(also posted this on reddit/synology, but no responses)
Hi-
Setting up two identical DS’s for a new client. One will be in their small office (primary NAS), the other at the owner’s home as an offsite Drive sync copy. Users will have the Drive client installed on their work machines and mobile devices. Most likely Mac, Windows 10 and iOS (not sure about Android, yet). Neither the office or home locations have a static IP address and owner would prefer to keep it that way.
Goals & Comments
NAS-to-NAS sync via drive steps
Client-to-NAS sync steps
Also, Is it possible to use a custom LE cert for the quickconnect address so we can bypass the whole DDNS thing altogether? I’m guessing not, but thought I’d ask.
Thanks in advance for the eyeballs and help.
Hi-
Setting up two identical DS’s for a new client. One will be in their small office (primary NAS), the other at the owner’s home as an offsite Drive sync copy. Users will have the Drive client installed on their work machines and mobile devices. Most likely Mac, Windows 10 and iOS (not sure about Android, yet). Neither the office or home locations have a static IP address and owner would prefer to keep it that way.
Goals & Comments
- Harden NAS-to-NAS Drive syncing with SSL certificates that don’t expire every three months, ala Synology’s default LE certs.
- Same for client-to-NAS syncing.
- Minimize or eliminate any untrusted connection message noise from drive clients (though I read Windows 10 is currently an issue due to a change on LE’s end that Synology has yet to incorporate in the Windows client).
- For the purposes of this exercise, VPN is not an option at this time.
NAS-to-NAS sync via drive steps
- Register NAS with a supported Synology DDNS to get an DDNS address and setup address syncing
- Confirm DDNS address resolves from the internet to the external IP of site
- Open inbound router ports for 80 and 443
- Use the Syn cert wizard to request Let’s Encrypt cert with the DDNS domain
- Make the new cert the default for Drive app(s)
- Close ports 80 and 443
- Forward the applicable HTTPS port on the router to the DS, e.g., 5001 (is this even needed if users will only be using the drive client? Admin access will be done via quick connect.)
- Test HTTPS login to DSM
- Repeat for the 2nd NAS
- Setup NAS-to-NAS Drive connection using the DDNS address with the SSL option ticket and test the connection
Client-to-NAS sync steps
- Install client
- Login with correct address and credentials
Also, Is it possible to use a custom LE cert for the quickconnect address so we can bypass the whole DDNS thing altogether? I’m guessing not, but thought I’d ask.
Thanks in advance for the eyeballs and help.