How to securely connect to your corporate or home network with a VPN server: let’s see how to set it up on Synology NAS servers. Setting up a VPN server in your office, company, or home means being able to connect remotely to your LAN in a secure manner. A VPN ( Virtual Private Network ) makes creating an encrypted tunnel between the connected server and client system possible: the information passing through this tunnel cannot be read, modified or damaged by third parties.
By connecting to your VPN server remotely, for example, when traveling, you can access shared resources on your local network or the Internet using your home or office connection. In this way, even using unsecured WiFi (because it is managed by an unknown, public or even open network), all personal information will pass through the network in encrypted form.
Unfortunately, Windows does not support secure protocols such as OpenVPN: VPN networks: differences between PPTP, L2TP IPSec and OpenVPN. To create a VPN server, therefore, we advise using a device that supports the OpenVPN protocol (router or NAS) or setting up an “ad hoc” Windows machine: VPN connection in Windows with OpenVPN. For this purpose, a Mini PC without active heat sinks can also be used.
VPN Server With Synology NAS
Synology NAS has the undeniable advantage of directly supporting many applications and services. The DiskStation Manager (DSM) operating system that equips the NAS servers facilitates the configuration and administration of the NAS from a web interface, therefore from a browser, and delivers into the hands of users a product that is not just a device for data but an extremely versatile device.
By setting up a VPN server on the Synology NAS, you will be able to remotely and securely access the files contained in the NAS, stored on devices connected to the local network, administer local devices such as media servers, video cameras, video surveillance systems, alarm systems, automation tools, home automation tools, industrial systems control and so on.
From the Package Center of your Synology NAS, select VPN Server and click Install to create a VPN server. Select OpenVPN from the VPN server settings section, click on Activate VPN server, and then tick the Allow clients to access the server’s LAN box. It is advisable to select AES-256-CBC from the encryption drop-down menu, and it is advisable to leave the Enable compression option on the VPN connection active.
This way, the data will be automatically compressed during the transfer, increasing the transmission speed. The only “neo” is a greater use of system resources, particularly additional work by the NAS. By clicking on Apply, the VPN server installed on the Synology NAS will listen on UDP port 1194: it is necessary to go to the router configuration and activate port forwarding on the same port.
It is essential to verify that you have assigned a static private IP to the NAS because in the router administration panel, in the port forwarding or port forwarding section, you will need to specify it explicitly. In the example in the figure, the administration panel ( Forwarding/Port Activation section ) of a router: as you can see, the forwarding of all requests received from the Internet on UDP port 1194 to the IP assigned to the NAS has been activated Synology (in this case 192.168.1.250).
Also Read: How VPNs Strengthen Your Cyber Security
Export The Configuration To Connect To The VPN Server
The last step is to click the Export Configuration button in the OpenVPN section of your Synology NAS: you will get a compressed file called openvpn.zip. Regardless of the system you will use to connect to the VPN server (Windows client, macOS, Android,…); we suggest the following:
- Safeguard the openvpn.zip file and its contents: ca. crt is the certificate of the VPN server; Server), VPNConfig. The oven is the configuration file intended for client devices.
- Extract the VPNConfig.ovpn file and open it with a text editor like Notepad++.
- Replace YOUR_SERVER_IP with the public IP assigned to your Synology NAS’s router. The router’s public IP must obviously be static and therefore not change over time; otherwise, you will not be able to access the VPN remotely (see Static IP address, how to get it and what it is for and Accessing a remote PC, router, camera or device on the local network ). Instead of the IP, you can also specify a mnemonic address, such as myoffice.DDNSprovider.net. In this way, the OpenVPN connection is also possible for those users who cannot use a static public IP (for example, because the provider does not provide it or the telecommunications operator charges it dearly…). It will be enough to activate a DDNS service ( Dynamic DNS; example: DynDNS DDNS free: guide to the configuration and use of No-IP ) and set it up on the Synology NAS server.
- To make it possible to surf the net using your home or office Internet connection, remove the # symbol in front of the redirect-gateway def1 parameter, then save the VPNConfig.ovpn file.
Regardless of the client software used (see below), you will be prompted to enter your login credentials when connecting. Authorized to connect to the VPN server are the users configured on the Synology NAS for whom the OpenVPN box is checked in the Privileges window.
On Windows systems, it will therefore be sufficient to download and install the OpenVPN software from this page. Once the installation is complete, copy the previously modified VPNConfig.ovpn file to the theC:\Program Files\OpenVPN\config folder. Clicking OpenVPN GUI and then clicking the OpenVPN icon in the Windows tray bar will establish the connection with the VPN server installed on your Synology NAS.
After a successful connection, typing tracert www.google.it at the command prompt, you will notice how the first hop corresponds to the VPN server installed on the remote Synology NAS (generally, 10.8.0.1). The second hop will correspond to the router to which the NAS is connected (it will usually read 192.168.1.1 or 192.168.0.1); then, it will go online.
Even on macOS systems, you must first install an OpenVPN client. One can, for example, download and use Tunnelblick. The previously prepared VPNConfig.ovpn file must be manually copied into the Tunnelblick configuration folder.
We recommend downloading and installing this OpenVPN client from the Google Play Store and saving the VPNConfig.ovpn file on your Android smartphone or tablet. You will have to locate the VPN config using a file manager such as Solid Explorer ( Android file manager, which is the best at the moment ). ovpn configuration file stored in the mobile device, select it and then choose the Open with command.
On the next screen, select the Convert config file item. The configuration for the OpenVPN client will now be imported into the previously installed OpenVPN Android application. On the main screen of OpenVPN for Android, you will find the profile you just imported (it can be freely renamed).
By “tapping” this profile, the VPN connection with the remote OpenVPN server will be immediately established, it will be possible to access all the shared resources on the local network (for example, using Solid Explorer itself), and it will be possible to surf online using the office connection or at home.
Also Read: How To Choose The Best VPN For Your Task