Setting Up OpenVPN on Synology with Free Clients
When configuring an internet connection using the Synology OpenVPN Server, you might encounter compatibility issues with certain clients. By default, the configuration file provided by Synology works with the paid Viscosity client but not with the free OpenVPN Connect client. This guide explains how to modify the configuration file for compatibility and provides additional tips.
Steps to Fix the Configuration File
The original configuration file needs the following change to work with OpenVPN Connect:
- Add the line
client-cert-not-required
afterauth-user-pass
. - Uncomment the line
redirect-gateway def1
to route all traffic through the Synology server.
Here is an example of the corrected configuration file:
dev tun
tls-client
remote YOUR_SERVER 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect its
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
dhcp-option DNS 8.8.8.8
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
# Clients running OpenVPN 2.4 and higher will automatically upgrade from AES-256-CBC to AES-256-GCM without any configuration changes.
cipher AES-256-CBC
auth SHA512
auth-user-pass
client-cert-not-required
Routing All Traffic Through Synology Server
If you want all your internet traffic to go through the Synology server, make sure the following line is active in your configuration file:
redirect-gateway def1
By enabling this line, your traffic will be routed through the VPN server, ensuring privacy and allowing you to use the server’s IP address for online activities.
Conclusion
With these modifications, the Synology OpenVPN configuration file will work seamlessly with the free OpenVPN Connect client. Additionally, uncommenting redirect-gateway def1
ensures that all traffic passes through the VPN server, providing enhanced privacy and security.

