personal identifiers (e.g. ddns address)
I have created a DDNS address in the router settings. Do I have to include it in the exported ovpn file, or how does that work?
Are you able to post the contents of your .ovpn file?
Sure here:
(I've replaced several letters and deleted rows in the cert and key stuff below for privacy just in case)
remote
(Removed remote IP address) 1194
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 10 30
# for OpenVPN 2.4 or older
comp-lzo yes
# for OpenVPN 2.4 or newer
;compress lzo
auth-user-pass
client
auth SHA1
cipher AES-128-CBC
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
(Removed the entire ca)
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIEijCCA3KggIBAjANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJUVzEL
MAkGA1UEcxDzANBgNVBAcTBlRhaXBlaTENMAsGA1UEChMEQVNVUzERMA8G
A1UEAxMIUlQtQUM2OFUxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFp
bjAeFw0yMjAzMDQxNzUxNTNaFw0zMjAzMDExNzUxNTNaMG4xCzAJBgNVBAYTAlRX
MQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMQ0wCwYDVQQKEwRBU1VTMQ8w
DQYDVQQDEwZjbGllbnQxITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFp
bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoChhEBAMSwpdIN53mBU7KmZlP0
ledG2LL2Wn3bx1eBW+FbnHGNO0MFDOW8GMNXtbgqwW9gA6HkxaYIsKdBxA77L/o1
Fr1erCc//AQsUbkQp4CCbTKqWe2PrkyATcyeHQK3UwdRozCoIvqWTWlggqYTe4VM
2ZOD/y4aTioRvcoPIx40yLV9oTsFlXQUczbHsK8ARVymq/ey1jUC711FDrBYRzia
5/LmWwIllGInzqeLHHb0zfL45D3IvhgaGhfu+2DwtaadPOkL+xor4RWTSsyVDvl8
hsuc3u2ucDHbeXRb2fEJBCovzxSbfiDJmdAo739QVvQlkGKkQXQN0QIOReoPpRlZ
oNMCAwEAAaOCAS8wggErMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3kt
UlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUFhAVva0D+rvvWZYM
xbt8Ib1T9V0wga0GA1UdIwSBpTCBooAUw2yB1vqWpsNfKda4+gPDdWjzC1ahdKRy
MHAxCzAJBgNVBAYTAlRXMQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMQ0w
CwYDVQQKEwRBU1VTMREwDwYDVQQDEwhSVC1BQzY4VTEhMB8GCSqGSIb3DQEJARYS
bWVAbXlob3N0Lm15ZG9tYWlughRfvgJhn1KjK6PhCrPbWo0FUlV+SjATBgNVHSUE
DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADggEBAFSO
WAVTyVte1sFv38p22RE4P9A9qLcYdAxxykomXiIWj3oq98OH7CexVFcVsu0uWvBs
dAoBCHG/ohSYDYKiqn6T9nR+a32u7HlVcFKZkW9wAmkMAwRdcFbcu80EK+wne0TU
ScfEKRsCmmJR60MGiI/sMJkjeZrk2ff6+5pI42ZimkayJe9RXvEqCb6Qb7zofjnr
s3bQN14YEldP8Uy0Y5mVgjHdRtiv0O5ASWJo/ndJHz2FF7HIM/pLR8BkjkOinlAB
TOURSfJlX77mMm4PdM4bNoeHeuEngF3MLzTOI7YsdTchkjKSDT00aGKdDHbk0N0r
9lGUOL+ztS5ePZsk8GA=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKAoIBAQDEsKXSDed5gVOy
pmZT9JXnRtiy9lp928dXgVvhW5xxjTtDBQzlvBjDV7W4KsFvYAOh5MWmCLCnQcQO
+y/6NRa9XqwnP/wELFG5EKeAgm0yqlntj65MgE3Mnh0Ct1MHUaMwqCL6lk1pYIKm
E3uFTNmTg/8uGk4qEb3KDyMeNMi1faE7BZV0FHM2x7CvAEVcpqv3stY1Au9dRQ6w
WEc4mufy5lsCJZRiJ86nixx29M3y+OQ9yL4YGhoX7vtg8LWmnTzpC/saK+EVk0rM
lQ75fIbLnN7trnAx23l0W9nxCQQqL88Um34gyZnQKO9/UFb0JZBipEF0DdECDkXq
D6UZWaDTAgMBAAECggEAb6UVerYJvh56s91gGCetLyo3tt2/X9FwxWrYDINDufDA
wroLKBwssjUHIRKj2eRWK37/8c7c9xONhjNueEfKMJOchGr9UiEWAkZBzeA6u5eW
lBIKjcIGZy8YqIIGzxC34NaPhE3sgvQVNM+6PV/x4Jn8Lt8fnyGS6S7OcEbl5p35
zU6Y6dOCQ2eQgjdv98JzgVDUS7MVOWkvZ3qkInJEO3yi9G4iEj4kfPKJvGs2/Uku
s3zVs2kRuOK3vK2L1/umai3rjSLKzq24tEZ5ybxCOBWfekjLUFansk1Ycam8f/CN
ti8uTU++WT1DWYsqLjVbN2XVBTLvCkD8QUq5dlU9gQKBgQDtn8Mjo/WxeyFBDQtq
/EcRHFjh3ii7Fc+0LdxFoRnVGPGGCVcSex/hVwGYmt3fMgCKBEPmaQhM1JQIzmfp
WxbfDJcTu3e+tIFz5WZeABmK6J+xm1hgpuUoctteR5H/dTC46WMsmOAM14NVuyZ4
yw9b2sYnKIImMjqbxlv6l9YylQKBgQDT5oPqbs9JOlD3N8IUFA1jHdOVq7HJ1EwA
qErRfq+aaMKGBHh3/X3OTE4C0iVVUMT1uCxc6YuLoCU19l2TxZUhz/wTjpygcTJh
Z5LK2RVizqzbSsq8dXpHsfg0wnG+8T7a4nXWdG/NNlZYwYf772TB0i7WEAhjz9Oe
rC/nRypTxwKBgQDZDg5aB/Lt4+NEYH4Fg9wGrTYjW6MpAYtwslN65uRT2fcE0JNQ
tlcwpyE2HIB+2FXVvH+pgFeslqGCSchxSFtj80QtKhj/gjKdgvY29zBdyo/U1Gmu
H8VDZWcsf4PFLW8L+WQ14I8IK/Qz43gI7rNg3D4UltQLv+X5VP+/r+Jg4QKBgHKn
5zcBUE3aLRcnZ28/zmKUL/lrVp7TrXApn5oth0zwZFjpsFmUou7uYMOr+6FnO7uN
NQvtHqGlPJ0vOkEMBv6tsELQxrUVquIDje0Oe0DkfamGlZ5Vnp2OkbPShoN/u7fq
E0K/7ALI5P3PcgoC5azuUoNnV3LScDoKBz2IR0HfAoGAOEsojSBmTqwH5zV/2NDY
wrtebuvk0TsoIqKjNUjY8JmoifQtyanMKCChzDeRYD5UeHHRGvWXO/P9JTz4MHOo
1wBjFSpS1W2E8/tEpC8TftRh8XN2EicG0PFp4sx9y8aoZ09FZJI6G63g+R9Xtpiz
ai0fiNXx+blCTGIkxO/C7QY=
-----END PRIVATE KEY-----
</key>
You're not having much luck, are you...
No, no I'm not..
Yes, there is a learning curve with openvpn first up, though it's great when it's up and running. However, if you're just wanting a quick and easy solution you could look into something like
Tailscale, which takes care of all the firewall and certificate stuff for you. It's proprietary but free for personal use (I think 10 devices), and there's a
synology package.
I've previously installed the TailScale package on Synology and the app on the iPhone and it works great to connect to the server outside of the network, took 5 seconds to setup, but here's my two problems with it:
1. (Bear with me on this one because I might be mistaken) - OpenVPN is like connecting to your home network while not at home, correct? When using Plex, you have the option to access your media library outside of the network via the Plex settings. No VPN needed, simply click enable and boom you can stream movies wherever you are. Using OpenVPN, it was to my understanding that you can access your Plex media library without enabling remote access in the settings, because your phone thinks it's at home, so that your library is not exposed to the internet. But when using TailScale, this doesn't work. I still have to enable remote access in the Plex settings regardless of being connected to TailScale or not. Am I mistaken here, or shouldn't I be able to connect to my Plex media library outside of my network using TailScale without enabling remote access in the Plex settings, or does it only work using OpenVPN, or neither?
2. Every time I see a forum/reddit post or comment regarding TailScale it feels like reading an advertisement. All that's missing is a guy with his thumbs up, bright smile and a gold chain in the background. Your comment being the exception. How safe is it to use? Do they have access to all my content? What if they're hacked?