I was pleasantly surprised when I did find out, that had added a VPN client in their DSM 4 release. This VPN client supports either PPTP or openvpn. Openvpn support is what I am interested in. Unfortunately openvpn wizard in DSM assumes that username authentication is used. I need certificate authentication. Fortunately it can be arranged.
First create a bogus openvpn connection. It creates some configuration files and a connection name that can be started up via GUI.
Changing those configuration files is done via ssh to Diskstation.
DSM 4.0-2198 has
OpenVPN 2.1.4 armle-unknown-linux [SSL] [LZO2] [EPOLL] built on Feb 23 2012
Openvpn configuration files are located at:
The interesting file is client_XX something. It is a plain openvpn configuration file.
It is a bit inconvenient to edit this file directly in ssh session to Diskstation, so I copied it to a shared folder and changed it there. Copied it back later. Shared folders are, what Diskstation is used for, right?
I got inspiration for setting up my Synology DS211j as openvpn client from this posting
My openvpn configuration looks like this:
client float resolv-retry infinite nobind persist-key persist-tun ca keys/ca.crt cert keys/client.crt key keys/client.key ns-cert-type server tls-auth keys/ta.key 1 cipher BF-CBC verb 5 log openvpn.log dev tun tls-client remote myserver 1194 pull proto udp comp-lzo script-security 2 reneg-sec 0 explicit-exit-notify plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-down #auth-user-pass /tmp/ovpn_client_up
As long as I do not edit that pseudo config in VPN GUI all is good. Connect works and it seems to reconnect after connection loss.
Connection stability is still to be tested.
Update: The same procedure also works with DSM 5 and stability is good. Even reconnects, if needed.