Setup An L2TP/IPSec VPN Server On A Synology NAS

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video i'll be setting up an l2tp ipsec vpn running on a synology nas and thanks to viewer ab for suggesting that i create this video i'll start off by creating a user specifically for the l2tp ipsec vpn connection next i'll go through the steps to configure l2 tpip sec using the vpn server package available through the package center i'll then set up a ddns domain name and enable external access to the ports required to connect to the l2tp ipsec vpn using port forwarding finally i'll set up and connect to the l2tp ipsec vpn from both a windows 10 and mac os system note that i mistakenly ran through the setup process on virtual dsm 6 but you'll find that the setup is very similar to dsm 7 and feel free to leave a comment down below if you run into any problems with your setup let's start by creating an account that we'll use for the l2tp ipsec vpn connection here in dsm i'll open control panel then user i'll click create user to start up the user creation wizard and enter in a name and password for the user and that's all that's needed so i'll click through the rest of the wizard screens to finish up the setup next we'll need to add the vpn server package from the package center and launch the application either directly from within the package center or from the main menu this brings us to the overview screen where we can see the list of vpn servers that we can configure which includes l2tp ipsec i covered the items listed under manage vpn service in my openvpn video which i'll leave a link to in the description below the main items i'd like to point out are under general settings where you can grant vpn permission to newly added local users which i'll uncheck and auto block which i'd recommend you enable also under privilege i'd recommend only providing access where required so in this example i'm disabling all access except for l2tp ipsec access to the vpn account next under set up vpn server i'll select l2tp ibsec i'll check the box to enable the l2tp ipsec vpn server which allows me to adjust the remaining options i'll leave these settings as default but i'll run through them just in case you need to adjust them for your environment for dynamic ip address the main thing to look for is that the ip range that you choose does not conflict with the ip address ranges that you use on your lan change the default ip address range if it does maximum connection number limits the number of connections to the l2tp ipsec vpn server maximum connections of an account limits the number of connections for an individual account authentication i'll leave as ms chap version 2 which allows for encrypting clients passwords during authentication mtu or maximum transmission unit limits the data packet size transmitted over the vpn and the default of 1400 is a good starting point use manual dns allows you to set and push a specific dns server to the l2tp ipsec clients if left disabled clients will get the dns server assigned to the synology nas i'll keep run in kernel mode enabled to maximize the vpn performance we'll then need to enter in and confirm in ike authentication pre-shared key that each client needs in order to access the l2tp ipsec vpn server make sure to use a strong key using a combination of letters numbers and special characters enable sha-2 256 compatible mode 96-bit i'll leave unchecked i found that mac os clients work best with this option left disabled i'll click apply to save the settings and click ok on this message window regarding port forwarding and firewall settings next we'll set up ddns and port forwarding which i covered in my video on remotely accessing a synology nas running dsm-7 with ddns and port forwarding which i'll link to in the card above and in the description below for your reference for ddns the goal is to set up a domain name that remains consistent as the ip address assigned by your isp changes this is set up from control panel external access and ddns like my ddns and port forwarding video i'll be using synology as the ddns provider and enter in a host name i'd like to use i'll click ok then log in to my synology account for l2tp ipsec we don't need an ssl certificate to set up a vpn so i'll select no here for port forwarding my router doesn't support upnp so i needed to manually forward ports on the router itself here's a screenshot of the port forwarding rules for l2tp ipsec basically i needed to enable udp ports 1701 500 and 4500 on my router to forward to the corresponding ports on my synology nas we're now ready to configure our clients to connect to the l2tpsec vpn and i'll start off by setting up a windows 10 system i'll go to settings network and internet vpn and click on add a vpn connection this brings up the ada vpn connection window where under vpn provider i'll select windows built-in for connection name i'll enter in a meaningful name under server name or address i'll enter in the ddns hostname that was set up earlier vpn type is l2tpipsec with pre-shared key and i'll enter in the pre-shared key in the box provided type of sign in info will be user name and password which i'll enter into their respective boxes i'll keep the remember my sign-in info box checked and saved the vpn connection next because my synology nas and the l2tp ipsec vpn server is behind my firewall and is using nat i need to create a registry entry on my windows 10 system so i can establish a vpn connection i'll leave a link in the description below explaining this problem and the work around more thoroughly if you'd like to understand the steps that i'll be going through next i'll click in the windows search box type in reg edit hit enter and select yes on this window to bring up the windows registry editor now i'll navigate to hkey local machine system current control set services and policy agent once here i'll right click on policy agent and select new dword 32-bit value i'll name the new value assume udp encapsulation context on send rule next i'll right click on the entry and select modify in the value box i'll enter 2 make sure the base is hexadecimal and click ok now i'll close the registry editor and restart my windows 10 system to have the changes take effect i should now be able to connect to the l2tp ipsec vpn for my windows 10 system i'll first connect to my iphone personal hotspot to make sure i'm on an external network next i'll select the vpn profile that was set up earlier and click connect now i'm able to connect to my synology nas and log on to dsm which is only accessible on my lan through the vpn connection now let's set up a mac os system to connect to the l2tb ipsec vpn running on my synology nas i'll start by bringing up system preferences then network here i'll click on the plus icon to create a new connection from this window i'll select vpn for the interface for vpn type i'll select l2tp over ipsec for service name i'll enter in a descriptive name for the vpn connection and click create now with the vpn selected i'll enter in the server address which is the ddns hostname created earlier and for account name i'll enter in the username which was created earlier as well i'll bring up the authentication settings and enter in both the user's password in the password box and the pre-shared key in the shared secret box and click ok next i'll click on advanced and check the box to send all traffic over vpn connection and click ok finally i'll click apply to save the changes now i'll test the setup by first connecting to my iphone personal hotspot i'll then make sure to select the l2tb ipsec network configuration and click connect to establish the vpn connection now i'll be able to access my synology nas and log into dsm which is only accessible on my lan through the vpn connection once again i hope this video on setting up an l2 tp ipsec vpn running on a synology nas was helpful and if so make sure to give this video a thumbs up also let me know if you try this setup and how things work out for you in the comments below lastly if you like this type of content consider subscribing to this channel as well thanks so much for watching
Info
Channel: Digital Aloha
Views: 26,346
Rating: undefined out of 5
Keywords: l2tp, synology, synology nas, synology vpn, vpn, vpn server
Id: kZcmamw1360
Channel Id: undefined
Length: 10min 40sec (640 seconds)
Published: Tue Oct 05 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.