Ultimate Guide to Synology Remote Access: 5 Methods Explored

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
there are five main ways that you can access the Synology Nash remotely in this video we're going to look at those top five ways we're going to look at some pros cons and some best practices you can follow depending on which option you'd like to use before we get started I want to make clear that the requirements that you have generally determine which option is best so one option is not always best you will have to determine what your requirements are what exactly you're trying to do and then go from there and that's why we're going to look at each option here and we're going to determine what option makes the most sense based on exactly what you're trying to do so to get right into it the first option is the DNS the pros of ddns are faster transmission speeds customizable ports and in unique situations this might actually be your best option now it comes with cons and we have to talk about the cons before we talk about what scenario this might make sense some of the cons are it requires port forwarding and it's not particularly secure so if you can't port forward meaning you're not either your ISP doesn't allow it or you can't do it on your router you cannot use ddns if you want to access your Nash remotely not an option from a security perspective it's not the most secure mainly because you're specifying a port that you'll be port forwarding and if you use one of thousands of Port checkers online and you determine which ports are open on a specific Network you could theoretically get to the DSM login page assuming that you're actually port forwarding the DSM Port but you could theoretically get to the DSM login page just by knowing which ports are open on a specific Network that's why it's not necessarily secure so let's say you do want to use ddns here are some best practices that you can follow the first is that you should change the default ports so the default ports for Synology are five thousand and five thousand one for HTTP and https you should change those make it anything else it doesn't matter what you use you just have to make sure that it's something different than those default ports the second thing definitely enable two-factor Authentication very easy to set up something that you must do third thing consider exposing Individual Services as opposed to DSM so in Synology dsm7 there are login portals for various Services active backup for business audio station file station Synology Drive these are just some of the services I have installed on my Nas right now but you can expose various services and that specific login portal by specifying an individual unique port for that service and then port forwarding that service only that will allow you to access say Synology drive or Synology photos and not have to expose all of DSM you do not want to expose DSM if you don't have to now the fourth suggestion is the most important suggestion you should be using synology's firewall and this is where the use case for ddns can potentially make sense let's assume you want to expose your entire Nas to a friend of yours or a family member you don't necessarily need to set up anything else and you just want them to access your Nas remotely let's assume that they have an external IP address that is static meaning it doesn't change you can use synology's firewall to limit down the IP address that can access DSM on that specific port to that one IP address and that one IP address only now a lot of people would say that ddns is the least secure option that you can use but if you only allow that one IP address there's one IP address in the world that can access the nest is it still on secure probably not this is done in Enterprise environments everywhere you're limiting the scope down from the entire world to an individual IP address or a range of IP addresses and at that point the only people that can access it on that specific ddns host name and Port would be that range of IP addresses so if you're using ddns you have to use synology's firewall from a security perspective that is the best way that you can protect yourself using these best practices if you intend on using ddns now the next option which is very similar alerted zdns is a reverse proxy what a reverse proxy allows you to do is expose multiple services on an individual Port generally that Port is 443. that's its main Pro but there are other Pros as well almost all of the ddns pros in terms of Speed and Performance are the same however you have an added security benefit of requiring that the user knows the subdomain that you're using to access that service for example if a user knows what ddns your external IP address and the ports that you have open theoretically they can go to that external IP address as well as the port and access whatever service is exposed however with a reverse proxy they must know the exact subdomain that you're using or they're going to be brought to a generic page another potential benefit if you're using your own domain is that you can use cloudflare I'm not really going to get into it in this video but if you own your own domain and you are using a reverse proxy look into cloudflare and see if it makes sense for you now the cons of a reverse proxy are that you're still exposing your Nas to the outside world that is unfortunately a con but some best practices that you can follow is to limit the scope of who can access that service the same way you would using ddns and synology's firewall but the firewall is slightly different if you're using a reverse proxy mainly because you're generally exposing multiple services so let's say you're exposing Synology photos and Synology drive as an example using ddns you can limit the firewall down to the specific IP addresses that you want to access it because they have their own port if you're using reverse proxy they're both using the same port that's where it gets a little complicated because what you're doing if you limit the scope is you're basically saying that anyone on that specific port for this IP range can access that specific Port but that specific Port is exposing multiple services so the way you get around it is by using access lists with the reverse proxy so this isn't a reverse proxy video I do have tutorials for a lot of this that I'll leave in the description of the video but the idea is that you would then allow specific IP addresses based on the actual reverse proxy that you're using so if it's for Synology photos you'd have a different uh access list than you would for Synology Drive assuming the audience is different all right so that's ddns and a reverse proxy we're now going to get into Quick Connect Quick Connect is an interesting one because Quick Connect is by far and away the absolute easiest way that you can access a Synology Nas remotely by Far and Away however there are some downsides to it so from a prose perspective it's incredibly easy to use and you can pick the specific Synology services that you want to expose keep that in mind Synology Services if you're using like Plex for example you can't use Quick Connect to access Plex some of the cons of Quick Connect is that it can potentially be slow you're using a middleman in this case Synology to access your Nas the second way is that unlike ddns or a reverse proxy you can't really limit it down so the scope is the entire world and at that point it's going to stay as is now that's not to say that Synology Quick Connect is unsecure I'm not saying that but I'm saying that you cannot manage it you cannot determine who does or does not access your Nas keep that in mind with Synology Quick Connect so from a best practices perspective with Synology Quick Connect you really want to limit it down to the scope of what you're using it for so for example you can access DSM with quick connect if you really wanted to however if you really only want to access Synology drive or Synology photos limit it down to just that ensure that you are only using it to access the services that you actually want to access outside of your local network and quick connect is a great option and like I said the easiest option that you can use so the next two options are similar but different earlier in this video I said that there's a best way that everybody recommends and these next two options are the best way that everybody recommends so we're first going to look at a zero config VPN like tailscale I love tailscale it is incredibly easy to set up and it works very very well and if you've ever configured a VPN in the past and then you go and configure tell scale you will be blown away at the differences tailscale or really any zero configuration VPN is a great option for a lot of people the pros generally are that you don't have to have any port forwarding and you'll have a fully functional VPN from a security perspective it's more secure than ddns or reverse proxy and in a lot of cases people say it's more secure than something like Quick Connect because you're actually managing it now you're still utilizing tailscale to sit in between you and your devices meaning that if for whatever reason the telescale service was to go down you might not be able to access your devices that's a downside that's one of the cons another con is that for tell scale in specific there's a three user limit for the free tier so if you want anything more than three users you have to then purchase a higher plan and the biggest downside of vpns in general is that you have to connect to them before you can access your services so if you're at a friend's house and you want to access your device you have to connect to the VPN first that process is ultimately what makes it secure but it limits accessibility you have to remember that because if for whatever reason you have a friend or a family member that you want to expose a specific service to they have to be able to connect to the VPN in order to access that service so if you're looking to share a file with a user yes the most secure way is by VPN however they have to connect to it first it's more common with things like media servers so Plex for example if you wanted to share your Plex library with a family member a VPN could potentially be a problem because you have to connect to the VPN then you have to access Plex if you're using a fire stick or an Apple TV or whatever to access it you have to make sure on that specific device that you're connecting to the VPN first so you're trading in security for accessibility another thing that I want to point out is if you are using tailscale on a Synology Nas there are some limitations with the sm7 and permissions so in the description of the video I will leave a link to that page but you might have to implement a user script to allow specific permissions based on whatever you're trying to do something to keep in mind it does make the setup process slightly more confusing if you have to do that but for a lot of people you won't have to do that so that's telescope if you're interested in setting up a VPN but you don't want to have a complicated setup tailscale is an awesome option you honestly might not have to go any further in this video but if you want to look at self-hosted VPN options the two main ones that you'll consider are most likely wire guard and openvpn now these are fully functional vpns so you have to configure them in the case of wire guard you have to share the keys or openvpn you have to share the configuration file with whoever you want to be able to access that VPN the pros of it are that you'll have a fully functional VPN that you will manage there are no third-party requirements meaning that you won't have to rely on a service like tailscale that sits in the middle because you're connecting from point A to point B and from a performance perspective if you want to use a VPN a self-hosted VPN will be the best from a Pure Performance perspective but keep in mind I'm talking about a performance perspective in terms of vpns so if you're using wire guard for example and you compare it to tailscale which uses the wireguard protocol wire guard will be faster I'm not talking significantly faster but I am saying that it will be faster now the cons to it are that it can be a complicated setup and you have to be able to port forward if you can't port forward you cannot run your own VPN server another con which we listed with telescale is that you have to connect to the VPN before you can access the services so once again you're trading security for accessibility it's harder to access your services but it's more secure now we're not going to look at Best Practices but I want to point out there are tons of different devices that you can configure a VPN on so my personal favorite is on my router if you have a router that uses either wireguard or openvpn or both personally I would suggest configuring it there that doesn't mean that you have to if you have a Raspberry Pi and you you want to configure your openvpn or wireguard you can do it on that if you wanted to run it on your Nas you can run it on your Nas the point is there are tons of devices that you can run a VPN server on which option is best determines the requirements that you have the devices that you have available and what option you want to use I have tons of VPN articles on my website I'll leave a link to them in the description but from a pure accessing my Synology Nas remotely perspective a VPN is my favorite option by far and away but that doesn't mean that it's the best option for you now to get to the elephant in the room I know that there are probably a thousand other ways that you can access a Synology Nash remotely I get it but I think that these are the five most common ways that people will use or come across when they're trying to access their Nas remotely what you need to do in this specific case is determine how you can access the nas what the most secure way of doing it is and then go from there if you're trying to share a file with somebody as an example you're probably not going to want them to connect to a VPN to be able to access the file it's not going to make sense alternatively if you're sharing access with a family member it might make sense for them to access the uh the VPN first to be able to access the nas really depends so the main point I want to make before ending this video is you really shouldn't look online and think that one way is the best it's not always the best way you really need to look at your requirements and what you're trying to do and go from there like I said I have tons of different tutorials on this I will leave a bunch of links in the description of the video but mainly just go to my website search you'll probably find something along the lines of what you're looking to do so I'm hopeful that this video helped you guys out but if you have any questions leave them in the comments and I'll do my best to get back to you and if not thank you for watching I will see you next time
Info
Channel: WunderTech
Views: 19,842
Rating: undefined out of 5
Keywords: synology remote access, access a synology nas remotely, remotely access a synology nas
Id: fuVdM-4a3Kk
Channel Id: undefined
Length: 14min 43sec (883 seconds)
Published: Sat Aug 26 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.