How to Twingate Remote Access to Synology (no port forwarding)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
all right how's it going y'all today twingate sponsored this tutorial onto how to set up twin gate honest analogy Nas this is actually really easy and essentially what it allows you to do is it allows you to have remote access to your Nas or more importantly any devices on the same network as your Nas without requiring port forwarding VPN setups or anything like that instead you do not have to open up any port which is great if you have something like starlink or any other isps who don't give you a public IP address they use what's called carrier grade Nat and so that means you can't do port forwarding which is required for remote access so instead you can use twingate twingate essentially allows you to only allow authenticated users from people you've actually authenticated into your network and so it's a lot lower risk than port forwarding because not anybody can go down the network they have to be fully authenticated using xero trust through the twingate server to even get access to these devices so it's in an extra layer of security on top of that and one of the really key advantages of this is it actually allows you to not only access your single Nas like something like tailscale has but it also allows you to access any device on your network that you give authorization to that means all the different devices on your network do not have to have their own twin gate instances instead you just need a single one for the network or multiple if you want redundancy for load balancing and things like that but you just need a single one and you can give access to every single one of these things which is one of its key features that makes it so much more usable so you you don't have to keep deploying on all these different devices instead you just deploy it once and then allow things through the UI all right so there are two pretty basic prerequisites for this first you need a Synology with Docker if you do not have a Synology that is able to run Docker containers you can go ahead and run it on something like a Raspberry Pi you can run the twin gate connector on a Raspberry Pi and I've got a link that they also sponsored on a tutorial on how to do that in the description below and so the other thing is we can do this completely on the free tier they've got it for up to five users and 10 remote networks so pretty much the vast majority of people unless you've got a lot of employees are going to be able to do all this just completely under the free tier and so just sign up for account I'll leave a link to the description below as well for how to sign that up and so this is going to pretty much assume that you've already created your account and you've set up your domain for it it's pretty straightforward you just click through all the steps and then it does it for you and then from there we're going to be setting this up all right so first off what are we going to be doing we're going to be installing twingate via Docker on our Synology Nas then we're going to be exposing different services like I've got a bunch of services running all on my network and we're going to be exposing them from the synologies connector into the twingate network and then once we expose these to twingate I will be able to remote into them from any devices that I set up or any users I create will also be able to and they will be able to directly connect to them just using the IP address or the DNS domain that's another really nice thing about this is it uses the exact same IP address if you're local or if you're remote which makes it really easy to set up and after we do this any remote users I set up will be able to connect to any of these services like the SMB server my get T server pretty much anything that I allow them access to they will be able to set up and connect to remotely all securely where only they can come through this pipe nobody else unless they are authenticated users will be able to come through this pipe which is really big advantage of a setup like this rather than just opening up ports on the internet even if you do have the ability to set up port forwarding because you can just ensure that everybody's authenticated before they even show up and try to see the service which means your service could be pretty insecure there could be a massive vulnerability in it but nobody's going to be able to even exploit that vulnerability because they can't even get to it alright so I'm just going to follow this guy that they've set up and I'll leave a link to this in the description below and pretty much the first thing we just have to do beforehand is install Docker on our Nas and that's pretty straightforward I'm just going to open up my Nas over here and go in the package Center and type docker and just install it all right so now that docker's installed we're just going to go ahead and open our up and just say yada yada yada don't need any help for this I know what I'm doing all right and so now we've installed Docker so that is pre-workers it number one and two done as we've already set up the nas two I'm assuming you've already set up your Synology here so now we pretty much just need to log into our twinge admin account and add a connector this is pretty much the different entry points in your network that twingate will use to send traffic from the twingate network into the Synology into your local network and that's how everything will be done so you can actually add multiple of these say you had like five different synologies on the network and you want to make sure if one of those goes down they all stay up everybody's still able to access you could install it on all those different synologies and they'd also be able to be used for load balancing which is awesome so then we're just going to go in and add a connector and it's pretty straightforward and so right here I deleted all my remote networks to start from zero so you should have a default remote network but I'm going to go ahead and create it and we're going to set it as an on-prem Network and we're going to call it home because it's my house Network Now by default it's basically gone through and created the network and it's also created two connectors if you are setting this up for a business I would highly recommend using at least two connectors that way if your Synology goes down or anything like that everybody still has access in and you can just get like a Raspberry Pi or something it deploys on a ton of different stuff or if they're just going to be remote into the Synology and the Synology goes down well it's not that big of a deal because well if the Synology is down they can't remote in Synology up to you and we're just going to take one of the default connectors that it's created and hit deploy and we're going to select docker now we're going to be generating these private access tokens and you want to keep the secret these will actually disappear after 15 minutes and I'm going to be generating and showing them on this video but then after this I'm going to be regenerating them so nobody's able to just basically fake this and grab my own but keep these private and so we're just going to select generate tokens and we're going to have to re-authenticate and so just authenticate however you did there mine sped through because I don't want you to see how I authenticate and where all my email addresses are and so now we've authenticated and now we can see we've got these two access tokens all right and so now we've got these tokens and so the next step is going to be to install twingate on our Synology so I'm just going to go back over there go into the registry and just type twingate twingate connector it's this guy right here just double click on it to download and choose the latest tag and we can check the download progress right here and it's a very small 50 meg image and so it downloads quite quickly and so now once that's done we can go ahead and go in the container and create a new one we're going to use the twingate one that we just downloaded and we are going to want to use the bridge Network and we are going to have a container name if you'd like to keep it really simple you can actually just use this guy right here this name that it gave you automatically so twin gate Dash that so that way if you're ever confused by which one's which you can do that we're going to want to enable auto restart and some advanced settings right here all we really need to do here is update three environmental variables over here and they are all listed in this tutorial right down here it is refresh token access token and tenant URL so we can pretty easily go through and do that and we're just going to copy these guys right here so tenant URL add access token copy add and finally refresh token so we just copy those variable names they are updating this will be a little bit easier but those are the three things you need to type in and add and then the way you get them is you go over to your twin gate thing and you can see your access token is this first one we're going to copy it and we're just going to paste it into the access token then go into your refresh token copy it paste it into your refresh token and finally your tenant URL is going to be https yourname.twingate.com and just copy that entire thing and paste it in there so those are the three environmental variables you need to add and then after that we are done so all you need to do is add these three environmental variables as well as the enable auto restart you almost certainly won't Auto restart enabled that way you never have to worry about it going down and now we just hit next we don't need to add any ports or any files and so we just click through and hit done and just like that it's up and so now if we go back to our page with the setup we should scroll the top and see that the connector and the relay are both already connected so that means you're completely done it is now on the network and we can start editing in resources right here you can see our connector is all good then if we need to add another connector we could do that here on like a Raspberry Pi or another Synology or pretty much any other box you've got there you can probably figure out how to get twin git installed on there they've got a ton of them so now let's start being able to connect to things we're going to add some resources so the first thing I want to be able to do is connect to that Synology locally We'll add that in there and we're going to have the option to either use the DNS name or the actual IP address for the simplest setup where you don't have a DNS server and not everything's resolved we're going to go ahead and use the IP address but it's totally up to you it's very powerful if you want to be able to do that kind of stuff and then we're going to go in and we're just going to copy this IP address that it's got and use that so it's 10.30.0.106 and now we've got some options right here for what kind of protocol we want to allow you could say okay I only want access to these certain ports or you could allow your users access to the entire thing it's really up to you you can really set this up as much as you like and then if it is a website you can also include this browser shortcut that they just click open in browser and it'll automatically open it there up to you so we'll just add that in right here as pretty much allowing our users to access everything so that way if they run New Ports or anything like that they'll be able to handle it and now you get to say who's got access everything I've only got one user myself so I'm just going to allow everyone but if you had more users you would type them in here and allow specific people to them and now I'm going to add it to my get T server as well and for this one I'm only going to allow access to the TCP Port 3000 that way they can only use that or also 22 because I do want to also allow people to be able to ssh in and so just like that we should be pretty much good you can see right here we are connected and so that means we should be able to have remote users get access to this now to test it I'm going to go ahead and take out my phone and get off the Wi-Fi so that way I'm acting as a remote Network all right so now from my phone I'm going to swipe down disconnect from Wi-Fi and I'm going to go ahead and open up the twingate app and I'm going to sign in and so you can see it's already got me on the twingate VPN and now I can start connecting these services so I'm just going to click on this guy and copy the address and go to it on my web browser so now I'm just going to open a new tab type 10.30.2.22 Port 3000 and boom I'm connected right into the get T server and so that way I'm able to connect that and I can also connect to the nas with 10.30.0 DOT one zero six just like that I was able to connect into everything when I'm off the network if I go ahead and remove myself off the network I'm going to disconnect you'll see when I try to refresh nothing happens because those addresses are private addresses they don't route on the internet so the only way to connect to these Services because I'm not exposed to any of these ports to the internet is to actually use 28 which is a really nice thing it's essentially an entire extra layer of security you're just adding on on top of what authentication and everything else you've already got which is one of the really nice Parts about it all right and really that's all there is to it we now have the ability to access any of these devices and you can just keep adding additional resources for anything else you'd like to have people be able to contact and hit on your local network if we just add in more connectors we not only get more fault tolerance but also more overall throughput if one of our servers is kind of slow and we've got a ton of users hitting it because it will automatically have some load balancing on there and so it's just that easy you can also deploy an AWS or any other remote networks and just keep everything really easy all right well that's gonna be it for this tutorial go and leave any of the tutorials you'd like to see me check out in the comments Below have a good one bye [Music]
Info
Channel: SpaceRex
Views: 26,835
Rating: undefined out of 5
Keywords:
Id: 7ry8KsJ71tA
Channel Id: undefined
Length: 14min 20sec (860 seconds)
Published: Sat Jan 28 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.