Monday, October 21, 2013

OpenVPN bonus

This post will mostly be technical material for the casual linux user and adventurous home user.
Disclaimer: I take no responsibility for anything breaking in your device. Please be careful!

Lets get the details of my server and how to discover them for yourself.

First, log into your synology through SSH as root. If you are using a windows computer, I recommend using PUTTY.  Next lets find out what version of OpenVPN you are using, type in openvpn --version  and you should get an output like below

OpenVPN 2.1.4  armle-unknown-linux [SSL] [LZO2] [EPOLL] built on Mar 9 2013
Originally developed by James Yonan
Next, you can find out what version of linux you are running by typing in: cat /proc/version From that we can find out it's linux  gcc version 4.2.1

One security feature that (should) already be in the configuration files is proto udp. OpenVPN can run using either TCP or UDP protocol, however, UDP will generally provide better protection against DoS attacks and port scanning than TCP.

Now, there are some advanced things you can do to your OpenVPN, the first is to increase the symmetric keys. By default OpenVPN uses Blowfish, a 128-bit symmetrical cipher. While Blowfish is relatively secure at 128-bit, we can change it to 256-bit AES cipher, Cipher-Block Chain.  One reason why I like this instead of Blowfish is that 256-bit is good enough for TOP-SECRET for the government.  To implement it you'll need to add the following to both server and client configuration files:

cipher AES-256-CBC

The server file can be found at this pathway:
cd /usr/syno/etc/packages/VPNCenter/openvpn

Also, there is a way to implement Google Two Factor Authorization on Synology.  Likewise, while there are some forums out there discussing how to get this service implemented from Synology to OpenVPN, it has yet to be successfully shown.  However, I might experiment with it and try to get it working on my own server.  If I do, I'll be sure to show you how to do it as well!  :-)

Check out Part 1 of 3
Check out Part 2 of 3
Check out Part 3 of 3
Check out the bonus stuff!

No comments:

Post a Comment

Your name and email will never be sold, distributed, or revealed to the public by any means.