I have a QNAP TS-253 Pro (QTS 4.2.0), on which a OpenVPN-server is configured and running fine. Since I want to use client-certificates to secure the VPN connections, the built-in configuration on the web interface is of no use at all.
So I imported my config and certificate files via SSH / SCP to /etc/openvpn, restarted the OpenVPN server and it worked well until i rebooted the QNAP NAS. The config was gone back to QNAPs factory default.
It appears, the /etc/openvpn directory is just a symlink to /mnt/ext/opt/vpnopenvpn/etc/openvpn/, which holds the original config from the webinterface of my QNAP. Next thing I tried was to edit the config there, and hoped it won't be replaced at the next boot, but this was not a solution. Rebooted and found the factory-default OpenVPN config files in /mnt/ext/opt/vpnopenvpn/etc/openvpn/.
I digged through many threads on QNAPs official forum, inofficial blog posts, and some init.d-scripts on the QNAP itself to find a way to either turn off the automatic rollout of the factory-default settings or make the QNAP roll out my working configuration to /etc/openvpn.
Here is a list of my unsucessfull tries:
- Copied config to /etc/openvpn – config got rewritten at boot
- Copied config to /mnt/ext/opt/vpnopenvpn/etc/openvpn/ – config got rewritten at boot
- Followed instructions at: http://wiki.nas-portal.org/index.php/Install_OpenVPN_on_QNAP – could not find qpkg / ipkg in the actual version of QTS (running 4.2.0), maybe the tutorial is written for an older release…
- Tried to run a self-created autorun.sh-script as described here: http://forum.qnap.com/viewtopic.php?t=83804#p372711 – folders at /share seem to be recreated at every boot
- Completely digged through this thread, recommended from users at official QNAP forums: http://forum.qnap.com/viewtopic.php?f=90&p=61890&t=10400&sid=6aa706cb2ff41a75c6f048883328512a – doesn't seem to be regarding my specific problem / configuration
- Commented out the openvpn-specific sections in /etc/init.d/installtgz.sh – the file itself got rewritten at boot and my comments were an active part of the script again
Does anyone know, how to stop QTS to rewrite my configuration files? I dont want to copy the OpenVPN config manually every time the QNAP is rebooted…
Best Answer
I was looking for a similar solution, because I needed a serverside Open VPN config for fixed IP numbers. My solution was to add a line to the vpn_openvpn.sh file right before it starts the daemon_mgr in my case line 210.
I added the line starting with echo. At this point you should also be able to modify the configuration in /etc/openvpn/server.conf
When added here, the line will survive restarts of the OpenVPN Server but as you already painfully experienced, a lot of files get recreated at boot time. This is where the autorun.sh comes into play. How to use it you can find here The exact syntax is based on the type of QNAP NAS you got.
You can add a sed line here to recreate the "fix" at boot time.
In your case the autorun.sh should look like this:
Let me know if it works
Edit: after some rethinking you can do it even shorter