Release Notes for VPN Plus Server

VPN Plus Server turns your Synology Router into a powerful VPN server. This package allows secure VPN access through a web browser or client. It supports various VPN services — WebVPN, SSL VPN, Remote Desktop, SSTP, OpenVPN, L2TP/IPSec, PPTP, and Site-to-Site VPN. Moreover, with multiple management tools, this package can help the network administrator regulate and watch VPN traffic at all times.

Version: 1.4.7-0687

(2023-08-24)

Important Note

The update will be available for selected regions within the following weeks, although the release time in each region may vary slightly.

Compatibility and Installation

  1. Support for Synology SSL VPN Client 1.4.7-0687.

Version: 1.4.6-0685

(2023-05-04)

Important Note

The update will be available for selected regions within the following weeks, although the release time in each region may vary slightly.

Fixed Issues

  1. Fixed a security vulnerability (Synology-SA-23:04).

Version: 1.4.5-0684

(2022-11-02)

Compatibility & Installation

  1. VPN Plus Server 1.4.5-0684 requires SRM 1.3.1 or above.

What's New

  1. Updated to support VLAN-related functions.
  2. Added support for DH groups 19/20/21 to Site-to-Site VPN encryption.
  3. Supports adjusting the security mode used for Remote Desktop (RDP) connections.
  4. Updated WebVPN to support encrypted connections using TLS1.3.
  5. Updated SoftEther to version 4.38-9760.
  6. Updated OpenVPN to support Authenticate Server CN (common name).

Fixed Issues

  1. Fixed an issue where certificate parsing might fail if the root certificate contained special characters.
  2. Fixed an issue where users would be unable to connect with OpenVPN if a root certificate was used as an intermediate certificate.
  3. Fixed an issue where L2TP/PPTP VPN connection might fail when multiple DHCP servers exist in a local network environment.
  4. Fixed an issue where SSL VPN clients using macOS would not use the SRM specified DNS server after connecting to Synology Router.
  5. Fixed an issue where a Remote Desktop (RDP) connection with Firefox may result in connection failure.
  6. Fixed an issue where an exported OpenVPN configuration file might contain the wrong certificate chain when using Let's Encrypt, preventing the client from connecting to VPN.
  7. Fixed an issue where the WebVPN portal could not normally redirect users to the login page after a session expired.
  8. Fixed an issue where the session timeout may not be triggered correctly when the VPN Plus portal was launched.
  9. Fixed an issue where the status of deactivated domain users was not displayed correctly.
  10. Fixed an issue where SSL VPN connections with account names containing diaeresis (e.g., ä, ë, or ï) would not be visible in logs and current connections.
  11. Fixed multiple security vulnerabilities (CVE-2021-3711,CVE-2021-3712,CVE-2019-6462,CVE-2020-28194, and CVE-2020-11997, CVE-2022-24704, CVE-2022-24705, CVE-2021-41767, CVE-2021-41160, CVE-2021-41159: FreeRDP).

Version: 1.4.4-0635

(2022-05-11)

Important Note

  1. This is the initial release for RT6600ax.

Version: 1.4.3-0534

(2021-11-16)

Fixed Issues

  1. Fixed an issue where Remote Desktop (RDP) might malfunction.
  2. Fixed a security vulnerability (Synology-SA-22:26).

Version: 1.4.2-0533

(2021-09-14)

Fixed Issues

  1. Fixed multiple security vulnerabilities regarding OpenSSL (Synology-SA-21:24).

Version: 1.4.1-0530

(2021-07-20)

Important Note

1.The current DST Root CA X3 root certificate used by Let's Encrypt will expire at the end of September. To ensure continued connectivity, please update the package and re-export the configuration file to your OpenVPN client as soon as possible.

Fixed Issues

1.Fixed an issue where the exported OpenVPN configuration file might contain the wrong certificate chain when using Let's Encrypt, preventing the client from connecting.

Version: 1.4.0-0529

(2021-05-11)

Important Note

  1. As of this update, setting up an SSL VPN server no longer requires configuring Security Level and Authentication. The new default option "Auto" will automatically select the best security level based on client connections. There is also an option to allow only TLS 1.3 encrypted connections.

What's New

  1. Added TLS 1.3 encryption to SSL VPN to enhance connection security.
  2. Added ChaCha20-Poly1305 cipher suites support to SSL VPN for enhanced security.
  3. Removed 3DES cipher suites support from L2TP VPN service to ensure connection security.
  4. Added a field for modifying the mssfix parameter of OpenVPN.

Fixed Issues

  1. Removed TLS 1.0/TLS 1.1 encryption and updated available cipher suites for WebVPN to ensure connection security.
  2. Fixed an issue where clients might incorrectly be assigned a gateway IP address when connecting via L2TP VPN, resulting in connection failure.
  3. Fixed an issue where local network could not be selected as a local site's private subnet in the Site-to-Site VPN settings when the DHCP server was disabled.
  4. Fixed an issue where removing a single user from a block list might result in the removal of other users from the list as well.
  5. Fixed an issue where OpenVPN clients might fail to connect to Synology Router's LAN when in Wireless AP (bridge) mode.
  6. Fixed an issue where clients' PPTP VPN reconnections might fail after being disconnected from the server-side.
  7. Fixed an issue where Jumpcloud LDAP users might not be able to establish connections via some VPN protocols.
  8. Fixed an issue where clearing the connection history could result in an error message.
  9. Fixed multiple security vulnerabilities (CVE-2018-20023, CVE-2018-20022, CVE-2018-20024, CVE-2019-17185, CVE-2019-13456, CVE-2021-3450, CVE-2021-3449, CVE-2020-15103, CVE-2020-9497, CVE-2020-9498, CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020-11099, CVE-2020-4030, CVE-2020-4032, CVE-2020-4033, CVE-2019-20788, CVE-2019-20839, CVE-2020-14396, CVE-2020-14398, CVE-2020-14399, CVE-2020-14405, CVE-2018-21247, CVE-2020-11019, CVE-2020-11041, CVE-2020-11040, CVE-2020-11043, CVE-2020-11085, CVE-2020-11086, CVE-2020-11087, CVE-2020-11088, CVE-2020-11089, CVE-2020-13396, CVE-2020-13398, CVE-2020-13397, CVE-2020-11525, CVE-2020-11524, CVE-2020-11523, CVE-2020-11522, CVE-2020-11521, CVE-2020-11048, CVE-2020-11046, CVE-2020-11045, CVE-2019-11868, CVE-2018-20021, CVE-2018-20020, and CVE-2018-20019).
  10. Minor bug fixes.

Version: 1.3.9-0472

(2020-09-22)

Important Note

  1. This is the last version that supports SSL VPN on Ubuntu 14.04.
  2. For users of VPN Plus Server 1.3.9, Synology SSL VPN Client 1.3.9 for macOS is only compatible with Big Sur or later. If your operating system is macOS 10.15 or earlier, please use Synology SSL VPN Client 1.3.7.
  3. The update will be available for all regions within the following days, while the release time in each region may vary slightly.

What's New

  1. Updated SoftEther to version 4.34-9745.

Bug fixed

  1. Minor bug fixes.

Version: 1.3.8-0469

(2020-06-18)

Important Note

  1. The update will be available for all regions within the following days, while the release time in each region may vary slightly.

Fixed Issues

  1. Fixed the issue where VPN connections might be interrupted by the traffic control settings configured in Network Center.
  2. Fixed the issue where websites with redirection mechanism might not be redirected normally during WebVPN connections.
  3. Fixed the issue where the local network on one site during a Site-to-Site VPN connection might not be accessed normally by clients on the other site, as packets could be blocked by the firewall.
  4. Fixed the issue where Site-to-Site VPN connections might be interrupted when SRM is accessed via QuickConnect.
  5. Updated the built-in OpenSSL of Synology SSL VPN Client for Windows to address the issue of VPN connection failure.
  6. Fixed the issue where the VPN Plus web portal could not be signed in using an account with 2-step verification enabled when the verification code starts with 0.
  7. Fixed multiple security vulnerabilities regarding VPN Plus Server (CVE-2018-20748 and CVE-2019-15690).
  8. Minor bug fixes.

Version: 1.3.7-0462

(2019-11-19)

What's New

  1. Supports automatic setup of outbound IP addresses for the Site-to-Site VPN to failover/failback between primary and secondary network interfaces.

Fixed Issues

  1. Fixed the issue where SSL VPN cannot work properly on macOS 10.15.

  2. Fixed the issue where the DNS server settings on macOS will be switched from automatic to manual after the computer is disconnected from an SSL VPN.

  3. Fixed the issue where Site-to-Site VPN connection through DDNS might fail after the restart of Synology Router when on the PPPoE mode.

  4. Minor bug fixes.

Version: 1.3.6-0454

(2019-07-24)

Compatibility & Installation

  1. VPN Plus Server 1.3.6-0454 supports SRM 1.2.3 or later.

What's New

  1. DDNS supports the use of Let's Encrypt certificate.

Fixed Issues

  1. Fixed an issue where WebVPN might not work properly.

  2. Fixed an issue regarding memory usage.

  3. Fixed an issue where Site-to-Site VPN might not work properly when firewall default settings deny WAN-to-LAN rules.

  4. Fixed an issue where Remote Desktop might fail to connect when the username involves the "." character.

  5. Fixed an issue where SSL VPN might not work properly if the guaranteed bandwidth of all connected devices and SRM services exceed the ISP limitation.

  6. Fixed an issue where the Shift key might not work properly in Remote Desktop.

  7. Fixed an issue where the system boot might slow down when packages are activated.

Version: 1.3.5-0442

(2019-01-30)

Compatibility & Installation

  1. VPN Plus Server 1.3.5-0442 is compatible with SRM 1.2.1 and above.

Fixed Issues

  1. Fixed an issue where Site-to-Site VPN connection might not work properly when using the DDNS to resolve a hostname into an IPv6 address.
  2. Fixed an issue where permission settings might not be available when connecting the WebVPN portal from a designated site.
  3. Fixed an issue where Site-to-Site VPN might not be reconnected after disconnection.
  4. Fixed an issue where the WebVPN portal might not be redirected properly after VPN Plus Server was restarted.
  5. Fixed an issue where the Site-to-Site VPN page might be disabled when the router was restarted.
  6. Fixed an issue where licenses might not be removed after logging out of the Synology account.
  7. Fixed an issue where Site-to-Site VPN might not be connected automatically via PPPoE after being rebooted.
  8. Fixed an issue where VPN Plus Server might not work properly when the bandwidth setting was low in traffic control.
  9. Fixed an issue where the number of automatic blocking might increase when Synology VPN login failed.
  10. Fixed an issue where the SRM traffic control might not work properly when the number of connections was huge.
  11. Improved the stability of Site-to-Site VPN.
  12. Fixed multiple security vulnerabilities regarding VNC (CVE-2018-20019, CVE-2018-20020, CVE-2018-20021).

Version: 1.3.4-0430

(2018-12-20)

Fixed Issues

  1. Fixed an issue where logging in SSL VPN with IP or domain name without WebVPN prefix might fail when SSL VPN and WebVPN are both enabled.

Version: 1.3.3-0425

(2018-11-08)

Fixed Issues

  1. Fixed an issue where Report might not work properly after upgrading to 1.3.2.

Version: 1.3.2-0422

(2018-10-16)

Fixed Issues

  1. Fixed an issue where the VPN speed limit function might not work properly.
  2. Fixed an issue where the Standard VPN page might not work properly in an IPv6 environment.

Version: 1.3.1-0420

(2018-10-04)

Compatibility & Installation

  1. VPN Plus Sever 1.3.1-420 is only compatible with SRM 1.2 and above.

What's New

  1. Added support for detailed permission information.
  2. Added support for of Local ID and Remote ID in Site-to-Site VPN.
  3. Added support for password memory in Remote Desktop connection.
  4. Added support for whitelist mechanisms in SSL VPN.
  5. WebVPN supports websites that use WebSockets.

Fixed Issues

  1. Fixed an issue where VPN and DHCP are able to set overlapping subnets.
  2. Adjusted the cipher suite used by SSL VPN.
  3. Fixed an issue where Site-to-Site VPN licenses might be deactivated after a system reboot.
  4. Fixed an issue where Remote Desktop might automatically disconnect when the audio function is enabled.
  5. Fixed an issue where L2TP might not work properly when using 3G LTE.
  6. Fixed an issue where Cookie might not be cleared wen the web portal is closed.
  7. Fixed an issue where the Site-to-Site VPN license page might not work properly.
  8. Fixed an issue where the Remote Desktop and Tight VNC connections might not work properly.
  9. Fixed an issue where configurations might not work properly with Chinese names.
  10. Fixed an issue where Site-to-Site VPN might not work properly after an IP change.
  11. Fixed an issue where the license page might not be updated immediately after a trial or license is purchased.
  12. Fixed an issue where multiple VNC connections cannot be established properly.
  13. Fixed an issue where OpenVPN configurations might not work properly after being exported.
  14. Fixed an issue where OpenVPN might not work properly when disconnected and reconnected frequently during short periods of time.
  15. Fixed an issue where special symbols can be filled into the PSK box of L2TP server.
  16. Fixed an issue where WebVPN might fail to connect to a default portal after the IP is changed.

Limitation and Known Issues

  1. Objects cannot be given names the same as system the default objects.

Version: 1.2.5-0226

(2018-04-30)

Fixed Issues

  1. Fixed an issue where the whitelist function might not work properly when a user accesses the WebVPN portal via a port other than 443.

Version: 1.2.4-0224

(2018-04-26)

What's New

  1. Added the function of whitelist.

Fixed Issues

  1. Fixed an issue where remote subnets of different Site-to-Site VPN tunnels could overlap.
  2. Fixed an issue where Site-to-Site VPN might not work properly upon change in IP addresses.
  3. Fixed an issue where ID settings might not be configured properly for Site-to-Site VPN.
  4. Fixed an issue where the Site-to-Site VPN license might not work properly after system restarts.
  5. Fixed an issue where the system might not check the license status upon network instability.
  6. Minor bug fixes.

Version: 1.2.3-0219

(2018-02-21)

Fixed Issue

  1. Fixed an issue where log settings might not function properly after changes are applied.
  2. Fixed an issue where an incorrect error might display after the occurrence of login failure on web portal.
  3. Fixed an issue regarding memory usage.
  4. Minor bug fixes.

Version: 1.2.2-0215

(2018-01-16)

Compatibility and Installation

  1. VPN Plus Server 1.2.2-0215 is only compatible with SRM 1.1.6 and above.

Fixed Issue

  1. Fixed an issue where Standard VPN page might not work when IPv6 is in use.

  2. Fixed an issue where L2TP server might not work properly after a system restart due to power outage.

  3. Fixed an issue where the assigned L2TP network interface might not work properly when load balance is enabled.

  4. Fixed an issue where WebVPN might not work properly when the domain prefix contains capital letters.

  5. Fixed an issue where Site-to-site VPN might not work properly when load balance is enabled.

  6. Fixed an issue where SSTP and OpenVPN might not work properly when their ports are exchanged.

  7. Minor bug fixes.

Version: 1.2.1-0212

(2017-11-01)

  1. Fixed an issue where OpenVPN might not work properly when using TCP port 443.

  2. Fixed an issue where SSL VPN might not work properly when WebVPN uses a port other than 443.

Version: 1.2.0-0211

(2017-09-27)

Compatibility and Installation

  1. VPN Plus Server 1.2.0-0211 is only compatible with SRM 1.1.5 and above.

What's New

  1. Site-to-Site VPN is now officially released with performance enhancement.
  2. Added support for cloud solution with Microsoft Azure through Site-to-Site VPN.
  3. Added support for IP addresses in the setup of private subnets for Site-to-Site VPN.

Fixed Issues

  1. Fixed an issue where VPN Plus Server might not assign IP addresses properly after an SRM update.
  2. Fixed an issue where the port 443 for WebVPN might be wrongly redirected to the configuration interface.
  3. Fixed an issue where DDNS might not work properly after its migration.
  4. Fixed an issue where error messages might not display when Site-to-Site VPN and L2TP client service are both enabled.
  5. Fixed an issue where certain operations of Site-to-Site VPN might not work properly with Microsoft Internet Explorer and Edge.
  6. Fixed an issue where VPN Plus Server might not assign IP addresses properly when Synology Router is switched to Bridge Mode.
  7. Fixed an issue where error messages regarding SSTP service might not display when the DDNS is not set up.
  8. Fixed an issue where Site-to-Site VPN settings might fail to be changed to default values.
  9. Minor bug fixes.

Version: 1.1.2-0142

(2017-08-16)
  1. Fixed a security vulnerability regarding Node.js (CVE-2017-11499).
  2. Fixed an issue where IP assignment might not work properly after an SRM update.
  3. Fixed an issue where SSL VPN might not work properly when softether is installed on the client Windows system.
  4. Fixed an issue where standard VPN protocols might not work properly after Synology Router restarts.
  5. Fixed an issue where Synology Router might be set up as a VPN client while delivering VPN services at the same time.
  6. Fixed an issue where WebVPN might fail to be enabled.
  7. Fixed an issue where a Site-to-Site VPN profile might fail to establish a connection after its initial setup.
  8. Minor bug fixes.

Version: 1.1.1-0131

(2017-06-06)
  1. Fixed an issue where WebVPN and SSL VPN might not work properly when Intrusion Prevention is enabled.
  2. Fixed an issue where the statistics on WebVPN traffic might not display correctly.
  3. Fixed an issue where WebVPN might not work properly when logged in via SSO.
  4. Minor bug fixes.

Version: 1.1.0-0127

(2017-04-27)

What’s New

  1. Added support for IPv6 connection in SSL VPN.
  2. Added support for DDNS domain "vpnplus.to".
  3. Changed VPN implementation from Openswan to Libreswan.
  4. Client VPN Access License for more concurrent access to Synology SSL VPN, WebVPN, and SSTP is now available for purchase.
  5. Site-to-Site VPN (Beta) feature is now available.

Fixed issues

  1. Fixed an issue where L2TP service might not work properly after Synology Router reboots.
  2. Fixed an issue where WebVPN might mistake a URL for invalid and show an error message.
  3. Fixed an issue where the Connect button in WebVPN might not function properly in Internet Explorer 11.
  4. Fixed an issue where L2TP service might fail to work after Guest Network or DHCP server is disabled.
  5. Fixed an issue where an operation failure message might display when a DDNS address has been registered.
  6. Fixed an issue where the server might fail to disconnect users with abnormalities or whose username has been changed.
  7. Fixed an issue where MAC Client might become unresponsive after reconnecting a couple of times.
  8. Minor bug fixes.

Known Issues & Limitations

  1. Site-to-Site VPN supports 4 connections.
  2. VPN Plus Server 1.1.0 is compatible with SRM 1.1.4 and above.

Version: 1.0.2-0087

(2017-03-15)

  1. Fixed an issue where some websites might become inaccessible via WebVPN.

  2. Fixed an issue where URLs with multiple parameters might become inaccessible via WebVPN.

  3. Fixed an issue where URL with upper case letters might become inaccessible via WebVPN.

  4. Fixed an issue where WebVPN might fail to work when mixed-content is allowed.

  5. Fixed an issue where WebVPN might display error messages upon changes in privileges.

Version: 1.0.1-0084

(2017-02-23)

What's New

  1. Synology SSL VPN is now supported on Mac OS.
  2. Added support for certificate auto-update upon launch of OpenVPN service.

Bug Fixes

  1. Fixed an issue where WebVPN might display error messages when the settings were not changed.
  2. Fixed an issue where WebVPN might fail to work properly after database updates.
  3. Fixed an issue where PPTP and L2TP might fail to work properly when the account name contains blank characters.

Version: 1.0.0-0076

(2017-01-13)
  1. Fine-tuned the functionality of connection settings for certain VPN protocols.

Version: 1.0.0-0075

(2017-01-12)

Compatibility and Installation

  1. VPN Plus Server 1.0.0-0075 can only be installed on Synology products running SRM 1.1.3 or later.
  2. VPN Plus Server 1.0.0-0075 no longer requires external storage space for installation or execution.

What's New

  1. The official version is now available.
  2. VPN Plus Server provides one concurrent account with free access to WebVPN, Synology SSL VPN, and SSTP.
  3. Supports migrating VPN service settings, user privileges, and logs from Synology VPN Server.
  4. Supports split tunneling for Synology SSL VPN client traffic.
  5. Supports adding URLs with a directory path (e.g. example.com/aabbcc/) as WebVPN portals.
  6. Supports WebVPN to detect websites identified by browsers as having mixed content.

Fixed Issues

  1. Fixed an issue where Internet access through some VPN protocols might fail when Synology Router was set to the Wireless AP mode.
  2. Fixed an issue where Windows AD or LDAP users might fail to connect to VPN Plus Server in some circumstances.
  3. Fixed an issue where intra-LAN throughput might be affected when VPN Plus Server was enabled on RT2600ac.
  4. Minor bug fixes.

Limitations & Known Issues

  1. Purchasable licenses for WebVPN, Synology SSL VPN, and SSTP access are not yet available.
  2. Firefox may fail to store the SSL certificate in some circumstances after Synology SSL VPN Client is installed. Troubleshoot by re-installing the client.