Monday, August 26, 2013

Cyber Monday - Setting up an VPN with Synology on your computer Part 2 of 3

To begin setting up the VPN on your windows computer, you'll want to first go to OpenVPN's website and download the latest version: here.  As of this writing it's version 2.3.2 released on June 6, 2013 (2013.06.03). Once installed it'll create a nice icon on the start menu like so:

Now the easy part: Log into your synology server and go to the VPN section as described in Part 1 of this series (find the link below).  From there you should open the downloaded zip configuration files.  Unzip these files and navigate to C:\Program Files\OpenVPN\config.  Place the ca.crt and openvpn.ovpn files inside of the folder. 

Lastly, open openvpn.ovpn with your text editor, I like notepad personally, and on the third line it will say: remote YOUR_SERVER_IP 1194

This is where IP can be typed in; it can be found easily by going to whatsmyip.org or going to your router and see what IP address it has been issued.

To use the VPN, open up the program and you should be prompted for a username and password.


In this prompt you'll type in the synology username and password that has access and hopefully you'll connect right away. If you can't connect try closing your web browser and other things that access the internet and connect again.

Note: For mac users, you can use Tunnelblick to vpn as well.

Check out Part 1 of 3
Check out Part 2 of 3
Check out Part 3 of 3
Check out the bonus stuff!

Monday, August 19, 2013

Cyber Monday - Setting up an VPN with Synology Part 1 of 3

So recently, I was traveling abroad and wanted access to my files at home and wanted to make sure to have (more) secure access to the internet for the future. In doing so, I found out several things:

1.  PPTP is NOT secure due to its MS-CHAP v2,  PPTP's authentication protocol. Currently there are ways to penetrate them easily. (Side note: even its creator, Microsoft, has abandoned it!)
2.  OpenVPN is secure (at least for now), fast, reliable, and diverse (described below).
3.  There are a ton of ways to setup a VPN server and OpenVPN is available for apple products, android, and windows.

The two most interesting ways I found to setup OpenVPN was using Untangle. I really like Untangle for the reason that they can filter all of your internet traffic BEFORE it goes to your system, it can filter viruses out, install a secure firewall, intrusion detection system, spyware filter, phish filter, etc. It is absolutely amazing, free (or pay for premium), and easy on resources. I did install it on a spare laptop to see how exactly it runs and really enjoyed its ease of use and simplicity. However, you do need a dedicated system for it and it will slow your traffic down slightly.

At my home, I don't have the resources (i.e. a spare PC or laptop with 2+ nic cards) to run Untangle, so instead, I used my Synology server (DSM 4.2-3211) and opened a port on my router to the outside world for my VPN setup. So, lets get started!

Setting up the Server:

1. Log into your synology device and open up the Package Center and install the VPN Server


2. Once installed, it will create an icon on the dropdown menu.




















3. Once open, select OpenVPN in the Settings Folder and enable it.  I chose to have a maximum of 3 simultaneous connections as I don't have many users in my home and feel safer limiting the number of instances possible. Likewise, I wanted the speed to be as fast as possible, so I enabled compression on the VPN link.  Next, you should go to the Privileges and choose who has access to the VPN. Under General Settings, you can also allow newly created users to automatically have access if you choose. Once set, export the configuration files and you're good to go.  
 

4. To be extra safe, you'll probably want to enable the AutoBlock under the General Settings as well. This will help prevent those nice people from China & Niagara from permanently gaining access to your server once they find it (Like they tried to do to a friend's synology server).  

5. Now you'll likely want to punch a hole into your router to allow for the server to have access to the outside world. If you're setting up a VPN you'll hopefully know how to do this, however, there are two ways, one would be to place your whole Synology server outside of the firewall using DMZ, sort of defeating the purpose of the work you just did, the other, which I HIGHLY recommend, is just port forwarding. Depending on your setup you'll type in the IP address of your synology server, and the port to forward (port 1194 & UDP only).

Congrats the OpenVPN server is now set up!  Next you'll need to setup the client side of it.  Check out how to setup the client for windows in Part 2, and for an android & apple iphone device in part 3.  Also a short bonus page of advanced things you can do to your synology with OpenVPN like IP forwarding.