SYNOLOGY VPN PLUS SERVER SETUP

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi I'm Willie welcome to my channel thank you for being here over the last week two weeks I've started getting more requests for VPN and remote access videos so I am going to show you how to use your Synology 20 RT 2600 AC or your m r 2200 AC as a VPN concentrator you if you have one of these devices you already have everything you need you may need more licenses but Synology makes those licenses super cheap $9.99 a piece you can have up to 20 concurrent connections on this so this is the one that we're gonna use we're gonna set everything up from from you know start to finish I want to thank you all for being here I wanted to get this video out if you do need consulting and assistance in doing this you can reach out down at we'll ehow.com fill out the contact form and and we'll be in touch we want to get this out once again thank you everybody for being here make sure you subscribe click like do all the follows and all that good stuff so let's not waste any more time let's get over to the computer and take a look alright so here we go we're gonna move kind of quick through this if you've watched my other Synology router videos you should have a good idea how the base set up on this is going to go I'll explain each step we will disable the Wi-Fi so by default we have our router the LAN port plugged into the internet and then we have this machine plugged into one of the LAN ports and we've got an IP address and so by default the box the Synology box is gonna hand out one ninety two dot one sixty eight dot one addresses and that's okay you can change that to match your network if you have to now what we're gonna do is we're gonna go through this we're gonna click the start button once an administrator account so we're gonna do all these things at once and of course everybody's read the EULA and it wants us to set up a Wi-Fi network and it actually won't let us get past that we're gonna disable it so we're just going to put in test here and your wpa2 you passphrase has to be a character so we'll do test test like I said we are gonna disable it anyway I'm gonna leave external access to the SRM disabled I don't want that open to the internet directly so I'm going to leave this the way it is other option here would be AP but we want it to be a router our internet connection is going to be DHCP or auto IP so we're gonna leave that the way it is we're going to click apply it says it's gonna take three minutes to reconfigure so we are going to let it do its thing and we will be right back alright so we could add Wi-Fi points which is really Synology x' wireless access point management system when you're doing mesh points we're not dealing with that now so we're just gonna click start managing now it's going to go ahead and log us in we already created our admin account we're gonna fly right through the intro here click OK now here's a vendor who actually asks us whether we want to be involved with the analytics for now I'm gonna click no thanks but if you want to send Synology those analytics feel free to do that and then here I'm gonna put don't show this again now I am running the latest version of SRM and you should make sure that you're always on the latest version of SRM as well so you can go into control panel in system and it's going to go out and is going to check and see if you are on the latest version so you can see here it says our SRM version is up to date the very first thing I want to do so I don't forget is I'm gonna go to this Wi-Fi connect and I'm actually going to disable the Wi-Fi and then I'll make sure that the guest network is disabled because I'm not using this for Wi-Fi am only using it for VPN so we're gonna go ahead and close that and the next thing I'm going to do is I'm going to change these SRM settings here and I'm going to automatically redirect HTTP to HTTPS and I'm going to enable HSTs and we're gonna click OK so it's gonna gonna enable HTTPS and then reload anything on port 8000 to automatically go over HTTP to port 8000 1 we always want to encrypt all the things that we can so you're going to be able to use a free dynamic DNS with this and also you're going to be able to leverage let's encrypt certificates and we're going to get to that in just a minute so it takes just a few seconds for the web server to restart you can see it's applying the network settings now and you can do all kinds of other things with this router you can turn it into a light Nazz it can have a 4G 5g dongle on it and can do failover it can do all kinds of things it's got probably the best parental control feature set of any router out there today is built into this Synology box I I think that that is absolutely amazing so as soon as this is done we are gonna get right into the swing of things didn't redirect us so we'll just take care of this for it and get some good ole certificate air here so we'll go ahead and we'll log back in so Wi-Fi is disabled web browser is doing HTTPS so we'll go back here now you can bind this to active directory and give active directory users to the VPN that you're gonna see a set up you can also do LDAP and you can also enforce two-step verification and I do recommend that you enable this when you're using the service if you're gonna have web-based services available or especially if you're gonna open SRM to the outside world make sure that you've got this enabled that administrators have to use this at a minimum so we should be okay here of course you can set up all of your notifications and all those things and you will have to set up email in order for two-factor authentication to work so you'll have to go through all of that alright so the next thing that we're going to do is we're gonna hop over to our Network Center and we're gonna go over to our internet tab we're gonna go over here to quick connect and ddns and I am going to use the Synology ddns and if you also want to manage this remotely and you're not going to expose the port the management port to the Internet you would want to use a Quick Connect here so you could configure that I'm just going to use this analogy and I'm just gonna call this w how lab I'm going to request a certificate I'm agreeing that's going to come up and is going to prompt me to log into my Synology account so I will do that and it's going to prompt me for 2fa which is fantastic you should always use 2fa when you are able to see if I can beat the buzzer here oh it's gonna be wrong it's gonna pop back maybe maybe not taking long enough so we probably got we probably got in right under the wire on that but there's a possibility that the cert will fail here it happens occasionally if it fails that's fine we'll go ahead and issue that manually it'll actually tell you that you need to issue it manually if that happens so we talked about in the intro to this video the licenses for this does enable concurrent can actions they are like $9.99 a piece can be purchased instantly right through the router oh look it's restarting the web server so it must have it must worked so let's try W how lab dot Synology me thousand one and there we go got the little padlock life is good right if we can remember usernames and passwords now thus analogy will work in all types of network configurations I have it running in networks that have multiple VLANs we've got it in very simple networks so it will work in a multitude of networks so just remember that so the next thing we're going to do is we're going to hop over here to package Center and of course we have read all the things and we are going to install the VPN plus server and I'm trying to think well that's installing if there's anything else we need to do if there's any other questions you've got you can always look at my other video just to see kind of get those answered so here it's going to confirm that we want to do the installation and we're gonna go ahead and apply this and it is going to install VPN + V p.m. plus is fantastic and they do give you one license for free like I said if you do buy licenses you get the licenses it's a one shot one kill $9.99 per license and you have it for the life of the device so it's it's a heck of a deal especially when you see everything that the VPN + ur v PM + server can actually do and we'll get into some of the some of the setup on that some of it you're gonna see is the same as the Synology nas but some of it is very specifically to this device and I keep telling my contacts over Synology that they need to take this Synology router manager put it in a 1u box alright so right now it says the following applications are blocked by the firewall we want to go ahead and open this because we're going to use all of these different VPNs so we'll say ok so I keep telling them they need to put this in a 1u box with an Intel Xeon 16 gigs of RAM put some inter VLAN routing on it and they would they would absolutely blow the doors off everybody else we're not gonna use safe access make sure your packages are up to date but we're not going to deal with this right now so I'm not gonna take the time to update that at the moment so now we've got our VPN plus server installed so let's open up VPN plus server and take a look around here so first of all you've got this very nice network traffic overview very very beautiful beautiful alright so before we come back to the Synology VPN let's take a look at the standard VPN so three of these you are actually familiar with if you use a Synology nas for your VPN and that would be the PPTP which i know vendors are supporting it but don't use it we don't don't I mean it's like if it's like the very last VPN thing that I had to use I suppose I would but it's got challenges and issues and has been deemed not secure so we don't use that but vendors are still supporting its Knology is not the only one there's a lot of vendors that still support it you got your l2tp IPSec you've got your Open VPN you've got SSTP and you can see if you're using sstp you have to use one of those licenses so you have the option to do this we've also got site to site VPN but we don't have any licenses for that is once again it's a very inexpensive license and you have it for the life of the device down here is where we give users access to the different types of VPNs now this is bound to Active Directory and LDAP you can use groups to you assign those permissions we can speed limit users we can block list IPS and then this gives us a summary of our permissions here is where we define network objects so if we add an object here you can see IP range and subnet and this comes into play when you start looking at permissions and split tunneling on VPNs here we've got connections so history online you also have a web VPN monitor so it has full monitoring and accountability here's your log file so a management log user log and of course log settings we've got our beautiful bar charts and pie charts that everybody loves here here's a summary of our license now if you're gonna buy more licenses this is where you can do it so you can actually click Add license now it's going to load into the into your Synology account so i'm gonna log in now I'm not gonna buy a license at the moment for this router it's gonna come up it's gonna say quantity 1 I can buy all the way to 19 for this because this box supports 20 concurrent sessions and it comes with one free one so I can do 19 so you can see if I max this box that's gonna cost me $189 and 81 cents you can also manually activate existing license keys so it looks like if this device dies I own this I can possibly transfer these to another router so that's fantastic but once you walk through this and you pay it is instantly activated so it's very slick alright so back to the Synology VPN now the SSL VPN loads right through a web browser and so we'll go ahead and we'll enable that now we can enable split tunneling and that split tunneling uses these objects so we would define networks that are inside of our I'll just and show you so we would and tell the VPN what objects that are available to us we're gonna send through the VPN everything else goes through the end-users internet traffic or to their local network so that's what split tunneling does it splits the traffic that's destined for the VPN versus destined for destined for going across into the VPN for the remote network so I'm going to disable that so we'll leave this going and you'll see by default it's going to use port 443 which is absolutely fine and then as soon as this applies we're going to move over here to the remote desktop and I'm going to show you this so we're going to enable this but you're you notice that it has a different port here and you can disallow duplicate logins you can allow users to save credentials and you'll notice that all of these though told us that we needed to have SSL certificates installed and we've already got that one here's the web VPN now it wants to use the port 443 as well and the web VPN does make you give a different URL and then here we would have to import a wildcard certificate or at least a certificate that also supports login W how lab dots analogy dot me so if you need web VPN this is something that you can absolutely take a look at and then you can build the portals here and then here you can specify your domain for your box so if you're using your own fqdn your own t yeah your own fqdn you could specify that here at least the route so we'll go ahead and we'll apply all these settings real quick oh and it gives us this morning if you set the same port for the SSL VPN and web VPN it may affect the general speed of the web VPN so no I don't want to continue on that so web VPN will make like four four four three we'll go ahead and apply that so we're now enabling the remote desktop and we are now also enabling the web VPN so once we get these enabled we'll take a look at at how it works and you know this when you actually have one of these and you're actually deploying it you can do it much quicker there's not you know there's not me they're talking to you so you can kind of concentrate on what you got going on so web web VPN portals we can add a portal so it's the portal name the portal address the allowed users show in default portals and you can also then create a customized portal alias to go right to this so what is that is like a reverse proxy so if you've got internal websites that you want and here I'll add one just for for kicks and giggles so this laptops the only thing that as is plugged in let's see portal address and then allowed users here you would select this I'm gonna allow my user and then we can also show it in everybody's default portal so we'll click OK on that and now you're gonna see portal address and just this general option allow users to connect to web resources via the address bar all users so you can get into some kind of custom you know things on this and so we've got all these things enabled so why don't we go ahead and log out of the admin interface and what we're gonna do then is we're just going to strip this off and we're going to connect directly to the router and you can see it is automatically redirected over to login dot W how lab dot Synology dot me I'm gonna go ahead and put my username and password in but if you've been paying attention you'll know that we forgot to do something pretty important and that was to give my user access to all of the things so we're gonna have to hop back over real quick let's see if we can just do this through another another tab so we'll copy this so we get logged in here oh it's because it's the wrong fqdn some of you were yelling at your screen and I appreciate that and this thing you know every time there's a release that comes out for this route or the customization and things like that just get better and better and better so we're gonna go to control panel we are gonna go to W how I'm sorry wrong spot for that we are going to go to VP m+ server and then we're gonna go to permissions and then under W how we're gonna give my user we'll just give my user access to everything it hurt me to click on that PPTP but we'll go back to that so now let's just see if I can refresh and if I get all the things just by refreshing so I did I'm gonna go ahead and log out of this and now for your users to install the web VPN so web BPM is gonna give you a couple different options you can see that portal redirection that I created is there and if there was something there I could launch that and it would do it automatically but you can see that this doesn't actually exist in inside I just added that as an example so then you could also put in other URLs so if you have an intranet or something like that that's inside users can connect to this and then just input that internal URL and click connect and it will connect to those inside services the SSL VPN they do have clients for Mac OS Linux Android and iOS and so it tells you that you need to download the client and then click here to add a security exception for Firefox so I'm going to download the client you do have to be an administrator to install this software but we're gonna download it and we're gonna run it I just want you to see what the install looks like so we're gonna say OK on that and we're gonna walk through this and here in a second we're probably gonna get that UAC prompt but you can you'll notice that this is much different than Open VPN you're not having to install the client put the certificate on there and things like that and I have been testing this and I guarantee you that this works so it's going to install the client and then it's gonna redirect us here in the web browser to actually connect to it it's got to be patient sometimes these installs take a little bit longer than then what you think they're going to but as long as the little green bar keeps moving we are making progress here's an interesting side note for you too I am now a Synology partner and I did verify with Synology that if you buy from Amazon you still get the full Synology warranty so that's good all right so our SSL VPN client setup is done so we're gonna click finish on that and then we're gonna add our security exception apparently we are it's doing something that hundred percent sure certificate was installed so we will proceed and so now if we go back to the SSL VPN we need to make up a pin code so we'll do 1 2 3 4 5 6 7 8 it's got to be at least 8 characters and we'll say ok and we can auto connect when we log into this we're not going to do that but we can reconnect from the VPN connection is lost and we can keep the ssl VPN connections alive even when we close the web browser I'm not gonna select that but we will go ahead and click connect and so now my machine is going to I don't know if we're gonna cause a big meltdown here but we are we are connected and you can see windows said hey there's a new there's a new network connection what do you want to do with this and I'm just gonna say no to that and let's let's open up a command prompt and let's see if it shows us an adapter I'm not sure if it does or not since it's all yep it does right here Ethernet adapter VPN so there it is 172 2101 53 so that was pretty stinkin easy so everything is done right through the web browser there once again your web VPN is gonna give you that reverse proxy into your network SSL VPN is going to give you client based VPN and then Remote Desktop what we've been doing is we've been walking users through this and so you obviously have to have remote desktop enabled or check this out so we can create this remote connection and we're just gonna call this you know Willy connection and you get a few choices with this right so you can do Microsoft Remote Desktop you can do Apple remote desktop or you can do custom so the apple remote desktop is actually VNC and of course here's Microsoft RDP but if you do custom what you can do is you can then put in the remote address and then depending on how you've got your VNC configured you know if it's not 5900 if it's 5901 or 5902 or whatever you can customize that which is pretty pretty slick now RDP we would put in either the fqdn or the IP address of fqdn or IP so just forget for grins ubi do you know like 55 or you know say that's our server I've been setting the quality to medium and then he you can set the resolution I never enable the audio but you could also do full-screen mode you click apply here and now the user has their you know has this configured what I don't know yet because we've we've really just started launching this is that if I can login as an admin and see everybody's Remote Desktop connections I'm not 100% sure on that but if you can't it's no big deal because it's so easy for the end user to do this all you have to do is tell them to give it a name and give them the remote address to set the quality to medium or you can use your remote control software remote into their machine and set this up so we've been deploying this a lot and I expect over the next few weeks to deploy quite a few more of these so if you've got any questions make sure you leave them down in the comments alright and that is it for the router setup so Knology VPN server plus you can see it's pretty powerful if you need help with that go to wil ehow.com file at that contact form you know thank you for being here if you need any assistance let us know all of our links are down below there are Amazon affiliate links to these devices down below if you need help reach out at wil ehow.com hit that like button subscribe follow on Twitter and Instagram all that good stuff everybody be healthy be safe and if you need help please reach out I'm Willie and as always I'll see you in the next video
Info
Channel: Willie Howe
Views: 28,455
Rating: 4.8613334 out of 5
Keywords: synology, synology vpn, synology vpn plus, synology reverse proxy, synology ssl vpn, synology openvpn, synology ipsec, synology router, synology rt2600ac, synology wifi, synology mesh, synology mr220ac, willie howe
Id: -EQUiZCaMl0
Channel Id: undefined
Length: 28min 24sec (1704 seconds)
Published: Sat Mar 21 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.