Many VPN services rely on the open source software Open VPN. This makes it easy to set up a secure connection to the Internet. You can also conveniently protect remote access to the home network with Open VPN.
Open VPN establishes a secure connection from one PC to another in the world.
© Thomasz Zajda @ Fotolia.de
The Fritzbox is the most popular router in this country – mainly because it supports all the important technologies that you need for the home network and the Internet. Only when it comes to VPN (virtual private network) does the Fritzbox take a special route. The AVM router relies on the IPSec protocol for a secure, encrypted connection. Many other routers, most NAS manufacturers and almost all VPN tools, on the other hand, use the free software
With the – mostly chargeable – services of a VPN provider, it ensures that the customer receives a secure VPN connection from his PC or smartphone to one of the provider’s numerous VPN servers in any country. In this way, a client can communicate securely from insecure local networks such as a WLAN hotspot or even when surfing from home cannot be spied on by its own Internet provider. Another advantage: If the VPN user connects to a gateway in another country, he receives a country-specific IP address at the exit of the VPN tunnel and thus circumvents so-called geoblocking.
Open VPN can also be used for remote access to the home network. In this way, you can reach the network devices at home with a single client, for example a PC or smartphone, while on the move. Or you can connect an entire remote network to another – for example the home office with the office.
The best VPN services 2020 compared
How to get into the home network with Open VPN
So that you can connect to a network via Open VPN, you need a VPN server there. This can be done in several ways: For example, you can set up a PC in the home network as an Open VPN server. This is very easy because you don’t need any additional equipment. But the PC then has to run around the clock so that you can always access the home network. It would therefore make more sense if the Open VPN server is installed on a device that is switched on around the clock anyway, such as a router or NAS.
There are some routers that can be used ex works as an Open VPN remote station – for example from Asus or Netgear.
However, it makes most sense to use an existing NAS system for this. The devices from major manufacturers such as Qnap, Synology or Asustor can all be upgraded free of charge with a VPN server that also supports Open VPN. In this article, we will therefore show how this works using a Synology NAS as an example.
Several steps are required to do this. First, install the VPN server on the NAS and export the associated Open VPN file including the SSL certificate. With port forwarding, you cause your router to forward an Open VPN request from outside to the NAS. In addition, set up a DynDNS service in the router so that your home network can always be reached from the outside at the same web address. Last but not least, install the Open VPN client on your PC or smartphone, import the Open VPN files from the NAS and, in the fifth and final step, establish the encrypted connection to the NAS or your home network.
1. Install the VPN server on the NAS in the home network
NAS systems from manufacturers such as Synology or Asustor can be expanded with a VPN server via an app. Qnap devices have the appropriate software preinstalled.
First, install the VPN server in the user interface of your NAS, if it is not already installed. At Synology, the area for installing additional applications is called “Package Center”. There you will need the “VPN Server” package.
Click on “Install” to download and install the application. Then set it up with “Open”. In the configuration window of the VPN server, mark the option “OpenVPN” in the left column under “Set up VPN server” and then tick “Activate OpenVPN server” in the top right corner. Leave all the existing settings and just check the box “Allow clients to access the server LAN”. With this setting, you will later receive access to the home network into which the NAS is integrated with your remote VPN client.
After clicking on “Apply”, the message appears that port forwarding to the NAS must be set up in the router’s firewall – to UDP port 1194. You will do this in the next step 2.
Leave all preconfigured VPN server settings in the Synology NAS and only activate the check mark in front of “Allow clients to access the server LAN”.
But first download the configuration data of the Open VPN server: You will need this later for step 4 when you set up the Open VPN client on the PC or notebook from which you want to access the NAS later. To do this, click on the “Export configuration data” button and open the “openvpn.zip” by clicking on “OK” directly in Explorer. Move the files “ca.crt” and “VPNConfig.ovpn” from the three files to a USB stick, which you will then need in step 4.
2. Set up port forwarding for Open VPN in the router
This is what an open VPN port sharing on a NAS looks like in a Fritzbox router, provided the Fritzbox is connected to the Internet via IPv4 (dual stack).
So that your connection request to the Open VPN server of the NAS arrives correctly, set up a corresponding port forwarding in the router. With the Fritzbox this works via the menu “Internet -› Approvals – ›Port sharing”. Here you first go to “Add device for shares”, then select the corresponding device – namely your NAS – and add an “Other application” with the protocol “UDP” and port “1194” by clicking on “New share” “In all three port entry fields.
Do not forget to confirm after creating the port sharing with “OK” then again with “OK” to activate the sharing. Attention: This description only refers to Internet access with a public IPv4 address (dual stack).
3. Set up the DynDNS service for a guaranteed connection
Most routers have an integrated DynDNS client with which you can, for example, set up a permanent DynDNS web address using a free No-IP service account.
Almost all Internet providers assign changing public IP addresses to their customers. You should use a DynDNS service so that you can always reach your home network at the same fixed web address. You need this DynDNS domain address in order to be able to enter it in step 4 in the configuration file of the Open VPN client.
If you have a Fritzbox as your internet router, choose the free DynDNS service Myfritz from AVM. Routers from other manufacturers usually have a DynDNS function that can be activated in the settings. You can use, for example, a suitable free DynDNS service
and enter the corresponding login data in the router menu.
As soon as the Myfritz or DynDNS service has been successfully set up, the individually assigned Myfritz or DynDNS domain automatically refers to the current public IPv4 address of your home network router, and you can always reach the home network from outside.
4. Set up Open VPN on PC or notebook
Install the client software for Open VPN on the computer that is to access the VPN server in the home network via the Internet: It is available for numerous operating systems.
In the next step, set up the notebook with which you want to access your NAS and your home network from outside via Open VPN. To do this, first install the official Open VPN client “OpenVPN GUI”. Follow the setup wizard and do not change any of the default settings.
After the installation is complete, a text file opens that informs you in English of two missing configuration files that you should insert into a specific directory of the Open VPN installation. These are the two files “ca.crt” and “VPNConfig.ovpn” from step 1 that you copied to a USB stick.
Before doing this, make an adjustment to one of the two files. To do this, open the “VPNConfig.ovpn” file by double-clicking it and select the Windows application “Editor” as the app to open this file, which opens the file as a multi-line script.
You must make the two marked entries in the VPNConfig.ovpn so that you can establish an Open VPN connection from your client.
Replace the entry “YOUR_SERVER_IP” in the fourth line of the script with your individual DynDNS address from step 3. In our example, the MyFritz domain is mmmseemann.myfritz.net. The original script line is accordingly in “VPNConfig.ovpn”
remote YOUR_SERVER_IP 1194
with the new entry
remote mmmseemann.myfritz.net 1194
Also remove something further down the script from the entry
at the very front the # sign, so that the changed entry now looks like this:
Now save your changes with the key combination Ctrl-S and close the editor window. Use the key combination Windows-E to open a Windows Explorer window and change to the directory “This PC -› Local data carrier (C :) – ›User -› Your Windows username – ›OpenVPN -› config ”. Copy the just changed file “VPNConfig.ovpn” and also the file “ca.crt” into this directory. Since this directory is specially protected by Windows, you must confirm each copy process by clicking on “Continue”. The configuration is now complete.
5. Establish an Open VPN connection to the home network
For secure access to the home network, you need to log in to the NAS, which serves as the Open VPN server. Use the NAS credentials for this.
Now start the “OpenVPN GUI” application via the desktop icon. A new icon in the form of a monitor with a padlock will appear at the bottom right in the Windows system tray. Right-click on it and select “Connect” from the context menu. The “OpenVPN Connection” window opens and you are asked for “User” and “Password”. Enter the access data of your NAS user account, which you normally use to log in to the web menu of your NAS system.
If you did everything correctly, Open VPN will now establish a protected connection to your NAS and your home network. The success message “VPNconfig is now connected” appears for a few seconds. In addition, the monitor of the Open VPN symbol in the system tray is now colored green. To disconnect the Open VPN connection, you can simply double-click the connection symbol in the task bar and press the “Disconnect” button in the connection window. You can safely ignore the two warnings marked in red in the connection log file regarding “certificate” and “cache passwords”.