Disclaimer: I take no responsibility for anything breaking in your device. Please be careful!
Lets get the details of my server and how to discover them for yourself.
First, log into your synology through SSH as root. If you are using a windows computer, I recommend using PUTTY. Next lets find out what version of OpenVPN you are using, type in openvpn --version and you should get an output like below
OpenVPN 2.1.4 armle-unknown-linux [SSL] [LZO2] [EPOLL] built on Mar 9 2013
Originally developed by James Yonan
One security feature that (should) already be in the configuration files is proto udp. OpenVPN can run using either TCP or UDP protocol, however, UDP will generally provide better protection against DoS attacks and port scanning than TCP.
Now, there are some advanced things you can do to your OpenVPN, the first is to increase the symmetric keys. By default OpenVPN uses Blowfish, a 128-bit symmetrical cipher. While Blowfish is relatively secure at 128-bit, we can change it to 256-bit AES cipher, Cipher-Block Chain. One reason why I like this instead of Blowfish is that 256-bit is good enough for TOP-SECRET for the government. To implement it you'll need to add the following to both server and client configuration files:
cipher AES-256-CBC
The server file can be found at this pathway:
cd /usr/syno/etc/packages/VPNCenter/openvpn
Also, there is a way to implement Google Two Factor Authorization on Synology. Likewise, while there are some forums out there discussing how to get this service implemented from Synology to OpenVPN, it has yet to be successfully shown. However, I might experiment with it and try to get it working on my own server. If I do, I'll be sure to show you how to do it as well! :-)
Check out Part 1 of 3
Check out Part 2 of 3
Check out Part 3 of 3
Check out the bonus stuff!
No comments:
Post a Comment
Your name and email will never be sold, distributed, or revealed to the public by any means.