Connect to SSL VPN from DiskStation?

[jono]

Another VPN question 😊

I recently setup VPN Plus on a RT2600ac router, enabling OpenVPN and Synology's SSL VPN protocols.

I can connect to home via SSL VPN from different computers, iPhones etc. but can't see how to connect a Synology in a different location (for remote backups) to the VPN using SSL VPN.

I've connected that NAS to my home via OpenVPN, but wondering if it's not possible via Synology's SSL VPN?

 

[fredbert]

I don't think DSM has a built-in SSL-VPN client, like it has for OpenVPN etc.

SSL-VPN remote access was originally, IIRC, aimed at enabling clientless secure access, meaning: providing there is access to a web browser then there is no need to install VPN clients or configure built-in support. It also has the benefit to add a web portal to access internal services.

Of course there's no reason why SSL-VPN can't be used for site-to-site VPN but Synology will need to add the client to DSM's Network Interface control panel.

 

[jono]

Right, thanks for clarifying that.

I did notice that if I connect to the SSL VPN on my phone using the VPN Plus app I can access the remote NAS that's connected via OpenVPN, so it's pretty cool that VPN Plus Server on the RT2600ac handles the traffic over the 2 different protocols.

I think I'll leave it as it is for now with both running at the same time.

 

[Rusty]

Of course there's no reason why SSL-VPN can't be used for site-to-site VPN but Synology will need to add the client to DSM's Network Interface control panel.

Correct. Atm site to site is a router (SRM) feature

 

[fredbert]

I have the different, more secure, VPN services running in case there is a problem accessing one type from wherever I happen to be.

Regarding SRM site-to-site, it still only supports the same set of VPN technologies than DSM does, i.e. not SSL-VPN. In theory a DSM NAS can be setup as a perimeter device which is probably how we have got SRM. The site-to-site or client-to-site VPN difference is just a matter of LAN(s) access and routing.

I've never played with DSM making VPN client connections, say to another DSM NAS. I assume you need to ensure that the server side doesn't enforce LAN isolation on the client, if it's serving LAN devices.

 

[jono]

Yeah, I already have the remote NAS (at my parents') connecting to my own NAS at home through the VPN running on the RT2600ac. Working well for remote backups.