Like other network services, e.g. web server and web browser (client), it takes both a VPN server and VPN client to create a VPN tunnel. The VPN server acts as the central point for multiple clients to make their connection. Once a connection, VPN tunnel, is created there can then be bi-directional access between other client and server services and this doesn't have to be all clients being at the VPN client end.
There are two basic VPN tunnel types:
- Client to Site. This is the normal remote access for users to securely access home or business services.
- Site to Site. This is usually a router at one site initiates a VPN tunnel to a VPN server at another site. This normally connects the two private LANs across, e.g., the Internet.
When looking at Internet VPN services, e.g. NordVPN / WindScribe / ExpressVPN, etc., these are VPN servers which also have a secured breakout onto the Internet. They can include additional features such as malware screening for traffic that the client device has tunnelled down to the service's site.
To access these Internet VPN services you use a VPN client, such as on your phone or Mac, and often will send all traffic from the client device to the VPN server. This is a Client to Site type.
Alternatively you can use the NAS's Network settings in Control Panel with it's built-in VPN client support. This can be used as a Site to Site connection. But you'd have to configure the NAS and LAN devices to know to use it to route traffic via its VPLN tunnel.
The Synology VPN Server package offer three VPN server types. Your home devices won't get any benefit from using this as they already have local access to the LAN and also Internet access through your router. But you can use it to get secure access for your mobile devices to the NAS or there LAN devices. This would also enable these mobile devices to use your home Internet access to get to web sites... meaning that if you're in the UK and travel to US then you can create a remote connection back home and any connections to the Internet will appear to be from your UK home, which could get you UK-geo-blocked access to sites such as BBC iPlayer. In this regard your NAS becomes like a private Internet VPN service using your home Internet access.