Openvpn Qnap

[Gracia Bradshaw]

Sowhile we do not deal literally with clients and servers but rather equal peers here, I will use the term "server" for the NAS and "client" for the computers connecting to it, just to make it easier.

So first of all, just like with OpenVPN, you need to make sure that your NAS can be reached, so you need to add the "Listen Port" from your Wireguard setup page to your Router's port forwarding. Pick an "network interface" setting in the Wireguard setup on QVPN and then add the respective IP address you chose as well as the listen port to your router setup.

On your Client computer, you open the WireGuard app that you downloaded from wireguard.com and select to "add an empty tunnel" (Windows) or "Create from scratch" (Android). You will there see a "public key" and "private key" field. If it's empty on Android, look for a "reload" button that will fill the respective lines. Again here, copy out the Public key and in this case send it to the computer that you use to manage your QNAP.

Now, on your QNAP QPVN Wireguard setup, press the "Add Peer" button. Add a meaningful "Peer name" and paste the Public Key that you just created in the last step into the respective "public key" field . Before pressing "Apply", click the down-arrow next to "advanced settings" and note the "Allowed IPs" down. This should be something like 198.18.7.2/32. This information is needed on the client and will be different for each peer that you add. You can leave the other fields in the "advanced" section blank.

Then add a [Peer] section in Windows or press the "Add Peer" link on Android. Then insert the public key from your NAS with a PublicKey = ... line. Below there, add the line AllowedIPs = 0.0.0.0/0 to make sure that all data will pass through the VPN.Lastly, add the Endpoint line where you add the Dynamic DNS and port info of your QNAP NAS with Endpoint = whateverisyours.myqnapcloud.com:51820 (likely the myqnapcloud.com domain that you chose. This is the same info as for your OpenVPN setup, just a different port.

Today a post on how to configure OpenVPN on QNAP and how to connect MacOS to the OpenVPN server on your QNAP. This post is based on QNAP firmware 4.3.3. With version 4.3.x QNAP some things changed in the interface, when compared to 4.2.x.

The second step is to configure the OpenVPN server on the QNAP. With 4.3 the OpenVPN server is part of the QVPN service, so you need to open this app for the initial configuration. Select OpenVPN option, enable OpenVPN and create an initial configuration:

The next step is to configure a forwarding rule for your QNAP (on your internet modem/router), more specifically, to the IP address of the interface selected at the Network interface option. This rule should read: forward port 1194 UDP to QNAP ip address port 1194 UDP. The VPN server configuration is now finished.

Now the client side: for OS X we will use Tunnelblick, an open source graphic userinterface for OpenVPN on Mac. Choose for the stable version and download it here. Install Tunnelblick on your Mac. Open the openvpn.ovpn file in Tunnelblick, but before you do this check if the correct external IP for your internet connection is in the openvpn.ovpn file. The contents of this file will look like:

The line remote should read your the internet IP address of the internet connection where the QNAP is connected to. The line ca ca.crt points to the certificate your QNAP has automatically generated and should be in the same directory as the openvpn.ovpn file. Now just double click the ovpn file, and the configuration will automatically be imported into Tunnelblick.

What also seems strange to me is that I can also reach the private red interface from the business network via PING. But from the private network I cannot reach the business red interface via PING.

Could this be the problem?

Everything is set up as shown in the picture and the profile is imported into the iPhone. The connection attempt then terminates at some point without an error message.

Are the settings correct? I did it that way according to the WIki. I read about the new network in some post.

Unbenanntes Diagramm7301291 188 KB

Unfortunately, from my reading up about qnap the likelihood of them updating the software is low. I have seen similar issues with clamav on qnap as they are using clamav versions that are EOL and no longer supported for database downloads.

You could try to contact qnap and ask them about software updates, especially for the security issues.

So now I have a small problem with the OpenVPN connection.

It works great with Windows 10. However, if I install OpenVPN on the Windows 11 machine and enter the same configuration, the Windows 11 client does not connect to the Ipfire machine. Could it be because of Windows 11?

3a8082e126