Basic VPN Setup?

Currently reading
Basic VPN Setup?

2
0
NAS
DS281+, DS212
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
A very basic setup and configuration question about local network topology to use a DS218 NAS for VPN.

I have a router+firewall at the entry point to my house, and then it feeds into a 24-port HP 1920s switch, which then fans out connections to all the rooms and devices in the house (some with one further layer of local distribution switches).
My NAS (DS218+) sits at one node of this tree.
It would seem to me that I would need to setup VPN in the initial router/firewall to even be able to access anything in the local domain, so I am not sure why one would try to use a Synology NAS as a VPN server?
Seems like that would only make sense if it was somehow at the main entry point to the local network (else how to even access it?), and being able to VPN to it would only give access to that device itself (and its peers on the local network?).
So one approach would be to let the NAS be directly accessible through the firewall, and then it handles VPN access, or else just let the firewall itself which has to be there to protect the entire network provide the VPN service. And then once VPN’ed in from the top level firewall, one can access any local resources, including the NAS files & services.
What am I missing here??

Perhaps the difference is that if one wanted to only VPN expose access to the NAS, one would publish an address for it, and then enable the VPN access there - only on that NAS device.
( Synology Router Manager - Knowledge Base | Synology Inc.)
 
You might use the NAS as a VPN server if, for example, your router/firewall doesn't have its own built-in VPN server. In the router, you'd forward the VPN port to the NAS. Now, by logging into the NAS's VPN server from out on the internet, you can proxy all your internet traffic through your NAS. Or (or in addition), you can then have secure access to the other resources on your LAN.
 
This is similar to a previous thread. It was assuming the router was a Synology SRM-based device but the general situation is the same if the Internet router/firewall has VPN servers.

Welcome to the forum @guthrie .
 
for a reasonable cost,
one could setup a mini PC with a firewall router distro,
like OPNsense, pfSense, Sophos XG, Untangle
all these are free or have free versions

they have a learning curve but are easy to setup and use via the GUI

they can offer much more than a VPN server
and I think they are important to secure a server that is exposed to the internet, especially NASes that contain a lot of personal data

Also being in front of our network, offer another layer of protection, in case they are compromised or we made mistakes, then the intruder has to pass the NAS security afterwards
 
Docker it and you are good to go
I read briefly about Docker’s support a few months back (and checked the iOS client) but was a bit hesitant to try it. During this pandemic, I rely so much on the VPN connection with heavy daily use and the OpenVPN server has been very solid so far.

So nothing is wrong with OpenVPN, but using WireGuard by other VPN services, one can’t help but notice its performance, low CPU usage and the connection setup speed (almost instantaneous). I wish Synology updates the VPN server to include it natively.

Also NAS can be more powerful then the router so encrypted traffic can provide better speeds as well (in some cases).
That’s a good point.
 
You might use the NAS as a VPN server if, for example, your router/firewall doesn't have its own built-in VPN server. In the router, you'd forward the VPN port to the NAS. Now, by logging into the NAS's VPN server from out on the internet, you can proxy all your internet traffic through your NAS. Or (or in addition), you can then have secure access to the other resources on your LAN.
Thanks; I will have an ISP provided really good firewall/VPN capable unit (mikroTek-hEXs) at the head-end of entry - so just didn't see the value of forwarding traffic to the NAS to do that job.
-- post merged: --

for a reasonable cost,
one could setup a mini PC with a firewall router distro,
like OPNsense, pfSense, Sophos XG, Untangle
all these are free or have free versions

they have a learning curve but are easy to setup and use via the GUI

they can offer much more than a VPN server
and I think they are important to secure a server that is exposed to the internet, especially NASes that contain a lot of personal data

Also being in front of our network, offer another layer of protection, in case they are compromised or we made mistakes, then the intruder has to pass the NAS security afterwards
Yes; thanks.
Seems like the responses are basically- if you don't have a good front-end firewall/VPN, let the NAS do it. If you do, probably not much point.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hi Fredbert, I followed your "lazy" tip and it works fine. Thanks :)
Replies
8
Views
749
Anyone have VPN split tunneling and have functionality as described below, using an android VPN app...
Replies
0
Views
521

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top