OpenVPN server op Synology achter een UDM

[TimiFi]

Hallo allemaal,

Ik heb sinds gisteren een UDM. Deze heb ik ter vervanging van mijn Synology router. Achter deze UDM hangt een Synology DS1517+. Hierop staat het pakket VPNServer geïnstalleerd. Toen ik nog mijn Synology router gebruikte, kon ik gebruik maken van het VPNSever pakket op mijn NAS, om mijn netwerk extern te benaderen. Echter nu met de UDM krijg ik maar geen verbinding met OpenVPN via UDP. Het vreemde is dat wanneer ik in de OpenVPNServer het protocol op TCP zet, ik wel verbinding kan maken via OpenVPN.
De firewall in de NAS staat goed (zie screenshot) en de poort staat ook geforward naar de NAS (zie screenshot).
Ik voeg voor de volledigheid ook de logbestanden bij wanneer ik een niet succesvolle verbinding maak via UDP en een succesvolle verbinding met middels TCP toe.

Ter info ook via het L2TP protocol krijg ik geen verbinding.

LOG:
Via UDP:
2020-02-01 17:57:13: Viscosity Mac 1.8.4 (1528)
2020-02-01 17:57:13: Viscosity OpenVPN Engine Started
2020-02-01 17:57:13: Running on macOS 10.15.3
2020-02-01 17:57:13: ---------
2020-02-01 17:57:13: State changed to Bezig met verbinden
2020-02-01 17:57:13: Nakijken of verbinding beschikbaar is...
2020-02-01 17:57:13: De verbinding is beschikbaar. Er wordt gepoogd de verbinding op te zetten.
2020-02-01 17:57:13: OpenVPN 2.4.8 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 21 2019
2020-02-01 17:57:13: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
2020-02-01 17:57:27: Resolving address: ddns.synology.me
2020-02-01 17:57:27: Valid endpoint found: public_ip:1194:udp
2020-02-01 17:57:27: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-02-01 17:57:27: TCP/UDP: Preserving recently used remote address: [AF_INET]public_ip:1194
2020-02-01 17:57:27: UDP link local (bound): [AF_INET][undef]:1194
2020-02-01 17:57:27: UDP link remote: [AF_INET]public_ip:1194
2020-02-01 17:58:27: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-02-01 17:58:27: TLS Error: TLS handshake failed
2020-02-01 17:58:27: SIGTERM[soft,tls-error] received, process exiting
2020-02-01 17:58:27: State changed to Verbroken
2020-02-01 17:58:28: Viscosity Mac 1.8.4 (1528)
2020-02-01 17:58:28: Viscosity OpenVPN Engine Started
2020-02-01 17:58:28: Running on macOS 10.15.3
2020-02-01 17:58:28: ---------
2020-02-01 17:58:28: State changed to Bezig met verbinden
2020-02-01 17:58:28: Nakijken of verbinding beschikbaar is...
2020-02-01 17:58:28: De verbinding is beschikbaar. Er wordt gepoogd de verbinding op te zetten.
2020-02-01 17:58:28: OpenVPN 2.4.8 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 21 2019
2020-02-01 17:58:28: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
2020-02-01 17:58:28: Resolving address: ddns.synology.me
2020-02-01 17:58:28: Resolving address: ddns.synology.me
2020-02-01 17:58:28: Valid endpoint found: public_ip:1194:udp
2020-02-01 17:58:29: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-02-01 17:58:29: TCP/UDP: Preserving recently used remote address: [AF_INET]public_ip:1194
2020-02-01 17:58:29: UDP link local (bound): [AF_INET][undef]:1194
2020-02-01 17:58:29: UDP link remote: [AF_INET]public_ip:1194
2020-02-01 17:59:29: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-02-01 17:59:29: TLS Error: TLS handshake failed
2020-02-01 17:59:29: SIGTERM[soft,tls-error] received, process exiting
2020-02-01 17:59:29: State changed to Verbroken
2020-02-01 17:59:29: Delaying connection reconnect attempt by 5 seconds
2020-02-01 17:59:34: Viscosity Mac 1.8.4 (1528)
2020-02-01 17:59:34: Viscosity OpenVPN Engine Started
2020-02-01 17:59:34: Running on macOS 10.15.3
2020-02-01 17:59:34: ---------
2020-02-01 17:59:34: State changed to Bezig met verbinden
2020-02-01 17:59:34: Nakijken of verbinding beschikbaar is...
2020-02-01 17:59:34: De verbinding is beschikbaar. Er wordt gepoogd de verbinding op te zetten.
2020-02-01 17:59:34: OpenVPN 2.4.8 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 21 2019
2020-02-01 17:59:34: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
2020-02-01 17:59:34: Resolving address: ddns.synology.me
2020-02-01 17:59:35: Resolving address: ddns.synology.me
2020-02-01 17:59:35: Valid endpoint found: public_ip:1194:udp
2020-02-01 17:59:35: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-02-01 17:59:35: TCP/UDP: Preserving recently used remote address: [AF_INET]public_ip:1194
2020-02-01 17:59:35: UDP link local (bound): [AF_INET][undef]:1194
2020-02-01 17:59:35: UDP link remote: [AF_INET]public_ip:1194



Via TCP:
2020-02-01 18:08:30: ---------
2020-02-01 18:08:30: State changed to Bezig met verbinden
2020-02-01 18:08:30: Nakijken of verbinding beschikbaar is...
2020-02-01 18:08:30: De verbinding is beschikbaar. Er wordt gepoogd de verbinding op te zetten.
2020-02-01 18:08:30: OpenVPN 2.4.8 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Dec 21 2019
2020-02-01 18:08:30: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
2020-02-01 18:08:30: Resolving address: ddns.synology.me
2020-02-01 18:08:31: Valid endpoint found: public_ip:1194:tcp-client
2020-02-01 18:08:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-02-01 18:08:31: TCP/UDP: Preserving recently used remote address: [AF_INET]public_ip:1194
2020-02-01 18:08:31: Attempting to establish TCP connection with [AF_INET]public_ip:1194 [nonblock]
2020-02-01 18:08:32: TCP connection established with [AF_INET]public_ip:1194
2020-02-01 18:08:32: TCP_CLIENT link local: (not bound)
2020-02-01 18:08:32: TCP_CLIENT link remote: [AF_INET]public_ip:1194
2020-02-01 18:08:32: State changed to Valideren
2020-02-01 18:08:32: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-02-01 18:08:33: [ddns.synology.me] Peer Connection Initiated with [AF_INET]public_ip:1194
2020-02-01 18:08:33: Opened utun device utun10
2020-02-01 18:08:33: /sbin/ifconfig utun10 delete
2020-02-01 18:08:33: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2020-02-01 18:08:33: /sbin/ifconfig utun10 10.10.10.6 10.10.10.5 mtu 1500 netmask 255.255.255.255 up
2020-02-01 18:08:33: Initialization Sequence Completed
2020-02-01 18:08:33: DNS mode set to Split
2020-02-01 18:08:33: WARNING: Split DNS is being used however no DNS domains are present. The DNS server/s for this connection may not be used. For more information please see: https://www.sparklabs.com/support/k...eing-used-however-no-dns-domains-are-present/
2020-02-01 18:08:33: State changed to Verbonden

 

[TimiFi]

Probleem opgelost. Heb VDSM op mijn NAS geïnstalleerd. Daarop VPNServer geïnstalleerd en geconfigureerd. Nu werkt het wel. Blijkbaar ligt het aan DSM en niet aan de nieuwe routerconfig.

 

[Hempie]

Waarom niet de VPN van de UDM ingesteld?

Zie hier een voorzetje;

https://unifi-forum.nl/threads/vpn-via-radius-op-de-usg.119/

 

[kdejonge]

Hi Timifi,

Hier een antwoord van een ander forum:

It appears there is no config.gateway.json for the UDM or UDM Pro ? . Setting up a VPN connection like this won't happen until Ubiquiti provide an update (Maybe a UI for OpenVPN?? The community has only been asking for this for years!)

 

[TimiFi]

Waarom niet de VPN van de UDM ingesteld?

Ik gebruik liever OpenVPN dan L2TP. Toch bedankt voor uw reactie hoor

 

[TimiFi]

Hi Timifi,

Hier een antwoord van een ander forum:

It appears there is no config.gateway.json for the UDM or UDM Pro ? . Setting up a VPN connection like this won't happen until Ubiquiti provide an update (Maybe a UI for OpenVPN?? The community has only been asking for this for years!)

Bedankt voor de info. Momenteel werkt alles perfect. Hopelijk komen ze inderdaad met een native implementatie van OpenVPN (of zelfs WireGuard)... ;-)