Synology OpenVPN connection from Android

Connecting securely to your home network has always been a bit of a challenge since common home ADSL routers not normally contain any VPN Servers (those which do contain such are generally PPTP servers which I would hardly call secure these days). Which is probably a good thing as they would be horribly out of date considering the firmware release policies of retail router manufacturers. You could run/maintain your own dedicated server, but for most home networks that is overkill and out of the technical depth of most hobbyists. However NAS Appliances are becoming more useful in home networks for storage and other common tasks. I have had good experiences with Synology NAS devices over a number of years and the latest iteration also has a very useful VPN Server package available based on OpenVPN (as most Synology Apps are common Open Source components).

Server Requirements

This is a very straight forward procedure via the Synology Web UI (http://www.synology.com/en-uk/support/tutorials/459#t3.2)

1. Installing the VPN Server via Synology Package Manager
2. Enabling OpenVPN Server
3. Export the certificate using the button “Export configuration” (openvpn.zip) and extract the CA Certificate file (ca.crt)
4. Forward UDP Port 1194 from your modem/router to the Synology NAS
5. Make sure your Diskstation user account has OpenVPN privileges

Android Client Configuration

This part turned out a little more difficult than I expected. Initially I tried the “OpenVPN Connect” app by OpenVPN.net the makers of OpenVPN. However this seems to have no facility to edit the configuration and would not work at all from the imported config file.

The OpenVPN client that works well for me is OpenVPN for Android (https://play.google.com/store/apps/details?id=de.blinkt.openvpn)

1. Transfer the CA Certificate (ca.crt) extracted in the previous step to the sdcard of your Android device
2. Install the “OpenVPN for Android” app from the Google Play Store
3. Open the “OpenVPN for Android” app, touch the + icon in the bottom left corner of the screen to add a profile
4. Touch “Basic”
   1. Enter profile name and server address (Static IP Address or DynamicDNS of your modem/router)
   2. Touch the Select button for the CA Certificate
   3. Navigate to the file ca.crt on your sdcard and select the file
   4. Fill in the username and password of the Diskstation user with OpenVPN privileges
   5. Touch the back softkey or button of your phone
5. Touch “IP and DNS”
   1. Check Override DNS settings by Server (Synology’s OpenVPN implementation currently does not support pushing servers)
   2. Google’s public DNS servers are the default and should work for most users)
   3. Touch the back softkey or button of your phone
6. Touch “Authentication/Encryption”
   1. Uncheck Expect TLS server certificate
   2. Touch the back softkey or button of your phone twice to return to the app’s Profiles overview page
7. Touch your profile’s name to connect (the icon with the sliders on the right allows to edit the profile)

Voila! Your Android device should now securely connect to your home network!

• Android
• Nas
• Security