Couple of Questions regarding my OpenVPN server

Studynxx · 01 Mar 2024

I have set up my VPN Server following this tutorial: Setup Synology OpenVPN Server (easy, secure, remote access) - YouTube

1) If the OpenVPN Client config file which gets imported into the GUI client to initiate successful connection between client and server, contains the self-signed certificate, can I still get hacked, sth like a MiTM attack? Or any attacks against my VPN connection, so to speak?

2) In the client config file, there's an option to define the primary (and secondary) DNS server for domain name resolving. I don't have an AD environment set up. This is a workgroup environment. My only DNS server is the Internet DNS server built into my router. So for domain name resolution to work properly and for me to be able to access shares like this: \\Server\Share instead of only being able to access them like this \\IP\Share, do I need to set up a local DNS server on my Synology NAS? Since the VPN and the LAN are on a different subnet.

3) I don't have "Let's Encrypt" enabled under DDNS. I do have the rest of the DDNS setup tho. If I also enable Let's Encrypt, could my VPN still get hacked in any manner? And if so, how?

Malneb · 01 Mar 2024

If all this is done locally then none of that matters, it only becomes relevant if you are access the network from outside.

Studynxx · 01 Mar 2024

Malneb said:

If all this is done locally then none of that matters, it only becomes relevant if you are access the network from outside.

That's exactly why I have a VPN going and that's exactly what I do with it lol

Malneb · 01 Mar 2024

That is fine you never specified you'd be surprised people asking questions like that don't always often know.

1. No because you have a cert which is key pair signed key to an encrypted connection that only the holder has and without that key no one else can connect.

2. I cannot wrap my head around this atm

3. if you set that up no