PIA setup on Synology

edited September 2014 in VPN Setup Support Posts: 3
Hi

Im having trouble settting up a stabil vpn connection on my Synology nas. Basically, im not sure which of the setup guides to use, for the best result. What would you do ?
«1

Comments

  • No one able to help ?
  • Posts: 114
    Hi @micros, thank you for choosing Private Internet Access™.  We really appreciate your business and would be happy to assist you with the setup of your Synology NAS device to connect to the Private Internet Access™ VPN network.

    To begin, I have taken a look at the Synology NAS knowledgebase and have found a document describing support for PPTP and OpenVPN based VPN solutions.  We support both PPTP and OpenVPN.

    PPTP is generally considered less secure due to the simplistic nature of its password based encryption which can be broken for as little as $15 by cracking firms.  That being said, depending on your use case, PPTP can still be considered a viable solution.  In other words, if your use for Private Internet Access™ is for the benefit of a strong encrypted tunnel so that you cannot be subject to any man in the middle attacks or data snooping attacks, then OpenVPN should be used.  However, if you are simply utilizing PPTP to mask your IP address or change the region in which your Synology NAS device's internet traffic originates from, then that should, in general, be ok.

    If you choose PPTP, please be sure to follow the tutorial on https://www.synology.com/en-us/knowledgebase/tutorials/523 -- however, be sure to use MSCHAPv2 and Force MPPE Maximum 128 bit encryption when you arrive at the options.

    If you choose to use OpenVPN, please download the ca.crt which is found inside https://www.privateinternetaccess.com/openvpn/openvpn.zip.  From there, you should be able to follow the instructions found on the above knowledgebase article from Synology (above).

    Hope this helps you.  Thank you for your patience, and once again we really appreciate your business.  If you require further assistance, please be feel free to follow up here.  Thanks, @micros!
  • edited September 2014 Posts: 4,013
    It is a difficult subject. NAS setups rarely can use DDNS (Dynamic Domain Name Servers) and that is what is needed to assign an addressable IP to your NAS.

    No-one is ignoring you, but people are generally loathe to give the bad news that there may be nothing that can be done about it.

    If you want some suggestions that may lead you in the right direction, you first need a DDNS service of some sort. And a means for your NAS to use it and announce itself to your system. Without that it may well be impossible.

    After that, check that your NAS is not trying to use IPv6. The VPN only uses IPv4 because upwards of 90% of the entire Internet uses it, and IPv6 has a number of security problems that have still not been fixed. (And may never be at this rate.)

    *Edit* Ninja'ed by KYJelly. He may be onto something there too. :D
    Post edited by OmniNegro on
  • Thx to the both of you. I'll try the links and see if I can get it to work properly.
  • Hello,
    I succesfully set up an OpenVPN connection to PIA using DSM 5 on my Synology trough https://www.synology.com/en-uk/knowledgebase/tutorials/523

    When i try to download with my usenetprovider on europe.newsdemon.com i get 50% of my speed (6 mb/s, without VPN 13 mb/s) and a lot of connection reset by peers in nzbget. I don't have this problem when i download trough my PC with the PIA-app running...

    HELP!
  • TWTTWT
    Posts: 1
    Hello,
    I'm trying too to set up PIA on my Synology nas. But the tutorial above is not accessible anymore.
    Anyone know where I can find a working one ?
    Thanks,
  • Hello! I'm sorry to hear of the issues you're experiencing. Could I trouble you to email helpdesk@privateinternetaccess.com or fill out our Submit Ticket form on http://support.privateinternetaccess.com so we can troubleshoot this issue further and try to resolve it for you via troubleshooting?

    You can also contact our live chat support by going to our website http://privateinternetaccess.com and clicking on the "Click Here To Chat" button on the bottom right. This will put you in touch with one of our live support agents at any time, 24/7.

  • Hi All,

    I've got this setup with PIA as OpenVPN and it connects..

    However, it does not state any "Gateway" once connected..I can still download etc via the NAS

    Does that mean its not hiding my REAL IP?

  • Posts: 1
    Can anyone write a guide for this?
    I have a PIA VPN and want my Synology to go through it and download torrents
  • I was unable to use OpenVPN and have Download Station work: the VPN connection would connect but Download Station wouldn't connect to any peers.

    However, I was able to get PPTP to fully work after enabling PPTP VPN passthrough in my router.
  • Posts: 2
    Hello,
    I signed up to PIA and could not get OpenVPN to work. Fortunately i was able to cancel the same day but unfortunately I did not have enough time to troubleshoot the issue.
    Has anyone been able to get this to work on OpenVPN?

    THANKS
    Bhups
  • Posts: 2
    The above did not work on my Synology NAS and not on my ASUS AC-N68 router.
  • Why not search this forum? It has been spelled out more than once. It is very simple. You could also read the manual that comes with your DSM.......
  • did any one solve this synolgy pia vpn download issue

    i've try all 3 methods ... which connect but the search returns with no result and the download fails with a broken link

    neither synology or pia tech support were usefull ... thanks!!
  • emoemo
    edited November 2016 Posts: 2
    Hi yes i got mine working without problems.

    Here's a step by step guide.

    Prerequsit, download this: https://www.privateinternetaccess.com/openvpn/openvpn.zip.  

    • Go to the control panel of the synology 
    • Go to network and network interface
    • Create a new VPN profile
    • Select OpenVPN (NOT via importing a ovpnfile)
    • Input your username and password
    • Use the Certification file from the zip file as CA Certificate
    • Open the ovpn file that you want to get information from in notepad
    • Copy proto from line 3 into Protocol (most liklely UDP)
    • Copy server address from line 4
    • Copy port number from line 4 (there is  a space between address and port in the notepad file be sure to only take first part for adress and second part for port)
    Continue to next page  and check all the checkmarks and you are done.
    Post edited by emo on
  • edited December 2016 Posts: 1

    @emo and others.

    Unfortunately it also does not work for me. Same problem as snoltens

    Connection (as specified by emo) seems to be succesful, but the download-program or sabnzbd cannot access.

    Is there anyway to test the outside connection (there is no browser available on the NAS)?

    Edit: response form PIA customer service:

    "I apologise, we do not support using the VPN on a NAS device. Sorry for any inconvenience this may cause."

    Edit2: tried with PPTP and thats works fine.

    Post edited by matijs on
  • edited January 16 Posts: 2
    The set up on a Synology DS is not that complicated. PIA support should be able to write a manual for widely used NAS devices!
    The import method never worked, but the manual setup did.
    I have problems using higher decryption, but got it working with these settings:
    Port: 1194
    Protocol: UDP
    Cetificate: ca.crt

    PIA support is no help, they cannot explain why only the lowest encryption work.
    I can connect with the others (2048 and 4096 and their corresponding values), but those keep disconnecting :(

    I am still experimenting with all settings:

    53 UDP BF-CBC SHA1 ca.crt
    80 TCP BF-CBC SHA1 ca.crt
    110 TCP BF-CBC SHA1 ca.crt
    443 TCP BF-CBC SHA1 ca.crt
    501 TCP AES-256-CBC SHA256 ca.rsa.4096.crt
    502 TCP AES-128-CBC SHA1 ca.rsa.2048.crt
    1194 UDP BF-CBC SHA1 ca.crt
    1197 UDP AES-256-CBC SHA256 ca.rsa.4096.crt
    1198 UDP AES-128-CBC SHA1 ca.rsa.2048.crt
    8080 UDP BF-CBC SHA1 ca.crt
    9201 UDP BF-CBC SHA1 ca.crt
    Post edited by Bar2 on
  • emoemo
    Posts: 2
    matijs said:

    @emo and others.

    Unfortunately it also does not work for me. Same problem as snoltens

    Connection (as specified by emo) seems to be succesful, but the download-program or sabnzbd cannot access.

    Is there anyway to test the outside connection (there is no browser available on the NAS)?

    Edit: response form PIA customer service:

    "I apologise, we do not support using the VPN on a NAS device. Sorry for any inconvenience this may cause."

    Edit2: tried with PPTP and thats works fine.

    You shouldent have any problems if you follow my guide to the letter, do not auto create or anything you need to manually enter the values. If you do that it should work fine, i've just done another one today without any problems
  • edited February 20 Posts: 2
    Hi emo, thanks for the guide. I have got it to work however did you or anyone figure out how to keep the ability to remote into your NAS from outside the network once the VPN is enabled as it seems to prevent the abcde.synology.me address from working.

    Cheers
    Post edited by jimmymcmahon on
  • Posts: 4
    Hey Folks,
    I do use PIA on my MacBook.
    I have Synology DS216j NAS.
    Currently I use PIA on MacBook and direct download to NAS.
    Question: what is the advantage to install and use PIA directly on NAS using Download Station?
    Maybe I should simply continue to use it from Mac?
    In case you'd advise to use it from Synology... should I expect that instruction written by 'emo' would work in my case?
    Thanks for any opinion.
  • Posts: 4
    I tried to establish connection using 'emo' instructions .
    I've got error: connection failed. Please check your network settings
    or another error:
    Failed to establish network connection.
    Could someone help?
    Thanks
  • edited April 21 Posts: 4
    Hi emo, thanks for the guide. I have got it to work however did you or anyone figure out how to keep the ability to remote into your NAS from outside the network once the VPN is enabled as it seems to prevent the abcde.synology.me address from working.

    Cheers
    Hi Jim,

    Try using Quickconnect. In that way you can connect from the outside to your NAS while using a outbound VPN-connection on the inside.
    Post edited by Frans on
  • Posts: 4
    Susja said:
    Hey Folks,
    I do use PIA on my MacBook. 
    I have Synology DS216j NAS. 
    Currently I use PIA on MacBook and direct download to NAS. 
    Question: what is the advantage to install and use PIA directly on NAS using Download Station?
    Maybe I should simply continue to use it from Mac?
    In case you'd advise to use it from Synology... should I expect that instruction written by 'emo' would work in my case?
    Thanks for any opinion.


    The advantage to install and use PIA directly on the NAS is the fact that your NAS will be switched on permanently (well, very likely) and your laptop is probably not.

    The instructions by 'emo' worked fine with me!
  • Posts: 4

    Susja said:
    I tried to establish connection using 'emo' instructions .
    I've got error: connection failed. Please check your network settings
    or another error:
    Failed to establish network connection.
    Could someone help?
    Thanks
    Could you create a new connection and post the settings as text here?
  • Posts: 4
    Frans said:

    Susja said:
    I tried to establish connection using 'emo' instructions .
    I've got error: connection failed. Please check your network settings
    or another error:
    Failed to establish network connection.
    Could someone help?
    Thanks
    Could you create a new connection and post the settings as text here?
    Hello Frans, Sounds that I hit the wall :) because I tried all possible combinations and it still does not work.
    As you suggested I created a new Profile with this settings:
    1. OpenVPN
    2.  Profile name: myVPN; server address - us-east.privateinternetaccess.com; user name - p1453619; password ...; port - 1198; protocol - UDP; CA Certificate - ca.rsa.2048.crt which I took from https://www.privateinternetaccess.com/openvpn/openvpn.zip; on Advance settings I left only default selected box - Enable compression on the VPN link
    3. click Apply
    4. click Connect
    5. Got error message: Failed to establish network connection. Authorization Required ..


    Not sure what else I could do ... I'm clueless why it does not work for me ...
    Any help would be appreciated ..
  • edited May 30 Posts: 1
    Susja said:
    Frans said:

    Susja said:
    I tried to establish connection using 'emo' instructions .
    I've got error: connection failed. Please check your network settings
    or another error:
    Failed to establish network connection.
    Could someone help?
    Thanks
    Could you create a new connection and post the settings as text here?
    Hello Frans, Sounds that I hit the wall :) because I tried all possible combinations and it still does not work.
    As you suggested I created a new Profile with this settings:
    1. OpenVPN
    2.  Profile name: myVPN; server address - us-east.privateinternetaccess.com; user name - p1453619; password ...; port - 1198; protocol - UDP; CA Certificate - ca.rsa.2048.crt which I took from https://www.privateinternetaccess.com/openvpn/openvpn.zip; on Advance settings I left only default selected box - Enable compression on the VPN link
    3. click Apply
    4. click Connect
    5. Got error message: Failed to establish network connection. Authorization Required ..


    Not sure what else I could do ... I'm clueless why it does not work for me ...
    Any help would be appreciated ..
    That advanced setting option leads me to believe you aren't using the correct OpenVPN option, but I could be wrong. Make sure you're using the FIRST OpenVPN option - without importing the .OVPN file and see if that works.

    Otherwise, I'd say it may be your password or username are incorrect. I got it up and running just fine using emo's guide and have been able to connect externally using QuickConnect as well as download files from my phone via DSGet and access my files, notes, etc,. Peak speeds are attained and I love this. Thank you so much @emo
    Post edited by theruined on
  • Posts: 2
    Frans said:
    Hi emo, thanks for the guide. I have got it to work however did you or anyone figure out how to keep the ability to remote into your NAS from outside the network once the VPN is enabled as it seems to prevent the abcde.synology.me address from working.

    Cheers
    Hi Jim,

    Try using Quickconnect. In that way you can connect from the outside to your NAS while using a outbound VPN-connection on the inside.
    DSM has built-in configuration that can allow to access your NAS even using a VPN and without using Quickconnect. You can find instructions here : https://javigon.com/2015/05/23/enabling-vpn-while-preserving-external-access-in-your-home-nas/

  • Posts: 2
    theruined said:
    Susja said:
    Frans said:

    Susja said:
    I tried to establish connection using 'emo' instructions .
    I've got error: connection failed. Please check your network settings
    or another error:
    Failed to establish network connection.
    Could someone help?
    Thanks
    Could you create a new connection and post the settings as text here?
    Hello Frans, Sounds that I hit the wall :) because I tried all possible combinations and it still does not work.
    As you suggested I created a new Profile with this settings:
    1. OpenVPN
    2.  Profile name: myVPN; server address - us-east.privateinternetaccess.com; user name - p1453619; password ...; port - 1198; protocol - UDP; CA Certificate - ca.rsa.2048.crt which I took from https://www.privateinternetaccess.com/openvpn/openvpn.zip; on Advance settings I left only default selected box - Enable compression on the VPN link
    3. click Apply
    4. click Connect
    5. Got error message: Failed to establish network connection. Authorization Required ..


    Not sure what else I could do ... I'm clueless why it does not work for me ...
    Any help would be appreciated ..
    That advanced setting option leads me to believe you aren't using the correct OpenVPN option, but I could be wrong. Make sure you're using the FIRST OpenVPN option - without importing the .OVPN file and see if that works.

    Otherwise, I'd say it may be your password or username are incorrect. I got it up and running just fine using emo's guide and have been able to connect externally using QuickConnect as well as download files from my phone via DSGet and access my files, notes, etc,. Peak speeds are attained and I love this. Thank you so much @emo
    You can't use PIA OpenVPN (or other provider) on DSM 5.x without modifying the configuration files generated by DSM menu (it works for PPTP with menu but can't have it stable). But it's fully functional on DSM 6.x just by DSM menu.
  • edited August 20 Posts: 1
    After a lot of trial and error, let me share what I've found. I've actually gotten OpenVPN PIA connections working from my Synology DS1515+, currently running DSM 6.1.3-15152 Update 3, using both the manual-configuration and ovpn-import techniques. During many attempts, I would experience the same connected-but-no-data behavior that others have described, and what I've found is that either of two things cause this:

    1. The "Enable compression on the VPN link" option must be checked (shouldn't be a problem for the import method, as the corresponding "comp-lzo" option in the ovpn profile is present). @emo did mention checking all the checkmarks, but this is worth calling out as specifically actually being required by the PIA server.

    2. (and this is the weird one) At least in my case, on many boots of the system, the openvpn connections will not work until I execute the command "modprobe tun" as root/admin from the command line. This loads the TUN/TAP kernel module that is needed by the OpenVPN client. What's strange as that occasionally, I'll have a boot where I don't have to do that. There's no harm in executing the command unnecessarily, though. The other strange thing (for other Linux folks out there), is that the /dev/net/tun device node is always present, which on a modern udev-based system like this would normally indicate that the tun module is already loaded. But for some reason, it still doesn't work until I've run that command. Additional tip: I haven't tried this, but it would likely work if you go to Task Scheduler in the CP and add a "Triggered Task" to run "modprobe tun" as root at boot-up so you don't have to do it manually.

    For me, as long as both of these conditions were met, the connection works every time, regardless of which way the profile was created. I hope this helps somebody. And btw, don't miss changing the port number if configuring manually. :)
    Post edited by CryingCyclops on
  • After a lot of trial and error, let me share what I've found. I've actually gotten OpenVPN PIA connections working from my Synology DS1515+, currently running DSM 6.1.3-15152 Update 3, using both the manual-configuration and ovpn-import techniques. During many attempts, I would experience the same connected-but-no-data behavior that others have described, and what I've found is that either of two things cause this:

    1. The "Enable compression on the VPN link" option must be checked (shouldn't be a problem for the import method, as the corresponding "comp-lzo" option in the ovpn profile is present). @emo did mention checking all the checkmarks, but this is worth calling out as specifically actually being required by the PIA server.

    2. (and this is the weird one) At least in my case, on many boots of the system, the openvpn connections will not work until I execute the command "modprobe tun" as root/admin from the command line. This loads the TUN/TAP kernel module that is needed by the OpenVPN client. What's strange as that occasionally, I'll have a boot where I don't have to do that. There's no harm in executing the command unnecessarily, though. The other strange thing (for other Linux folks out there), is that the /dev/net/tun device node is always present, which on a modern udev-based system like this would normally indicate that the tun module is already loaded. But for some reason, it still doesn't work until I've run that command. Additional tip: I haven't tried this, but it would likely work if you go to Task Scheduler in the CP and add a "Triggered Task" to run "modprobe tun" as root at boot-up so you don't have to do it manually.

    For me, as long as both of these conditions were met, the connection works every time, regardless of which way the profile was created. I hope this helps somebody. And btw, don't miss changing the port number if configuring manually. :)
    Hi,

    I used to have openvpn with PIA configured on my Synology DSM before successfully (even using the Strong encryption method using the import method), although every now and then there would not be any connection, e.g. when trying to update DSM version, it would fail to connect to the internet. A simple disconnect/connect of the vpn usually soved this problem.

    This week I installed a new Netgear router because I want to control all traffic going through the VPN UDP 1198 and when VPN connection is down, it should not access the internet using my real IP.

    I'm now running into a weird problem that the PIA openvpn connection can connect, but nothing can access the internet. I thought it was due to the configuration in my router blocking everything coming from the NAS IP, so I disabled the blocking in the router again. Still no connection to the internet from the NAS. When I disable the VPN connection in Synology, it can access the internet.

    I have updated DSM to version 6.1.3-15152 Update 4, but this doens't solve the problem.

    I've also tried removing all VPN configurations and configure them from scratch using both manual configuration as well as the importing method. I tried all of the files from:
    https://nld.privateinternetaccess.com/openvpn/openvpn.zip
    https://nld.privateinternetaccess.com/openvpn/openvpn-strong.zip

    as well as the more restrictive ssl configs:
    https://nld.privateinternetaccess.com/openvpn/openvpn-ip.zip
    https://nld.privateinternetaccess.com/openvpn/openvpn-tcp.zip
    https://nld.privateinternetaccess.com/openvpn/openvpn-strong-tcp.zip

    None of these seem to work for me now. Also not after running the "modprobe tun" command as root.

    Seems I'm no longer able to get PIA working whereas before it was still working ok apart from the connection drop every now and then. Any idea what can be wrong here?
Sign In or Register to comment.