Tailscale on a Synology NAS - Secure Remote Connection without Port Forwarding or Firewall Rules

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
foreign [Music] hello and welcome back and today I'm going to show you how to create a remarkably secure yet insanely user-friendly remote access portal between you and your Synology Nas using tail scale in today's video we're going to go through what Tau Scout is what are the Alternatives that is actually better than and of course show you how to do it so if you already know what Tau scale is there should be a Time bar stamp along the bottom you can skip ahead to so you can go straight through the installation process for your Synology Nas but for the rest of you let me explain I started using Tau Scout myself for my own private Nazis long before I used it here in the studio um around about July August of last year and although I hope to make a video about it I just got bombarded and frankly I just plain forgot and it wasn't until um earlier I think around about this month when I made this video 10 dumb questions about nasda aren't actually that dumb until David M here actually did highlight to me why am I not using Tails girl and I was saying I am I just haven't got around to it but he's right I should make a video about this it's a great little service so what we're going to be doing is going through it so the first thing first what is it well nice and simple if you've ever used TeamViewer it's quite a similar logic to that but far far more useful when you are trying to access your net as predominantly most users will access it in one of two ways they'll use things like Synology assistant to find the nas on the local area network and they'll patch in Via a local IEP that's within the network but the minute you step out that Network you join another Wi-Fi network you're in a coffee shop you're in another building you're just on another internet connection you're not on that same Network anymore um unless you're going to use vlans but that's a different subject for another day anyway you're on a different network you want to tap into the now so within you have to create a portal outside of that Network to get into the nas but of course we all know about ransomware and all the things that have happened in the last few years opening up doorways to your NAS from the outside is fraught with risk and one of the most common ways people do that is with port forwarding now when they go into their Nas device all too often they'll create the means to configure the network ports on their router and leave a nice opening that they know of they'll restricted as much as possible to enter into that Nas alternatively you can use synology's own quick connect and Technology account um that you create and then bounce off the technology server which is an encrypted pathway but performance will drop now where this differs when it comes to port forwarding when you start playing around with the settings on your system one it requires some technical Mouse but it also requires you to do a bit of configuration outside of the nas as well because you need to know the port you're opening you need to make sure it's not too broad that it's findable and at the same time make sure that the devices you're using your client devices be their phones tablets whatever have the facility to find or at least be configured towards that open port that you've created now with port forwarding as long as you're quite you know exact about what you're doing and not open up all the ports necessarily or you're using apps the least authenticate in the middle during that Port opening process there is relatively secured I believe you don't know what you're doing you can so easily open up ports that have no level of security or barrier or authentication multi-layered or not in between which means you might open up a port which has no lock on the door now you can use vpns a VPN such as using synology's own VPN server software VPN server allows you to turn the nas into a doorway that is secured with randomized elements to it but ultimately this will allow you to create a specialized constantly changing doorway which a lot of businesses use so they can register into a server or a database and not have their identity traced or if they use it in different locations or on a public Wi-Fi connection action or anything like that or that the connection is intercepted in the middle that it's useless but of course once you use a VPN much like using synology's own Quick Connect service it will drop that performance indeed any external access will always drop in performance part the way down to uh matters like the authentication and the encryption in the middle and the DPAC repack but also because of things like distance now where does tail scale fit into all of this well nice and simple much again like TeamViewer unlike everyone coming in VIA that single point Tau scal binds devices so you create your tailscout account which again can be done for free but if you're going to use it for business with lots of devices you are going to have to pay I think it's like 5 10 knicker a month we'll look at that later and what you do is you assign your devices an identity within taoscale and then from there you can bind those devices to be able to communicate and create a port um a tunnel a portal if you will between those devices that is encrypted that is as safe as the other methods we've mentioned and again there are pros and cons throughout and ultimately you can create a mid Network and all of these mid networks here do not require you to do port forwarding they do not require you to knock around with your firewall and be very precise what happens is you are bouncing off a Tau scale in the middle not dissimilar to what you saw in the Synology access point there but instead of it being just so long as United or if you're using TeamViewer and it's only TeamViewer machines Tau scalp has an incredibly broad range of supported devices and that's why it's important because when you're utilizing it and like an if you're using a VPN where the VPN is still passing through the router point or if you're going to use the nas as a VPN router in the Middle with um Trail scale all these devices can be binded in many many different ways from within that Central account and at any time you can just disconnect them if you choose or make sure that one device can contact many where some other devices have got very limited scope and it's all done via a single overview and that's really it for Tau spell now the good other good thing is Synology fair play to them have included Tau Scout on their range of supported applications it is a third-party app and you have to go down past all the first party applications there to the bottom but you will find tail scale it's right down there next to TeamViewer and again it's one click install once you've installed it it will open in a new tab because the other thing you're going to need is client applications or the individual devices that you're going to connect so that's enough about what Tau Scout is for those of you from at the beginning the video let's go into how how to set one up and what it looks like so when you've installed Tau scale on your Synology Nas go ahead and click open when you've clicked open a new tab will appear inviting you to create a time a tail scale account this is going to be the central account that will allow you to oversee all of the devices and one that you're going to buy into that Synology nouns too now there's many ways to sign in I'm going to go ahead and use our disposable Nas Compares account there so we're going to go ahead there dump it in and then as you can see we've got the identity for the device and we're now binding that device to this account here so it's authenticated and there you go and shortly it will redirect us to the Tau Scout Administration there where upon it will show that Synology Nas has been connected there so now we've authenticated and we've added that technology to this Tau Scout account so the next thing you're going to need to do is select a Tau scale download for your appropriate device so in my case I'm going to be using a Windows laptop for this I could have used a phone or a multitude of other devices but for that what you need to do is go into the download section and then select the OS that you're going to be utilizing for your client Hardware so in my case it's going to be windows I go ahead I click download and it will go into my downloads area there I've already downloaded it in advance though so next we'll make a way in and we'll start installing Tau scale might go black there for you guys on screen so when it's installing it's a very straightforward installation there and of course afterwards it will invite you to go ahead and authenticate with that account information you created earlier on click install it's a very straightforward installation there and again this will be very similar to those of you that are going to be using matte and of course there is the mobile version as well which allows you to add even more devices but at that point you want to think about maybe if you're using too many devices you may have to go for the paid subscription but for now we click close And on the bottom right of the screen you can head down and you will find the Tau Scout icon there in the bottom right of the screen right click and click login from there a new tab will open shortly which will allow you to start the install the setup and The Binding of your client machine and your Tau scale account it pops up there on screen and as you can see now the PC has been added to that Tau scale list of devices we click connect and now it will show us two devices that are binded together on our Tau scale account once again give it a few moment while it updates the registry of devices on your account and returns to our console listing now as you can see we've now got both the Nas and a desktop PC so the next thing we're going to do is log in Via a different connection so as you can see here is my Wi-Fi connection and I am connected to the nas on the local area network there as you can see there on the Synology assistant so to show this is working the next thing we're going to do is disconnect from that connection we're now going to create a secondary internet connection you utilizing a Wi-Fi hotspot here on my mobile in just a moment when that loads up we'll use this Wi-Fi hotspot to connect this laptop to the internet and now we're going to use tailscale to log right back into that Nas so while it does that there in the background we're going to put my phone up there lovely and high and as you can see we're now slowly connecting and now we're connected to that internet connection there that connection appears to still be connected to the office Wi-Fi so we'll disconnect that there well it tries to log straight in and shoot sooner enough what we'll be able to do is if we try and refresh that it will time out if we go back into the Synology assistant tool and search the local area network for that Nas you'll see that it's not able to find that Synology nurse at all it's trying but it's failing but meanwhile on my machines tab over here what I'm able to do is take the identity and we'll refresh that page just to be on the safe side and then from that refresh it will show our list of devices and then what we can do is go ahead copy that identity there on that Network identity we log it in there and boom we can now log into on as remotely now it's worth highlighting while we're going in here and we're now able to access this now's via tailscale that we still need to take extra precautions whether you're going to be using a VPN still it's up to you that will affect performance ever so slightly the second thing to bear in mind is you may have noticed we're still running on an insecure connection so it never hurts to upgrade a lot of those connections despite everything we've done thus far by adding things like a let's encrypt SSL certificate or adding a further VPN from Synology zone list of ranges or increasing some of your security anyway because remember if someone gains access to this Tau Scout account although there will be levels of authentication you can use such as two-step authentication and more this this doesn't negate you from all the other things you should be doing to secure your Nas but once again as you go from this point you can go ahead and start installing Tau scale client applications on your mobile devices other laptops and more and allowing you to be able to tap into all of these devices without having to go through routers uh firewalls and going through a port forwarding there just make sure to still keep things secure still use two-step authentication still use certificates and still use all of the safe working practices of your own network attached storage device and if you're in any doubt always go ahead and use the security advisor on your Synology Nas to go ahead and scan your system for any potential vulnerabilities these can go from as little as weak passwords all the way up to other security prohibitive measures you may have done but this has been how to utilize ice tail scale on your Synology Nas why it's good what you can do with it and we will be looking at other Nas devices very soon do stay tuned for that thank you so much for watching I hope you found this video helpful other than this there should be guides Linked In the description as well as other setup guides for Synology in 2023 coming very very soon but apart from that thank you so much for watching and I'll see you next time
Info
Channel: NASCompares
Views: 25,150
Rating: undefined out of 5
Keywords: NAS Server, NAS Drive, NAS Guide, Synology Tailscale, synology tailscale setup guide, synology tailscale guide, synology nas, synology, synology 2023, synology 2024, synology nas 2023, tailscale on synology, what is tailscale, tailscale vs vpn, synology remote connection, synology internet access, connect to a synology with tailscale, tailscale nas, how to connct to a nas with tailscale, tailscale nas setup, synology tailscale, tailscale synology, tailscale setup guide
Id: EVHp1j2dcLA
Channel Id: undefined
Length: 13min 14sec (794 seconds)
Published: Wed Jan 25 2023
Related Videos
Synology vs QNAP NAS Debate - Which is Better for you?
NASCompares
15K
Ransomware Protection: The Complete Guide for Synology NAS
SpaceRex
33K
Ultimate Guide to Synology Remote Access: 5 Methods Explored
WunderTech
11K
is Quick Connect Secure for Synology?
SpaceRex
36K
A Homelabbers Networking Playground with Opnsense, Proxmox, VLANs and Tailscale
Tailscale
9.7K
Using Plex on a Personal VPN Like Tailscale
Lon.TV
7.2K
Setup Synology OpenVPN Server (easy, secure, remote access)
SpaceRex
48K
STOP using VPN, embrace Zero-Trust networking!
Christian Lempa
48K
7 Synology Apps YOU NEED TO USE in 2023
WunderTech
27K
How To VPN Without Port Forwarding Using Headscale & Tailscale - Complete Tutorial
Jim's Garage
8.3K
More Hard Drives or BIGGER Hard Drives - Which is Better?
NASCompares
68K
Split DNS Magic with Tailscale - Access remote services from anywhere!
KTZ Systems
22K
Bare Metal Backup! NEW Hyperbackup 4.1 performance improvements + my testing
SpaceRex
7.4K
How to Backup one Synology NAS to Another Synology for an Offsite backup using Tailscale
Quik Tech Solutions L.L.C
694
How to Fix SLOW SYNOLOGY - Remote Connections
SpaceRex
10K
Setting Up a 3-2-1 Backup for Synology NAS
SpaceRex
14K
I Built a NAS: One Year Later. EVERYTHING I Learned and the Mistakes
Jimmy Tries World
426K
The open source alternative to my sponsor - Jellyfin vs Plex
Linus Tech Tips
1.6M
How to Set up Firewall on Synology NAS (and why you probably do not need one)
SpaceRex
18K
Creating Firewall Rules To Secure Your Synology NAS
Lawrence Systems
50K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.