Brief Note

This tutorial also works with DNS320. If you are looking to setup a OpenVPN Access Server box with NAT routing/bridging capabilities, look away. Our default kernel does not have iptables inbuilt or any alternatives. Building one not easy unless you are able to find the right dependencies and compile the right stuffs over (cross-compile).

*OpenVPN config information is here, read it! also look at the forum post

Here is a quick guide for funpkg (YMMV)

OpenVPN Client Tutorial

get funpkg openvpn package from


install package on your NAS

funpkg -i openvpn-2.2.1-2.tgz

create certificates and keys on a fast computer with openvpn installed, I did this on my ubuntu 11.04 box

cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ~/openvpn_certificates
cd ~/openvpn_certificates

edit the ./vars file to your liking and load the variables

. ./vars

clean data


build certificate authority


now build the key for the server (your NAS) (and sign certificate)

./build-key-server server

and for a client (and sign certificate)

./build-key client

and for another client

./build-key phone

build diffie-hellman parameters


now you have all the files you need in ~/openvpn_certificates/keys

copy the following files to the NAS and put for example in /ffp/etc/openvpn

ca.crt ca.key dh1024.pem server.key server.crt

now create a openvpn config file, for example /ffp/etc/openvpn.conf

port 1194
proto udp
dev tun

ca /ffp/etc/openvpn/ca.crt
cert /ffp/etc/openvpn/server.crt
key /ffp/etc/openvpn/server.key  # This file should be kept secret
dh /ffp/etc/openvpn/dh1024.pem

# openvpn server will be on

ifconfig-pool-persist ipp.txt
status openvpn-status.log

keepalive 10 120

verb 3

for more info on configuring openvpn look at

for the openvpn server to work, the tun.ko kernel module must be loaded, unfortunately there is a small error in the funpkg package so

mv /ffp/lib/modules/kernel/ /ffp/lib/modules/kernel/

now try the openvpn server

sh /ffp/start/ debug

if it works

sh /ffp/start/ start

if you want to start openvpn at funpkg startup

 chmod 755 /ffp/start/


configuring the client will not be described here in detail but you need the following files from ~/openvpn_certificates/keys on your openvpn client

ca.crt client.crt client.key

my client configuration looks like this

dev tun
proto udp
remote [server ip or hostname] 1194
resolv-retry infinite
user nobody
group nogroup
ca ~/openvpn/ca.crt
cert ~/openvpn/client.crt
key ~/openvpn/client.key

again, for detailed information look at

if you want you reach your NAS from outside your network, do not forget to forward port 1194 in your router (or whichever port you have chosen)

if everything goes allright when connected, your NAS will be reachable at test it for example by


note: if you are already connected to a 10.8.0.* network, routing will be messed up, it could be convenient to chose a bit more obscure address for your vpn, for example 10.161.80.*


Personal Tools