I have a remote synology nas logging into a host synology nas using VPN Server and Openvpn. Things have worked great for several months until a few days ago when it just stopped connecting. (I get a “Connection failed or certificate expired. Please use a valid certificate…” error. I have done some quick trouble shooting and can’t seem to find the trouble. I have tried a new certificate, but I get an error saying “no changes detected” when trying to upload an updated certificate.
I am wondering if my public IP address has changed on my host location. Was hoping I could pull out the ovpn config file and take a look at the settings.
I had the same issue happen after the dsm 7 upgrade. Didn’t dive deeper instead just re-established the connection and it’s working again. I think when the host upgraded the certificates changed
I would try export your config again (DSM->VPN Server->export), edit the file as per normal i.e serveraddress , then import into the device you trying to connect with …even slight changes to config gen a new key/pair
As a suggestion for a root cause, set your vpn server back to the Synology certificate, apply and then export profile into OpenVPN app. Check if you have connectivity then if you do, you can conclude that it is your certificate causing the issue rather than a config.
Thanks for the reply. Unfortunately, all of this is a tad over my head, so I am not sure I can troubleshoot effectively.
However, I did open the certificate and see that it shows it is valid from 7/7/2020 to 7/8/2021. This is about when it lost connection. I tried exporting a new config/certificate, but it also shows an expiration of 07/8/21. How to I extend the expiration date?
Don’t worry, just takes a while to wrap your head around it…Basically I am trying to establish, if it is your certificate that is the problem, or another configuration element.
goto control panel->security->certificates. Here you should see what certs on installed on your system.
Select settings, and here you can see what certs are assigned to which application, so goto VPN server, and select the synology certificate. The web server will restart.
Open VPN server, then goto OpenVPN settings should be fine, make sure that there is a check next to ‘Allow clients to access server LAN’
Select export configuration. open notepad, replace YOURSERVERNAME at the top with your your domain name you use, from synology.me , )…save
send that to your device/iphone, share/import to the openvpn app then try to connect.
IF this does not work, you most likely have a DDNS problem OR a mismatch between YOURSERVERNAME.COM and what is on your cert because the synology cert will defiantly work…let me know how you get on
Thank you so much for responding and taking the time to explain. When I go to Control Panel > Security > Certificates, I see the certificate has expired. I think I am understanding…is this certificate the same certificate that VPN Server issues in the config file? If so, this is starting to make sense…I thought they were unrelated.
OK, so I am pretty sure that is my problem because my certificate shows being expired. In your earlier reply, you suggested to set the certificate back to the default synology certificate and try connecting. What if I was already using the default certificate? Do I try to make a new one?
ETA: Oh my gosh! I created a new certificate and changed the config to VPN Server uses the new certificate instead of the default. Tried reconnected and it worked. THANK YOU THANK YOU THANK YOU!