So finally ditched the Apple AirPort Extreme after 5 years of service. Went with the netgeat orbi, which I discovered supports OpenVPN. So should I switch from running it on my NAS to the router or leave as is? Wondering which would be more secure.
VPN on router or Synology NAS?
- Thread starter Todd Schmidt
- Start date
pryoclastic
n3wb
- Sep 20, 2017
- 15
- 3
Assuming OpenVPN can be trusted your question should be more about risk management: If a host or a device is compromised what is my exposure risk? What do I stand to lose? Additionally, do I have the knowledge or tools to determine that my equipment has been breached?
Out of the gate, Synology wins over Netgear because I trust its OS compared to Netgear's firmware. However, I personally have issues with a NAS at the edge of the open internet being a gatekeeper. So, without additional inputs, I would go with Netgear to minimize the risk of losing the NAS.
No question, your network would be more secure by letting the router/gateway control VPN.
SouthernYankee
IPCT Contributor
I go with the router. One less port to open on the router to get the NAs to work.
With ^^, but I want to add another important reason: if your NAS gets breached, not only can people hop-in to your network, but also steal valuables from your NAS (pictures from your doggo, bank statements, expense reports, tax income, ... ). In my network, my NAS is in the inner-intranet where nobody can enter, not from guest wifi, not from outside. Better be safe than sorry: openVPN at the edge of your network, not inside your network.
I once reworked a dual site Synology NAS with synchronisation, then the idea was to have OpenVPN connect-wise synchronise, but even that is not a requirement as you could easily construct a point2point ssh tunnel for example.
Good luck!
CC
I once reworked a dual site Synology NAS with synchronisation, then the idea was to have OpenVPN connect-wise synchronise, but even that is not a requirement as you could easily construct a point2point ssh tunnel for example.
Good luck!
CC
I'd be surprised if it required a static IP address (on the WAN side) ... the whole purpose if DDNS is to keep up with dynamic IP addresses.
I don't have an Orbi to use to vet these videos, but they might be helpful:
PreviewPreview3:14Netgear Orbi - How to Setup Dynamic DNS (DDNS) Tutorial
PreviewPreview6:35Netgear Orbi - How to Setup OpenVPN Tutorial
I don't have an Orbi to use to vet these videos, but they might be helpful:
PreviewPreview3:14Netgear Orbi - How to Setup Dynamic DNS (DDNS) Tutorial
PreviewPreview6:35Netgear Orbi - How to Setup OpenVPN Tutorial
Thanks. It didn’t require the static ip, just the DDNS. In process of figuring it out. Thanks for the videos. Watching them now.
So I followed all the direction, but it’s still not connecting. Will it only work when I’m not on my network already?
That can vary. If you're testing from your phone, try temporarily turning off WiFi and then connecting.
That worked. I was trying from my iPad, but it only has WiFi. I think I’m good now. Now to test and make sure it connects to BI.
edit: it worked. Guess I can turn off the vpn on my Synology now and close that port.
After a few days using the vpn on the router, I can say it is much more stable and faster connecting.
@Todd Schmidt ,
which vpn were you using on the disk station ? (there are more than one, beyond the docker do_whatever side).
which vpn were you using on the disk station ? (there are more than one, beyond the docker do_whatever side).
interesting i'll start scanning my logs more closely but i've not had stability issue with that package on a disk station that I have in the wild still running it.
Yeah, mine would randomly drop the connection. And I’d have to disconnect and reconnect a couple times before it would work. the disk station was behind a Comcast router if that helps.