, you will need to create a static route in your router.

Setting up OpenVPN is the real challenge here, as we are simply using that configuration file to connect our remote NAS to our OpenVPN server. Use the troubleshooting log to look through any errors that occur and you should be good to go! One step I recommend is creating a static IP address for your OpenVPN users. This will make it easy to connect to your off-site NAS as you’ll always know what the IP address is.

Thanks for reading the tutorial. If you have any questions, please leave them in the comments!

WunderTech

WunderTech is a website that provides tutorials and guides on various NAS, server, networking, and infrastructure-related topics. WunderTech is maintained by Frank Joseph, an IT professional with 14+ years of experience in corporate IT and application management. He focuses on sharing his experience with others on his WunderTech website and YouTube page. Frank holds a Bachelor of Science in Computer Information Systems and a master of Business Administration (MBA).

This Post Has 3 Comments

  1. Okan

    Hi WunderTech, I’ve a vpn server at home (raspberry) If i created a vpn profile for the remote synology nas and if i import the vpn profile on the remote nas can i access from home synology nas to remote synology nas like this? Still do i need to create a route on modem?

  2. Jason H

    Hello Wundertech..and thx for being a great source of info on the Synology.

    I am attempting to backup (snapshot replication) to a remote server. Both are Synology running DSM 7, both have VPN server installed with OpenVN up and running on both. i.e I can OpenVPN from a device to either server with no problems. I need to so that I can manage the servers, as not having exposed admin console to that crazy internet.

    However, here comes the problem, when I try and create a VPN connection from the local to remote server using above, DSM throws up that I have to disable OpenVPN in VPN server manager.

    So is this not possible, or do I need to have another device on my local network setup, such as a PI, then connect through that using static route to enable the VPN NAS to NAS connection and still have VPN server up on both servers ?

    1. WunderTech

      That is correct – you can have EITHER a VPN connection OR use VPN server. It’s frustrating that Synology manages it that way. The only suggestion would be to create a Virtual DSM instance and run the VPN server on that (or VPN connection, whatever would be easier). This is normally how people get around that.

Leave a Reply