Create VPN Server on Synology NAS | 4K TUTORIAL

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right hello everybody this is going to be a tutorial on to how to use your Synology nas as a VPN server so if you're watching this video you've likely seen hundreds of ads by VPN companies telling you that if you are ever connecting to a Wi-Fi network you do not own you need to be using a VPN for the most part these are scare tactics and VPNs can only really help you in the event of a man-in-the-middle attack I'm not going to go into it in detail here but a man-in-the-middle attack is basically when you have somebody set up a fake Wi-Fi network and then use that network to basically take any data that you have going through the connection to combat that most if not all websites at this point have HTTPS encryption that's that little lock in the upper left-hand corner of your bar that says this is a secure connection which in a lot of ways does the exact same thing that a VPN does as the router cannot see anything other than the incoming IP address so you they'll know what website you went to but they could not tell what any pages you went to they would only be represented as encrypted jargon however if you would like to have a VPN you can use your Synology nas to host one from your own home and by hosting your own rather than paying a monthly service fee you can actually get a lot more features out of it as well so VPNs work by basically taking a tunnel connection that goes from wherever you are in the world and goes directly first to your home network using encryption to any computer you're using it will appear as though you were operating from within your own network you will get slightly slower times and it can take up a lot of CPU on a Synology but it allows you to operate within your own network from wherever you are in the world this can do things from allowing you to SSH into any machine on your network without exposing ports to the Internet to watching the Netflix available in your home country when you're traveling internationally another great way to do it is to use an arcing to actively backup portions of your Nass using a very cheap Raspberry Pi and a hard drive this allows for another step in securing your data something like a hardware RAID where you can lose one disk and still have all your data is good in the event of a mechanical failure but can't help you if your house burns down there's an earthquake a flood or even you get a ransomware attack so for really critical data I would recommend getting a cheap Raspberry Pi with a hard drive and hooking it up out of friend's house then using a VPN to connect back to your network then every night take those photos you cannot possibly lose or your medical records and run an arson command with them our sink is a great way of syncing two folders together while using very little data it basically only updates the differences so that way you're not transferring 300 gigabytes over the network every single night if you only made 10 gigabytes of changes it also can be set up so that it does not delete files on the client-side this means if you accidentally delete something on your Nass and need to recover it you can just go back to that raspberry pi hard drive and grab it off there because it was never deleted when you deleted it on your Nass I'm planning on doing the tutorial on how to do this in the future so subscribe to make sure you don't miss out on it so now on to the actual tutorial part first we're going to go into DSM and we're going to download a package called VPN surfer so go to package Center and just search V P N and it's right here VPN server and we'll go go to go ahead and install it all right so now that it's installed we're going to go ahead and open it so it's a very simple app the first page shows you the status of the different VPNs UNC who's connected logs settings and the privileges which users are allowed to connect to the VPN and then down here we've got a set of a VPN server and there are three different types listed if you don't know a lot I would recommend just choosing l2p slash IPSec this is the one with the most compatibility with the least setup required all you need is your username and your password so we're going to go ahead and enable that so it's going to ask us to specify the dynamic IP address the DNS server these are going to be the IP addresses your Synology uses when it's acting as a router so for me my primary router has the subnet 192.168.1.1 so I'm going to keep that the same except I'm gonna do 192.168.20.10 or 10 because those are IP addresses that are never assigned and so you can guarantee that those are going to be unused the only thing that could be using them are stuff behind your routers firewall and then I would also make sure not to have it identical to your router subnet because you don't want them both assigning the same IP address to something the next choice we have is the Mac maximum connections so you can set this to anything you would like however there is a catch anytime that somebody is connected to this all the traffic is going to be going through your home network and is going to have to be encrypted and decrypted by your Synology nas that can put a lot of CPU strain so you might not want to connect a ton of devices together especially if they're going to be passing a lot of data at the same time so then we're going to want to make sure the authentication stays as Ms chap otherwise your passwords are not encrypted and decrypted when you're connecting and so it's a really easy way for somebody to break into your network then this is the maximum transmission unit I would just leave that as default unless you have a very specific router setup and finally the important part is the authentication key this is going to be what you use to get back to your Synology I would make sure that this is a very secure password if you have to have sha-2 compatibility you can enable this it does decrease the security of your passwords all right and so now it's instructed us to open up specific ports on a router these are going to be the port so that the VPN uses to connect back this analogy is made port using incredibly easy so we're just going to go into control panel external access router configuration and setup or router it's going to automatically detect what router we're using and for the vast majority of routers it will automatically be able to open up these ports for us so now Arsenal Geno's our router and so we're going to create some additional connections so what we need to do is we need to use the VPN server addresses and they're listed out here we're going to go ahead and open up the ports so that we can connect via VPN alright so now it's just going through and opening up those ports on a router and we can see all them passed the test and so now just like that we should be able to connect back to our home network using our Synology as a VPN surfer so now let's go ahead and on our Mac I'm going to go ahead and connect to us so simply go into settings network and create a new one and we're going to go ahead and create a new VPN under the type we're going to do l2tp because that's what we set it up and just hit create so now it's going to need our server address this is the IP address of our home network most people do not have static IP addresses that means that whoever provides your internet access may randomly give you a different IP address because a new one opens up or there's tons of reasons why they do I think personally they do it randomly every once in a while to force people to buy a static IP address who need it so knowledge has made this really easy to get around now because since your Synology always knows what its IP address is it allows us technology to act as a DNS server and Synology is even provided free domain names for this so we're going to go back into control panel and click external access and we're going to create a new didi and ass I've already got this set up but it's incredibly easy all you have to do is to click Add choose Synology hostname and username and you're good to go alright so now instead of having to type in our external IP address every time and not being able to connect to a VPN if our routers IP address changes we can always just use this hostname space R X technology mean no matter where we are in the world so now we're going to go ahead and just use that and we're going to connect connect using my own username and password and under authentication we there's two different authentications there's first your password and the Machine authentication and just go ahead and click connect and just like that we are connected I will say I did have one issue I forgot I had to disable run in kernel mode but once I clear that up everything works perfectly so right now the connection we have is acting as an extension of our network it's only going to be sending packets through the VPN if it's trying to connect to something that's in the external network well if we want to send all traffic through to get the security of knowing that there's no man in the middle attack possible we have to go into advanced and click send all traffic over VPN connection I will tell you this it can really slow down especially if you've got a lot of people connecting because now not only are you downloading everything but you're also uploading everyone's traffic so you've got ten megabytes down but only two megabytes up then anyone connecting to that VPN at best is only going to be able to share the two megabytes because they are being uploaded as well as downloaded at the same time but if this is something you do it's a really helpful thing to have and it's much more secure than exposing ports on your network all right well that's all I got for you thanks for watching bye

Info

Channel: SpaceRex

Views: 90,384

Rating: undefined out of 5

Keywords: VPN Server tutorial, VPN on Synology NAS, Synology Tutorial, Create a VPN, VPN Tutorial, 4K Tutorial

Id: 1aaqqw3eQac

Channel Id: undefined

Length: 12min 41sec (761 seconds)

Published: Sun Feb 16 2020