Hi all,
I want to connect a Asus RT-AC68U router at a remote location as a client to a VPN Server that I'm hosting on my Synology NAS.
The VPN server on the NAS uses the Synology DNS service (abc.synology.com redirects to my ISPs IP address), and has issued a self-signed certificate on that hostname.
Connecting via Windows, iPhones, even the Asus vanilla firmware always works, but on the Merlin firmware I cannot get it up and running.
On the other clients I only authenticate using the certificate and username/password.
My openvpn config is attached below.
What I've already tried:
- Manually filling in the servername abc.synology.com in Merlin, for some reason the .ovpn import does not pick this up
- Hardcoding the key "Certificate authority" in Merlin
- Additional parameter in custom configuration
verify-x509-name 'C=TW, L=Taipel, O=Synology Inc., CN=Synology Inc. CA' name
remote-cert-tls server`
I'm continuously running into TLS errors however:
error:1416F086:lib(20):func(367):reason(134):Jan 8 14:16:54 ovpn-client2[14977]: TLS_ERROR: BIO read tls_read_plaintext errorJan 8 14:16:54 ovpn-client2[14977]: TLS Error: TLS object -> incoming plaintext read errorJan 8 14:16:54 ovpn-client2[14977]: TLS Error: TLS handshake failed
Hope somebody can help me out!
I want to connect a Asus RT-AC68U router at a remote location as a client to a VPN Server that I'm hosting on my Synology NAS.
The VPN server on the NAS uses the Synology DNS service (abc.synology.com redirects to my ISPs IP address), and has issued a self-signed certificate on that hostname.
Connecting via Windows, iPhones, even the Asus vanilla firmware always works, but on the Merlin firmware I cannot get it up and running.
On the other clients I only authenticate using the certificate and username/password.
My openvpn config is attached below.
What I've already tried:
- Manually filling in the servername abc.synology.com in Merlin, for some reason the .ovpn import does not pick this up
- Hardcoding the key "Certificate authority" in Merlin
- Additional parameter in custom configuration
verify-x509-name 'C=TW, L=Taipel, O=Synology Inc., CN=Synology Inc. CA' name
remote-cert-tls server`
I'm continuously running into TLS errors however:
error:1416F086:lib(20):func(367):reason(134):Jan 8 14:16:54 ovpn-client2[14977]: TLS_ERROR: BIO read tls_read_plaintext errorJan 8 14:16:54 ovpn-client2[14977]: TLS Error: TLS object -> incoming plaintext read errorJan 8 14:16:54 ovpn-client2[14977]: TLS Error: TLS handshake failed
Hope somebody can help me out!
Code:
dev tun
tls-client
remote abc.synology.com 1194
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
cipher AES-256-GCM
auth SHA512
auth-user-pass
client-cert-not-required
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>