Last edited:
A very basic setup and configuration question about local network topology to use a DS218 NAS for VPN.
I have a router+firewall at the entry point to my house, and then it feeds into a 24-port HP 1920s switch, which then fans out connections to all the rooms and devices in the house (some with one further layer of local distribution switches).
My NAS (DS218+) sits at one node of this tree.
It would seem to me that I would need to setup VPN in the initial router/firewall to even be able to access anything in the local domain, so I am not sure why one would try to use a Synology NAS as a VPN server?
Seems like that would only make sense if it was somehow at the main entry point to the local network (else how to even access it?), and being able to VPN to it would only give access to that device itself (and its peers on the local network?).
So one approach would be to let the NAS be directly accessible through the firewall, and then it handles VPN access, or else just let the firewall itself which has to be there to protect the entire network provide the VPN service. And then once VPN’ed in from the top level firewall, one can access any local resources, including the NAS files & services.
What am I missing here??
Perhaps the difference is that if one wanted to only VPN expose access to the NAS, one would publish an address for it, and then enable the VPN access there - only on that NAS device.
( Synology Router Manager - Knowledge Base | Synology Inc.)
I have a router+firewall at the entry point to my house, and then it feeds into a 24-port HP 1920s switch, which then fans out connections to all the rooms and devices in the house (some with one further layer of local distribution switches).
My NAS (DS218+) sits at one node of this tree.
It would seem to me that I would need to setup VPN in the initial router/firewall to even be able to access anything in the local domain, so I am not sure why one would try to use a Synology NAS as a VPN server?
Seems like that would only make sense if it was somehow at the main entry point to the local network (else how to even access it?), and being able to VPN to it would only give access to that device itself (and its peers on the local network?).
So one approach would be to let the NAS be directly accessible through the firewall, and then it handles VPN access, or else just let the firewall itself which has to be there to protect the entire network provide the VPN service. And then once VPN’ed in from the top level firewall, one can access any local resources, including the NAS files & services.
What am I missing here??
Perhaps the difference is that if one wanted to only VPN expose access to the NAS, one would publish an address for it, and then enable the VPN access there - only on that NAS device.
( Synology Router Manager - Knowledge Base | Synology Inc.)