Solved - Setting Up PIA VPN on Synology with DSM 6.1
I recently went around the twist re-setting up PIA on my Synology NAS, but found in the end that it is pretty straightforward, if not intuitive the first time you do it.
I do note that the method has changed and gotten easier since the last time I set up PIA several years ago. I found a lot of posts, many of which described problems and solutions that are not necessarily current as of February, 2017.
I'm using an older DS212j with the latest DSM 6.1-15047.
So I will post a step-by-step here of how I did it.
What was new for me was using the .ovpn configuration file and uploading the .pem file. Without the .pem file uploaded for Certificate Revocation List, I was able to connect to the VPN, but the connection was unstable, reconnected often, and then finally failed and left the Synology disconnected from the VPN.
The rest of my Synology configuration is pretty default, except I used "Manually configure DNS" to 8.8.8.8 and 8.8.4.4 (Google's DNS). Not sure if that makes any
I hope these instructions are helpful. Please post a comment if you have any other tips or suggestions about getting this method of using PIA on Synology to work.
I do note that the method has changed and gotten easier since the last time I set up PIA several years ago. I found a lot of posts, many of which described problems and solutions that are not necessarily current as of February, 2017.
I'm using an older DS212j with the latest DSM 6.1-15047.
So I will post a step-by-step here of how I did it.
- Download the OVPN Configuration Files from the PIA website and unzip: https://www.privateinternetaccess.com/openvpn/openvpn.zip
- Use the Synology box's web interface to open Control Panel - Network - Network Interface
- Click on the Create button and chose "Create VPN profile"
- Chose "OpenVPN (via importing a .ovpn file)" and click Next
- In the next box, fill in the fields as follows....
- Profile Name: Anything you choose, you can edit it later
- User Name: Your PIA user name
- Password: Your PIA password
- Import .ovpn file: click the Browse button and navigate to the location of the unzipped PIA OVPN Configuration Files. Choose the file corresponding to your desired server location, in my case "US Seattle.ovpn"
- CA certificate: click the Browse button and choose the .crt file included in the PIA OVPN Configuaration Files, in my case "ca.rsa.2048.crt"
- Click on "Advanced options" to unhide the next group of fields
- Certificate Revocation List: click the Browse button and choose the .pem file included in the PIA OVPN Configuration Files, in my case "crl.rsa.2048.pem"
- Leave the other fields blank
- Click "Next"
- Specify your advanced settings on the next page: I checked "Use default gateway on remote network" and "Reconnect when the VPN connection is lost"
- Click "Apply"
- A new VPN with your Profile Name will appear on the Network Interface tab. Click on this profile and choose connect to test your new connection. You should see an IP Address and Gateway for PIA, and byte traffic for both Sent and Received.
What was new for me was using the .ovpn configuration file and uploading the .pem file. Without the .pem file uploaded for Certificate Revocation List, I was able to connect to the VPN, but the connection was unstable, reconnected often, and then finally failed and left the Synology disconnected from the VPN.
The rest of my Synology configuration is pretty default, except I used "Manually configure DNS" to 8.8.8.8 and 8.8.4.4 (Google's DNS). Not sure if that makes any
I hope these instructions are helpful. Please post a comment if you have any other tips or suggestions about getting this method of using PIA on Synology to work.
Comments
I usually can get PIA to work on my Synology 1812+, but after the most recent update to the DSM (6.1-15047) it would connect to the PIA servers & show bytes sent but not received.
I used your method & initially the same thing happened (bytes sent but not received) but I started up Download Station & (still nothing received) then initiated a download & only then would the PIA connection show bytes sent & received in large increments.
Previously when I would run into problems with PIA connections on Synology, I wouldn't start downloading until my sent & received was incrementing for fear that I wasn't making a secure connection. After playing with the settings I would usually get it to respond but not this time for some reason. Your instructions helped.
So far it has been up & running for more than 2 hours without a disconnect & all seems well.
Thanks again.
I did find this torrent which will display your public facing IP address within Download Station. Check out https://torguard.net/checkmytorrentipaddress.php
That page provides a torrent file that you can manually upload into Download Station. The torrent then displays your IP address in the Tracker - Status information window of Download Station. I double checked the torrent's operation on my Mac using qBittorrent and it does seem to work accurately.
Not sure of any other ways to check the status and security of PIA's VPN connection on the Synology. I would like to see a "Kill Switch" function enabled, though!
It does accurately show that my connection is indeed secured. Very useful.
I believe the ability of a "Kill Switch" is only bundled with their OS binaries & not worth the effort in development for Synology users....I'm only guessing.
i'm trying to do the same thing but without importing ovpn file beacause it is not supported by my synology (DS711+)
I can connect with OPENVPN 2048 RSA but i cannot receive any data !
Howerver, PPTP and L2TP work correctly !
Do you have an idea please ??
I do have a side effect though, that I wanted to bring up.
Now that VPN is activated on my Synology, I can't access it from the internet anymore. If intranet (my home network) it is fine.
Any suggestions on how to tweak DDNS access would be appreciated!
I'm assuming maybe it's just the slower hardware that's kneecapping the speed when doing the VPN with the router.
I find it interesting that I sent in a ticket to Synology requesting help in setting up a VPN on the Diskstation and the response I received was that setting up VPNs was not supported and that I should instead set up the VPN in my router.
At any rate, I set up two separate network interfaces, one for PIA Toronto and one for PIA Chicago, the two I most commonly use. I can connect to either one, and it will say it’s connected. I utilized the torguard link you gave above, as well as another utility via download station to make sure everything was all set. It’s not, both utilities confirm I am connected via my unmasked IP address. I’ve gone through the setting, deleted the network interfaces, and reinstalled them but I get the same result each time. Not sure what I’m doing wrong.
Just wondered if you had any ideas?