Hi, I have a synology nas and was considering using that for a vpn server. Just wondering if that would be a good idea or would I be better of buying a router that can support VPN? Currently I am not using any vpn so I know I need to get something going, so I can view my cameras and access securely. Also if I use either one will I need to port foward at least 1 port so it would get to the synology nas? Thanks
Using Synology as a VPN server questions
- Thread starter Jamson
- Start date
This has nayr written all over it, but I'll chime in. To get my VPN working I leveraged OpenVPN on my Ubuntu Server, which already had port 443 forwarded (for Nextcloud access) over TCP. I just forwarded 443 UDP to the same box for use with OpenVPN, with my VPN settings pointed to UDP. You also need a way to remotely "talk" to your server. I.E., how would your system remotely know which server in the wild is your server? Enter DDNS (Dynamic DNS), or else would have to leverage a direct external IP (which may change via your ISP at times, giving DDNS the +1), unless you can get a static IP from your provider (rarely an option, and frequently at an additional cost).
So I'm thinking overall that's what you're looking at. Static IP *or* DDNS, forwarding at least one port (I chose 443 since it's a standard HTTPS port, and thus, rarely blocked).
It's also good practice to IP your LAN something uncommon. If your network is IP'd 192.168.1.X/255.255.255.0, and you're at a remote location but the LAN there is 192.168.1.X/255.255.255.0, the VPN will be a bust. I re-IP'd my LAN to something much more uncommon, say 10.62.0.X/255.255.255.0, and haven't had any issues since.
As far as the VPN service within the Synology, I can't comment on that in particular. I think it's worth a shot to try -- I just haven't used it personally to feel one way or another.
So I'm thinking overall that's what you're looking at. Static IP *or* DDNS, forwarding at least one port (I chose 443 since it's a standard HTTPS port, and thus, rarely blocked).
It's also good practice to IP your LAN something uncommon. If your network is IP'd 192.168.1.X/255.255.255.0, and you're at a remote location but the LAN there is 192.168.1.X/255.255.255.0, the VPN will be a bust. I re-IP'd my LAN to something much more uncommon, say 10.62.0.X/255.255.255.0, and haven't had any issues since.
As far as the VPN service within the Synology, I can't comment on that in particular. I think it's worth a shot to try -- I just haven't used it personally to feel one way or another.
MrRalphMan
Getting the hang of it
- Joined
- Jan 20, 2016
- Messages
- 309
- Reaction score
- 72
Hi, I use my Synology NAS as my VPN server and yes you need to port forward on port, the one you decide to allocate to the VPN server.
I have the Clients connecting from a mixture of Android and IoS devices, not needed to use a laptop as yet.
Barring a few teething issues, which were down to my inexperience of the product, it was relatively easy to get up and running.
Paul
I have the Clients connecting from a mixture of Android and IoS devices, not needed to use a laptop as yet.
Barring a few teething issues, which were down to my inexperience of the product, it was relatively easy to get up and running.
Paul
Hi, Thanks for the help so far. I have 2 other questions. I am going to use my synology as the vpn server , is leaving the default port 1194 safe from being left open? Also is there a way to get the vpn client to only open when I want to access the cameras vs leaving it on all the time. I currently use tiny cam monitor for my android phone. Thanks
MrRalphMan
Getting the hang of it
- Joined
- Jan 20, 2016
- Messages
- 309
- Reaction score
- 72
Personally I've left it with the default port, the vpn server should be hardened to attacks.
As for connecting and disconnecting the client automatically, this might be possible with macro/automation tools, but for the ten seconds it takes to open the client and hit connect, I just do it manually.
Sent from my A0001 using Tapatalk
As for connecting and disconnecting the client automatically, this might be possible with macro/automation tools, but for the ten seconds it takes to open the client and hit connect, I just do it manually.
Sent from my A0001 using Tapatalk
MrRalphMan
Getting the hang of it
- Joined
- Jan 20, 2016
- Messages
- 309
- Reaction score
- 72
As it's installed - yes.
But you can include/exclude apps.
Sent from my A0001 using Tapatalk
But you can include/exclude apps.
Sent from my A0001 using Tapatalk
nayr
IPCT Contributor
its better to have all the traffic go through your home in most cases; if your on a public wifi w/no encryption at all it protects your traffic from nearby snoops..
only exception I can think of is if your provider gives you unlimited data for some apps (pandora/netflix/etc); you might exclude those.
only exception I can think of is if your provider gives you unlimited data for some apps (pandora/netflix/etc); you might exclude those.
nayr
IPCT Contributor
that'd be how you check; if its not showing your home IP its not routing everything over the VPN.. only your lan subnet.
check the config on your client.
check the config on your client.
I am using openVPN Connect from android app store and I cant seem to see what options I could change. Its partly working because I can see my home internal network. Maybe I need to change something in the vpn server on my synology?
Ron Parker
n3wb
I know I am two years late to this, but I just wanted to add a comment in case someone else with this question happens to find this thread. I, too, have both ASUS routers and a Synology NAS. I have been researching VPN, but am not very knowledgeable on the subject, so I wanted to find the easiest way possible to create a VPN server and connect to it with my Android phone, tablet and car head unit. Turns out that enabling the Synology VPN Server was very, very easy -- and using OpenVPN Connect (Android app) to connect to it was not as painful as I had imagined.
This video helped a LOT with respect to setting up the VPN server:
I selected the OpenVPN option.
This video sort of helps with the OpenVPN Connect configuation:
Essentially, you extract the files from the .zip created when you Export the VPN Server Profile and copy those (there will be an .opvn profile and .crt certificate) files to a directory on your Android device. When you open OpenVPN Connect, select OPVN Profile option, and import the .opvn file from the directory. Enter the username/password for the user who has privileges on the VPN Server -- and you are good to go!
Hope this helps someone. I know I was pulling my hair out trying to understand this technology and was just about to go the router route.
Good luck!
This video helped a LOT with respect to setting up the VPN server:
I selected the OpenVPN option.
This video sort of helps with the OpenVPN Connect configuation:
Essentially, you extract the files from the .zip created when you Export the VPN Server Profile and copy those (there will be an .opvn profile and .crt certificate) files to a directory on your Android device. When you open OpenVPN Connect, select OPVN Profile option, and import the .opvn file from the directory. Enter the username/password for the user who has privileges on the VPN Server -- and you are good to go!
Hope this helps someone. I know I was pulling my hair out trying to understand this technology and was just about to go the router route.
Good luck!
MacFun
Getting the hang of it
When I connect to the Synology via my Mac I cannot reach the local LAN without editing the routing table on the client Mac... For those of you that connect to the NAS VPN can you then access all nodes on that remote LAN? What could I be doing wrong? BTW: I'm using L2P/iPSEC because it just seemed easier to configure... Thanks!
aristobrat
IPCT Contributor
- Joined
- Dec 5, 2016
- Messages
- 2,983
- Reaction score
- 3,180
On the VPN configuration tab (in macOS), under Advanced, do you have the box checked to "Send all traffic over VPN connection"?
MacFun
Getting the hang of it
I’ll check that but the primary problem is that no traffic was reaching the remote lan.