ReadyNAS and OpenVPN - how I got it to work

Please post any helpful and useful tips to maximize your fellow ReadyNAS users' experience.

ReadyNAS and OpenVPN - how I got it to work

Postby bjorn_e58 » Fri Apr 23, 2010 6:46 am

I own two properties, basically my primary and secondary homes. They both have internet connection with a typical router setup for multiple devices, wifi, etc. in both places. I wanted to have them connected privately and had made some experiments with ssh (-w option); it worked by wasn't really stable and easy to cope with. I then decided to go for a solution based on openvpn. I finally got it to work, so I thought I would describe the whole thing for others to benefit.

These are the characteristics of the setup before I started:

HomeA is connected to the Internet via a cable modem and therefore does not have a fixed IP address. This is also where the ReadyNAS is physically located. The network there is, the router that sits on cable modem has IP address on the inside and the ReadyNAS has a fixed IP address of (I mostly use DHCP, but have fixed IP addresses for a few things like the ReadyNAS and a printer).

HomeB is connected to the Internet via a DSL connection and has a fixed IP address. I don't want to reveal it here (I get enough ssh break-in attempts already!), but for the sake of this discussion, let me assume it is On it's internal side, my network is, the router has address and there is also an older PC running Ubuntu 9.10 with IP address of

The ReadyNAS and the Ubuntu box will take roles of the openvpn systems; the former in HomeA a client (as it is behind a changing IP address, the latter in HomeB as a server. You need to open the ReadyNAS for root ssh access and get the "apt-get" add-on so that you can download software to it using apt-get; google will be your friend if you need help doing this.

To complicate things, I wanted to be able to manage and install the whole thing from HomeB (with fixed IP), so I initially created a small trick to be able to get to HomeA with its variable IP address. First, I opened my routers so that port 22 forward to in HomeA, and to in HomeB, I then setup password-less root ssh (yes, this sounds utterly unsecure, it isn't as long as your boxes are behind a firewall, google for it!) to simply things, although this is not strictly necessary from HomeB to HomeA. But the trick is that HomeA has a crontab entry that every 4 hours ssh's as root to HomeB leaving its IP address (which really is the one assigned by my cable modem provider). Therefore, when I am on the Ubuntu box in HomeB, I can always find the actual IP address of HomeA. This is a like a simplified dynamic DNS entry.

Next, download openvpn on both the ReadyNAS and the Ubuntu box using

apt-get install openvpm

There are a few things more (cryptostuff) that also needs downloading; check the openvpn documentation.

Read and follow the openvpn documentation on how to generate server and client keys (I did it all in HomeB) and copy the appropriate keys to /etc/openvpn in both HomeA (ReadyNAS) and HomeB (Ubuntu). You should, like I, use scp to copy. I next setup the configuration files in /etc/openvpn on both sides, again basically following the instructions on the openvpn website. Of particular importance are the following.

I opened the 1194 port in the router of HomeB forwarding to I also decided to start with tcp (rather than udp).

In server.conf in HomeB (Ubuntu), the following are my non-comment lines:

port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
push "route"
client-config-dir ccd
ping 15
status openvpn-status.log
verb 4
mute 10

We need to push the HomeB server side subnet to the HomeA client, hence the push and we also need to have the server side know about the client side, hence the "route 192.168.11...." line. I also found that 'keepalive' was causing restarts of the client so I just replaced it by a ping. In the client-specific file on the server side, I have these two lines (and nothing more):


And the non-comment lines of client.conf, i.e. the file on the ReadyNAS in /etc/openvpn are (xxxxxx are real names that I am not showing here, also recall really should be the external fixed IP of HomeB):

dev tun
proto tcp
remote 1194
resolv-retry infinite
ca ca.crt
cert xxxxxx.crt
key xxxxxx.key
verb 4
mute 10
ping 15

Coming this far, I was able to start openvpn on first HomeA side (i.e. Ubuntu) and the HomeB side (ReadyNAS) and those two boxes would see each other, happily ping and connect. I did not have firewall issues, i.e. the iptables firewall already existing on my Ubuntu box did not prevent anything.

Next, in order to get everything on the two sides to fully see the other side, I had to do the following:

Turn on ip forwarding in both the ReadyNAS and Ubuntu. At runtime, you do it by doing

echo 1 > /proc/sys/net/ipv4/ip_forward

but I also made sure it happens automatically at reboots. The next, very important step is to make the routers (that sit on directly on the Internet connection in the two places) now about routing to the other sides. And you need to add two static routes in each router. I initially thought I would only need to add the static routes to and respectively, but I realized this is not sufficient. The tunnel network ( does also need to be known to the two routers. So, in the router of HomeA, the following two static routes are used: via via

and in HomeB, its basically the opposite: via via

The frustrating thing is that you can actually ping with only the first of the two static routes above, but in order to make a connection, you also need the routes.

Finally, I made sure openvpn comes up automatically on both sides after a reboot. In HomeA (the ReadyNAS), this was already the case (I assume after doing the apt-get), in HomeB (on Ubuntu) I used 'chkconfig' to do it.

Let me finally add that all this (among other things) allows me to use softsqueeze in HomeB on Ubuntu against squeezecenter running in the ReadyNAS. In HomeA, I have the physical squeeze thing connected to my stereo.

I finally had some version issues with the Squeezebox setup - please see for details.

Last edited by bjorn_e58 on Fri May 21, 2010 6:03 am, edited 4 times in total.
ReadyNAS Newbie
Posts: 1
Joined: Fri Apr 23, 2010 5:57 am
ReadyNAS: Duo

Re: ReadyNAS and OpenVPN - how I got it to work

Postby LrdShaper » Fri Apr 23, 2010 7:04 am

Very nice how-to. I have the same setup although both VPN apps run on the routers (WRT150n in Philippines and WRT350n here in Malaysia) to overcome NAT issues on my asterisk box located in the Philippines. Congratulations on getting it to work and thanks for sharing.

You can use wget from your ReadyNAS to update a DynDNS account to avoid using a passphrase-less key in SSH (call me paranoid :) ). I have a short howto here. Cheers!
User avatar
ReadyNAS Expert
Posts: 225
Joined: Sun Dec 16, 2007 7:08 pm
Location: ::1
ReadyNAS: Repertoire

Return to User Submitted Tips

Who is online

Users browsing this forum: No registered users and 1 guest