I’ve come here many times asking for thoughts, ideas, and help and figured someone might find this information useful. Awhile back I decided I wanted to invest in a 2nd Synology unit that I could have hosted at a family members house, many states away, in the event my existing one died, was lost in a storm, or fire.
I did not want to use Synology Cloud or any other packages, but wanted the remote NAS to use OpenVPN to tunnel back to my house so the main NAS could sync files to it when scheduled. I ran into a handful of issues and gave up for a bit, but finally got this working and think the various things that have resolved the issues.
Issue #1 - Could not create a VPN Profile within DSM 6x and was getting errors saying Operation Failed, Login to DSM and try again (in Chrome), and Invalid Parameters exist in the OVPN file, please use a different OVPN file (in IE).
- What I discovered was when using the OpenVPN client export tool, it puts in a parameter for ncp-ciphers. I’ve never had any issues with these profiles not working. They work on Windows, Android, Linux, etc. I contacted Synology to figure out what parameters were failing with little response from them, so I one by one removed them until it quit complaining. Here is the response from Synology which leads me to believe this might not be an issue later down the road, albeit, some of the others things I list next might break with a new version of DSM.
The parameter “ncp-ciphers” is not supported in the current openvpn client on the NAS, and we would expect that would be supported in DSM7.0 .
Issue 2 - OpenVPN client required me to manually connect it after a reboot.
- This was relatively easy to accomplish by using the steps I found on this page.
Issue 3 - Now that I had the VPN tunnel connecting at startup, I ran into this issue. If the NAS lost connectivity to my OpenVPN server for any reasonable amount of time, it would not auto reconnect and required a reboot by me calling a family member.
- I did a few different things here, but the last one really seemed to keep this reliable. First, I came across this page (it’s in French but understandable, or can be translated.) I set my reconnect_times to 500, and interval to 60.
That step seemed to help, but I discovered that sometimes the DSM software doesn’t actually realize the tunnel is down. That’s when I found this script.
I have put the script above in place, and created a scheduled task that currently runs every 15 minutes and has not failed me yet. In that script, there is a configuration parameter that is relatively new, VPN_CHECK_METHOD. I changed it from dsm_status to gateway_ping. That way even if DSM says the tunnel is up, it will try to ping the VPN tunnels gateway, and if it fails, it kills the synovpnc process and restarts it.
VPN Tunnels reconnecting with Synology DSM has been an ongoing issue for years, and with the articles and scripts listed above, this seems to be the best solution for me so far and hasn’t let me down yet.
Hope someone finds this information helpful if they are trying to setup a remote NAS over an OpenVPN tunnel into pfSense.