I am looking into more secure options for my NAS, and have several questions about what would be safest.
Use case, I have several members of the family who use the NAS, and quick connect works fine for multiple members (aka to access synology drive and synology photos app). I personally use webdav to sync devontink and Zotero, so need this setup externally but would only be me. I am started using a few apps like kavita/audiobookshelf that are convenient to access externally for multiple users, but ultimately just me would be ok if safest.
Options:
1) My netgear orbit has openvpn built in and this was very easy to set up, and I have it on my phone, iPad, and MacBook (I just hate having to turn it on to use it).
2) Install Tailscale (was very easy to setup, only negative is only one username allowed so I would have to share it with everyone who wants to use it externally). Ultimately I think this might just be for my personal use.
3) Reverse proxy (which as I understand requires external ports exposed).
Which of the 3 options would be the safest?
If vpn any benefit to Tailscale to synology vs openvpn direct from my netgear orbit?
If VPN what is the best way to webdav (just turn on VPN when wanting to connect and use the internal address?)
If using reverse proxy, what is best practice for ports to open up (80, 443 I believe are standard for HTTP/HTTPS?)
Use case, I have several members of the family who use the NAS, and quick connect works fine for multiple members (aka to access synology drive and synology photos app). I personally use webdav to sync devontink and Zotero, so need this setup externally but would only be me. I am started using a few apps like kavita/audiobookshelf that are convenient to access externally for multiple users, but ultimately just me would be ok if safest.
Options:
1) My netgear orbit has openvpn built in and this was very easy to set up, and I have it on my phone, iPad, and MacBook (I just hate having to turn it on to use it).
2) Install Tailscale (was very easy to setup, only negative is only one username allowed so I would have to share it with everyone who wants to use it externally). Ultimately I think this might just be for my personal use.
3) Reverse proxy (which as I understand requires external ports exposed).
Which of the 3 options would be the safest?
If vpn any benefit to Tailscale to synology vs openvpn direct from my netgear orbit?
If VPN what is the best way to webdav (just turn on VPN when wanting to connect and use the internal address?)
If using reverse proxy, what is best practice for ports to open up (80, 443 I believe are standard for HTTP/HTTPS?)