How to use WireGuard VPN on QNAP NAS

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi today i'd like to cover off the wire guard vpn um protocol service um that's built into our qts5 operating system this is one of the new features that you get when you upgrade to qts5 um it will also be part of quts hero5 when that's released in a in a couple of weeks time as well um so wireguard is a fast and secure vpn tunnel option um it's a little bit different from um some other protocols that are out there we've got our own q belt one and one of the more popular ones would be openvpn um sort of comparing wireguard with with openvpn is generally wireguard will only add about four percent of extra data to the top um of the internet traffic compared to not using a vpn uh whereas openvpn can use up to about 20 depending on how everything's configured and wire guard being simple um i wouldn't say it's necessarily the simplest to set up but i'll go through that so you can do it yourself as well um but it's simple in the terms of how it's built in the back end so there's only about 4 000 lines of code making up wire guard whereas with openvpn i think it's higher than 70 000 lines so there's you know every line of code could potentially be a vulnerability down the line i mean i'm not saying openvpn is is not secure it is very secure it's proven um it's been around for a long time since may 2001 i think and wireguard's only been around since september 2019 but it's still a very good protocol initially designed just for linux but it's also now been opened up to every other platform and you can download the wireguard application on for just about every operating system and mobile device as well today i'll cover how to set up a server and the client side i'm going to do it on a mac but it's really the same in the windows application as well so what i'm going to do now is go straight to the nas so here's a tvs-h1288x this is running qts5 and i've got qvpn installed which is an app you can download from our app center for free if you open up qvpn you've got all the usual vpn server options but now we've also got wireguard added on the left so if i go into the wire guard option we can see i've got it enabled but i haven't really configured anything what you will see is you will see a blank server name a blank private key and a blank public key usually when you first come in here so if i was to sort of erase the private key that's there right now if you generate key pairs you click this button it's going to generate some text in there which will also change what's in the public key box as well so that's one of the first steps you've got to put a name in and you've got to set up the the private key so now that's all set um we've got the public key and you can copy that here there's a button we'll need to do that a bit later on as well um so down here it's wanting piers so peers are like your users these are different people that are going to be connecting i generally leave most of the things default you will have to pick a dns server we do have a quick wizard that lets you pick a dns server if you don't know what that is i've just set it to the same dns server that everything else on my network here users so here what i'm going to do first is i'm going to add appear so with the peer you can call it something that makes sense so in my case i'll just call it craig and so go down to the public key now you don't need this public key that's listed here you need a public key that's from the client that's connecting so if i pull in here the wireguard software so this is the mac version but it looks very similar on most other platforms as well a little different on the mobile devices there's an option down here to click the plus symbol and you can choose to import tunnels from a file or add empty tunnel we're going to need the add empty tunnel option so when you click that you get this box and it pre-fills out the interface section and the private key and at the top we've got a public key that we need to copy so what i'll do first of all is name it so i'm saying this is the tvs-h1288x because that's what i'm going to be connecting to and then i'm going to copy the public key that's written here so just right click on that click copy and i'm going to come down here to the add peer section and i'm going to paste in the public key that i had there is some extra advanced options if you want them to down there if you need them um so we've got those now one other thing i'm going to need to do is this allowed ips section i'm going to need that in a moment as well so what i need to do first of all is i need to fill out the rest of the wireguard file so i've got everything copied and pasted so what i'll do is i'll just paste that in over here so we've got that so this is the format the file wants so at the top we've got an address so the address is what we want to be set from down here so i'm going to copy this one okay we'll go back over there i'm going to paste that address in so that's now there the dns is 10101 which is what i have set on the server and now it wants the peer and it wants things like the public key so this public key is the public key that you need from over here so i'm just going to apply this piece so that they get added and now i'm going to click this copy button over here and i'm going to come back to the public key section here and i'm going to paste that in so this is the public key of the server that i'm connecting to so what's written there is now written there and the allowed ips i've just set it to all the zeros if you want to be specific about where the traffic's coming from you can set that in there as well um an endpoint endpoint is important because this is where your server is now in my example here i'm just connecting to it across the lan so i've got the lan ip address of my qnap so that matches what you're seeing in the address bar on the web browser and typically what you might put there is something like craig.myqnapcloud.com colon51820 if you do change the port over here on the listen port you do have to change it here now this port will need forwarding through a firewall so if you are setting this up for remote access into your network you will need to forward udp port 51820 or whatever that you set in this box um i've set the persistent keeper live to 10 which matches what i've set for the peer down there as well this is just if you're behind a firewall it just keeps the traffic alive so keep the connection alive rather than dropping so that's everything that i wanted to set so that's matching everything i haven't had to change the interface private key that was auto generated which generated this public key and so long as this public key is added to you appear it should work so long as everything else is set correct but you do need this public key typing on the pier because the server needs to know who you are as well so that's part of the authentication the public keys and private keys they all sort of coagulate together to become the security for the connection um so i'm going to save that option there so i'm going to say yes you can add vpn connections on my mac so that's now connected up uh sorry added to the list currently it says inactive because i've not activated i've not connected it and so everything looks like it's all set up right now so if i was to click activate over here that's really all i need to do everything is connected done set up it's it's connected we can see that i've now got a connection down here uh the last handshake was four seconds ago so this is now fully connected uh with the with the wire guard application here on my mac so i now have a vpn tunnel between my mac and the qnap and this would be the same whether you were remote the only thing that would be different on the remote is the end point would be a public address or a public dns name or an ip address if you're on a static ip address you can use dynamic dns addresses for that as well so that's how you would set up a wireguard vpn tunnel on a qnap nas we do have a help tutorial on our website as well if you just search qnap wireguard it's usually one of the first results that comes up and it gives you lots of different options on how to set it up so i'll do that for you now so if i type qnap at wire guard i can see it there so here how to configure wireguard vpn server in client settings and we've got options for enabling the server and how you do it on windows 10 mac os ios and android and there's different sections for all and as you go down if i go to the mac os section it shows exactly what i just showed you added an empty tunnel and we give you a clue here as to what you need to type in the configuration file and down here it just gives you a clue as to what goes under each heading and different sections that you're putting but you can usually just follow what i did in the video there obviously you have to input your information not the information that i put so do the copying and pasting from the public key that you create in your wire guard app uh when you're creating the connection as well as the public key from the wireguard server on the qnap itself and that needs to go across to the peers as well and of course you need to create the peers if anybody has any uh questions or needs any help setting up wireguard please do let us know in the comments section or you can email us at youtube underscore uk at qnap.com and i'll try to get back to you as quick as possible okay thanks a lot for watching bye [Music]

Info

Channel: QNAP UK

Views: 1,535

Rating: undefined out of 5

Keywords: NAS Server, NAS Drive, NAS Guide, What is RAID, best raid, iscsi lun, nas iscsi, nas volume, QNAP NAS, qnap nas snapshot, best qnap nas, qnap nas server, synology nas, qnap versus synology, wireguard vpn, wireguard, wireguard qnap, qnap wireguard setup, wireguard setup, wireguard server, wireguard server setup, wireguard docker

Id: LgzJU1vpPcc

Channel Id: undefined

Length: 9min 34sec (574 seconds)

Published: Tue Nov 16 2021