How to configure Synology 5.1 NAS

This is the tutorial on how to set up your Synology NAS based on DiskStation Manager (DSM) 5.1 version. The instructions were made for connection to the Swedish #3 server. Special thanks to @davmojo for providing these instructions.

1. Login to your Synology NAS control panel.

Synology NAS DSM 瀏覽器登入頁面,位址 192.168.1.1,顯示管理員使用者名稱、密碼欄位與 Sign in 按鈕

2. Go to Control Panel.

Synology DSM 桌面,紅色箭頭指向 Control Panel 圖示

3. Go to Network.

Synology Control Panel,Connectivity 區段中 Network 選項已醒目顯示

4. Create a new VPN Profile.

Synology Network Interface 標籤,Create 下拉選單已開啟,'Create VPN profile' 選項已醒目顯示

5. Choose OpenVPN option.

Synology Create Profile 對話框,VPN 連線方法已選取 OpenVPN 選項

6. Download the latest CA certificates from this link and extract the package.

7. Return to your web browser and enter the following details:

Profile Name – choose any name you like;
Server Address – the NordVPN server hostname or IP address;
User name – your NordVPN service username;
Password – your NordVPN service password;

You can find your NordVPN service credentials (service username and service password) in the Nord Account dashboard:

  1. Click Set up NordVPN manually.

    Nord Account Services > NordVPN 頁面,側邊欄 NordVPN 已醒目顯示,'Set up NordVPN manually' 按鈕可見
     
  2. You will receive a verification code in your email that you use for NordVPN services. Type the code in: 

    Nord Account 'Verify your email' 畫面,含驗證碼輸入欄位,需輸入電子郵件收到的驗證碼
     
  3. Copy the credentials using the “Copy” buttons on the right:

    Nord Account 手動設定頁面,顯示服務憑證,Username 與 Password 欄位及複製按鈕已醒目顯示
     
Port – 1194 (recommended);
Protocol – UDP (recommended);
Cerificate – go to the folder where you have extracted the CA certificates and select the corresponding CA certificate to the server you will use.

Click Next.

Synology Create Profile 一般設定表單,NordVPN 設定檔名稱、伺服器位址 178.73.210.104、連接埠 1194、UDP 通訊協定與憑證欄位

 

8. On the Advanced settings screen – enable all the options.

Synology Create Profile 進階設定畫面,四個選項均已勾選,包含壓縮、預設閘道與重新連線

9. Click Apply and you will return to the Network Interface list.

Synology Network Interface 清單,顯示 VPN - NordVPN_OpenVPN 設定檔處於已中斷連線狀態

10. If you click the VPN Profile you have just created and click connect you will see the following error in red.

Synology Network Interface,顯示 VPN - NordVPN_OpenVPN,含紅色錯誤訊息 'Connection failed or certificate expired'

11. You will now need to manually edit the OpenVPN profile on your Synology NAS. To do so you need to SSH as root.
Firstly enable SSH from the Terminal & SNMP option.

Synology Control Panel Terminal & SNMP 設定,'Enable SSH service' 核取方塊已勾選,連接埠設為 22

12. Now open your favorite terminal/ssh program (Mac OSX Terminal shown here) and type:
ssh root@(ip of your synology).

The root password is the password of your administrator user (you may have changed it when initializing your NAS).

macOS Terminal 視窗,顯示以 root 身分成功 SSH 登入 Synology NAS(192.168.1.1),含 Synology 提示字元

13. Now you need to change directories. Type and then press enter at the end of the line:

cd /usr/syno/etc/synovpnclient/openvpn
ls -al

In the screenshot below you see three files:
– ca_.crt is the certificate you have uploaded (ca.crt);
– client_ is the file containing the OpenVPN configuration;
– ovpnclient.conf contains the Synology setup for OpenVPN connections.

SSH 終端機,顯示 Synology OpenVPN 目錄的 ls -al 輸出,列出 ca_.crt、client_ 與 ovpnclient.conf 檔案

14. You need to create a new file which contains the tls-auth key.
Using vi is the easiest way to do this. Type: (replace with the actual connection id)
vi tls_auth_.key

SSH 終端機,顯示更新後的目錄清單與建立 tls_auth_.key 檔案的 vi 指令

15. Return to the directory where you have extracted CA certificates. You can also see the TLS-AUTH.key files there. Select the corresponding TLS-AUTH.key file to the server you are setting up the connection with and open it with a text editor program. Copy all the text in the file.

16. Open the terminal window again. Press A and then paste the text you have copied from the TLS-auth.key file. It should look similar to the text below.

SSH 終端機 vi 編輯器,顯示貼入 tls-auth 金鑰檔案的 OpenVPN Static Key V1 內容

17. Press Escape and then type :wq

SSH 終端機 vi 編輯器,已輸入 :wq 指令以儲存並離開 tls-auth 金鑰檔案

18. If you would list the content of the directory using ls -al command you should see something similar to the image below.

SSH 終端機,顯示 ls -al 輸出,確認新建立的 tls_auth_o1430912123.key 檔案已列於目錄中

19. Now you need to finish the client_(connection_id) file. Using vi open the file and add the following,  remember to replace the TLS-AUTH.key file with the name of the keyfile you have created earlier:

cipher AES-256-CBC
remote-cert-tls server
auth SHA512
tls-auth tls_auth_o1430912123.key 1
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
log-append /volume1/tmp/NordVPN.log

It should look similar to the image below.

SSH 終端機 vi 編輯器,顯示 OpenVPN 客戶端設定檔,已新增 cipher、tls-auth 與其他 NordVPN 連線設定

20. Save the file by pressing Escape, typing :wq

21. Return to your web browser window. Click Connect and you will see the Connecting sign. Please wait for up to 2 minutes.

Synology Network Interface,顯示 VPN - NordVPN_OpenVPN,狀態為 'Connecting'

22. If everything is done properly you will be connected to VPN.

Synology Network Interface,顯示 VPN - NordVPN_OpenVPN,狀態為 'Connected',IP 位址 10.8.8.66 與傳輸統計資料

23. To disconnect simply click on Disconnect button in the Synology Network list.

本文是否有幫助?

仍遇到問題嗎?

  • 即時聊天

  • 電子郵件表格

點擊「與客服人員洽談」即表示您同意我們的服務條款,並確認已閱讀我們的隱私權政策。 聊天功能仰賴 Cookie。 開始聊天,即表示您同意使用 Cookie。 如欲進一步了解,請參閱我們的 Cookie 政策.