Today a post on how to configure OpenVPN on QNAP and how to connect MacOS to the OpenVPN server on your QNAP. This post is based on QNAP firmware 4.3.3. With version 4.3.x QNAP some things changed in the interface, when compared to 4.2.x.
The first step is to create a user on your QNAP that can use OpenVPN. Use a strong password for this new user:
You can deselect all shared folder permissions and application privileges, this is not required for a user that’s using VPN (unless you also want to give this user access to other QNAP resources).
The second step is to configure the OpenVPN server on the QNAP. With 4.3 the OpenVPN server is part of the QVPN service, so you need to open this app for the initial configuration. Select OpenVPN option, enable OpenVPN and create an initial configuration:
You have to define the VPN client IP pool, note that this range is a different one then the one your using in your LAN. OpenVPN will route the traffic from the OpenVPN segment to the connected LAN. You can keep the server port (1194) as it is. The maximum number of VPN clients is up to you, I would advise to set the encryption to AES 256 bit. The network interface is the NIC in your QNAP that will/can connect to the internet, note that this NIC shouldn’t be used by a virtual switch. Apply the configuration and download the certificate file.
The certificate file is a zip file named qnap-ovpn.zip and contains three files:
- ca.crt – Certificate file needed for the OpenVPN client;
- openvpn.ovpn – OpenVPN configuration file;
- readme.txt – Contains the instructions to configure the VPN client.
Now select privilege settings, and select OpenVPN for the user that is allowed to use VPN:
The next step is to configure a forwarding rule for your QNAP (on your internet modem/router), more specifically, to the IP address of the interface selected at the Network interface option. This rule should read: forward port 1194 UDP to QNAP ip address port 1194 UDP. The VPN server configuration is now finished.
Now the client side: for OS X we will use Tunnelblick, an open source graphic userinterface for OpenVPN on Mac. Choose for the stable version and download it here. Install Tunnelblick on your Mac. Open the openvpn.ovpn file in Tunnelblick, but before you do this check if the correct external IP for your internet connection is in the openvpn.ovpn file. The contents of this file will look like:
client dev tun2001 script-security 3 proto udp explicit-exit-notify 1 remote a.b.c.d 1194 resolv-retry infinite nobind ca ca.crt auth-user-pass reneg-sec 0 cipher AES-256-CBC tls-cipher TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA comp-lzo
The line remote should read your the internet IP address of the internet connection where the QNAP is connected to. The line ca ca.crt points to the certificate your QNAP has automatically generated and should be in the same directory as the openvpn.ovpn file. Now just double click the ovpn file, and the configuration will automatically be imported into Tunnelblick.
The last step is just to click the connect button, enter your username and password (configured earlier on the QNAP) and there you go!
That’s it, hope this was helpful.