VPN on router or Synology NAS?

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
116
Reaction score
48
Location
Massachusetts
So finally ditched the Apple AirPort Extreme after 5 years of service. Went with the netgeat orbi, which I discovered supports OpenVPN. So should I switch from running it on my NAS to the router or leave as is? Wondering which would be more secure.
 

zape

Getting the hang of it
Joined
Sep 21, 2017
Messages
129
Reaction score
28
What exactly you're trying to secure?
 
Joined
Sep 20, 2017
Messages
15
Reaction score
3
Wondering which would be more secure.
Assuming OpenVPN can be trusted your question should be more about risk management: If a host or a device is compromised what is my exposure risk? What do I stand to lose? Additionally, do I have the knowledge or tools to determine that my equipment has been breached?

Out of the gate, Synology wins over Netgear because I trust its OS compared to Netgear's firmware. However, I personally have issues with a NAS at the edge of the open internet being a gatekeeper. So, without additional inputs, I would go with Netgear to minimize the risk of losing the NAS.
 

weigle2

Getting comfortable
Joined
Dec 30, 2016
Messages
595
Reaction score
328
Location
Somewhere in the space/time continuum
So finally ditched the Apple AirPort Extreme after 5 years of service. Went with the netgeat orbi, which I discovered supports OpenVPN. So should I switch from running it on my NAS to the router or leave as is? Wondering which would be more secure.
No question, your network would be more secure by letting the router/gateway control VPN.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,404
Reaction score
912
With ^^, but I want to add another important reason: if your NAS gets breached, not only can people hop-in to your network, but also steal valuables from your NAS (pictures from your doggo, bank statements, expense reports, tax income, ... ). In my network, my NAS is in the inner-intranet where nobody can enter, not from guest wifi, not from outside. Better be safe than sorry: openVPN at the edge of your network, not inside your network.

I once reworked a dual site Synology NAS with synchronisation, then the idea was to have OpenVPN connect-wise synchronise, but even that is not a requirement as you could easily construct a point2point ssh tunnel for example.

Good luck!
CC
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
116
Reaction score
48
Location
Massachusetts
Sounds like the consensus is to use the router. Guess I need to figure that out. Anyone know how to setup a static ip and DDNS on the netgear with xfinity internet? That seems to be the only way it‘ll let me do it.
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
116
Reaction score
48
Location
Massachusetts
I'd be surprised if it required a static IP address (on the WAN side) ... the whole purpose if DDNS is to keep up with dynamic IP addresses.

I don't have an Orbi to use to vet these videos, but they might be helpful:
PreviewPreview3:14Netgear Orbi - How to Setup Dynamic DNS (DDNS) Tutorial
PreviewPreview6:35Netgear Orbi - How to Setup OpenVPN Tutorial
Thanks. It didn’t require the static ip, just the DDNS. In process of figuring it out. Thanks for the videos. Watching them now.
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
116
Reaction score
48
Location
Massachusetts
So I followed all the direction, but it’s still not connecting. Will it only work when I’m not on my network already?
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
116
Reaction score
48
Location
Massachusetts
That can vary. If you're testing from your phone, try temporarily turning off WiFi and then connecting.
That worked. I was trying from my iPad, but it only has WiFi. I think I’m good now. Now to test and make sure it connects to BI.

edit: it worked. Guess I can turn off the vpn on my Synology now and close that port.
 

Todd Schmidt

Getting the hang of it
Joined
May 17, 2019
Messages
116
Reaction score
48
Location
Massachusetts
interesting i'll start scanning my logs more closely but i've not had stability issue with that package on a disk station that I have in the wild still running it.
Yeah, mine would randomly drop the connection. And I’d have to disconnect and reconnect a couple times before it would work. the disk station was behind a Comcast router if that helps.
 
Top