Webinar: Secure Access to Your Network via VPN Connections to the QNAP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

everyone uh thank you for waiting i'm cody i'm the marketing specialist here at qnap and i'm here with our product manager duval good morning everyone and today we're going to be going over our vpns and how they can be used and how you can set up a vpn on your qnap and so taking a look here at the agenda we'll start off briefly going over what a vpn is we'll then discuss how vpns are used and we'll go over accessing your nas with a vpn and we'll also discuss qnap's implementation of vpn service so what is a vpn vpn stands for virtual private network and what it does is it allows you to remotely access a network via a secure encrypted connection as if you were physically connected to the network even though you're accessing it from the outside vpns are used for a number of reasons for one it allows remote workers to access network connected devices in the office from home at times it may offer a more secure browsing experience if you happen to be using a public wi-fi connection for instance in an airport or coffee shop these public spaces could potentially be easy targets for hackers trying to access your computer or data and so connecting via a vpn would mean that your access to the internet will be going through the vpns network rather than the network located in that public space so vpns are they're also at times used to bypass local restrictions limiting access to certain websites or services and with a vpn you can make it appear as though you are wherever your vpn server is so you can make it look like you're in a different country different state wherever and it will appear that you are there even though you are wherever you are so when a vpn connection is established there is both a vpn server and a vpn client the vpn server hosts the vpn service and is on the network that will be remotely connected to while the vpn client is the device that is accessing the network from the outside often people will sign up for vpn service where they pay a subscription fee for access to that vpn server qnap's vpn service allows the qnap to be used as either a vpn server or it can also be used as vpn client meaning that you can set up the qnap as a vpn server so that devices can access the local network through an encrypted connection to the nas or the qnap can access the internet through a third-party vpn service one major application for setting up your qnap nas as a vpn server is more secure remote a more secure remote connection to the nas creating a direct connection to your nas from the outside world typically requires you to forward ports on your router allowing traffic in from the outside from outside of your network to access your nas and this method is much riskier from a cyber security standpoint connecting via the vpn connection means that the connection into your network will be encrypted and much more secure and qnap comes equipped with a built-in software called qvpn designed to deploy vpns on your nats uh qvpn supports wireguard pptp openvpn l2tp slash ipsec and qnap's q belt vpn protocol qvpn also supports popular third-party vpn platforms such as expressvpn nordvpn surfshark and astral and as mentioned in the previous slide in addition to various vpn protocols gnab also provides its own proprietary vpn protocol called q belt this protocol is designed to strengthen the security of the vpn connection and mitigate the risk of network traffic interception so wireguard is also supported wireguard is an open source vpn protocol that qnap now supports it provides a fast stable vpn connection implementing several crypto cryptography tools for secure vpn tunneling and we'll get into that more as this goes on and here you can see a comparison table of some of the various protocols that you that can be used with the qvpn server service giving us a comparison between speed ease of use and security among other things we can see wireguard is the fastest protocol and still maintains decent security cue belt is also designed for security as well as ease of use cubel also works well when building an sd-wan solution with qnap the most secure protocol is openvpn but may require a little more know-how setting it up and so with that i'm going to hand this over to default for our live demo all right good morning everyone hi my name is duval i'm the product manager here at qnap so um so as uh cody mentioned today we'll be looking at our uh our vpn server one second let me share my screen first all right so uh to set up a vpn server you have to first log into your nas and open app center and once you open up app center you have to look up an application called qvpn now qvpn is an application that allows you to either create a vpn server on your nas or you can join to another nasus or another vpn um server of your choice as well if you want to have your qnap join to another vpn service so right here you have the qvpn service uh just open the application and you will have the uh you have different options overview just gives you the ability to check how many users are connected right now to your vpn server what services you're using and what virtual switches you're using now um as i mentioned uh as cody mentioned that you have ability to create multiple vpn servers support qbell which is our own vpn service we have um pptp we also support l2tp ipsec openvpn wirecard is our new vpn server that we now support um which is a very lightweight secure vpn server um and the privilege just gives you the ability to check um you know add we uses your vpn online users will give the ability to see how many users are online connection log just gives you the ability to see how much uh who connected at what time and how much data they transfer vpn client is the ability to actually give you the ability to have your nas joined to another vpn service if you want to have your nas joined to another vpn server so if you have like side to side vpn we have a nasd site one and nas at site two and the nas one inside and as a site one is a vp is a vpn server you can join the nas at site two to the sites one vpn service anything that you transfer between those nasa's will be will be transferred with a secured vpn tunnel so you can do that as well or you can have you have your own vpn service then you want to hide your nas uh location you can also do that as well uh you can we support again we support rlq belt sorry pptp l2tp openvpn and wirecard now uh we also have our own uh landing page that you can actually look up to see what vpn services that we support and more um you know gives you more information about the vpn service but what i would like to now show you again would be are the uh the differences between the vpn services now as i mentioned we have our own we have our own qbelt which is kinaps vpn service we have we also support lttp openvpn and wireguard so what are differences between these two uh or what which one you want to use or which one um which one uh do you want to avoid right so let's uh let's look up some major differences so wireguard is again our new um vpn server that we support uh it's actually the fastest method to access data between when you're accessing via vpn okay so you have to understand when you set up a vpn service and when you join a vpn service your speed is effective because there is a there is something called overhead uh that that happens when you connect to a vpn service so let's see if you have a one gig networking uh one gig in a net service right when you join to a vpn you're not gonna get one gig you're actually gonna get a little bit less than one gig because there's an overhead that vpn service because it creates a secure vpn tunnel between your client and the qnap nas so uh the transmission speed is affected because uh every packet that has to be transferred between the client and the nas has to be secured and has more information because it's a vpn tunnel so usually there will be some overhead so with when you're using if you want to have the fastest connection and also not the most secure but actually very secure connection uh wire guard is the best method to use wire guard gives you the best transmission speed so we have actually speed test done um between different vpn services so if you can look up wire guide gives you the best speeds out of all the three available vpn services again with ftp and http ftp gives you the maximum speed when you're using vpn um compared to other protocols like http as well so you can use ftp if you want to get the fastest so why god also supports how why guard supports a private and public public key so that's why it's very secure i'm going to show you today we'll be looking at two different setups we're going to look at q belt and we're going to look at wire guard because that's our newer support um and also it supports psk if it says preset pre-shed key so you have to have a pre-shared key if you want to have connect if you want to connect between these two and so it also supports encryption and this is why it's it's also very secure now if you want if you want to have the most secure connection and then openvpn is the best method to connect because it does psk certification username and password and it also has its own uh encryption method which is openssl so it does give you the best secured connection and also has decent speeds as well uh so if you want to and also support it widely as well and the next method is uh cubel which unfortunately gives you the slower speed but it's more secured as well and it's also ease of use it's made it's very easy to set up that's gonna as i'm gonna show you um but also supports um use cases like qu van so we have we have our own sd-wan solution so that's where that's where you're gonna be using q q belt um also if you have multiple qnap devices if you're going to have if you want to join one kidnap nasty or another qnap nas q belt is recommended because uh it'll give you the best connection method also easiest connection method it's also very quick to set up a vpn as well and we do have we also use psk which is pretty shared key and also we support dtls and aes encryption so very encrypted connection a very secure connection as well and also has decent speeds as well so uh that's the most you can visit this particular page um to get more information on how or which connection method is best but let's go back to the setup so now if you want to set up a vpn connection you have to as i mentioned you have to download qvpn service uh that's a qvpn service 3 is our newest uh newest version and uh let's set up it let's go with cubel first so cubel to setup qbell you have to just click on cubel and enable that service um the vpn client pool um it was auto select by itself looking at your own connection method on the nas now because vpn service acts as a dhcp when you when a client connects it needs to provide an ip address to that client so they will create a it will create an ip connection or ip pool that will you that will that the qnap will use to assign ip addresses so keep it what it is by default you also have the service port which is what you need to forward if you want to have if you want to if you have to actually open them and open up a port on the router for any vpn service to be used so for qbelt it only requires one port which is uh what we have given here or you can change it to something else by default is 450 i usually recommend something other than 450 like 460 470 depending upon that pre-shared key is what you just create a preset key recommended to have a secure pre-shared key you can enter um you can like having a long pre-shot key with numbers and letters and capital letters lower cases uh helps as well and how many can how many clients do you want to have maximum connected to the q belt you can actually by default is five but you can actually have more than that and network interfaces so if you have uh multiple network interfaces like you have one g connection you have 10 g connection you can actually ask the cleanup to select um select either or you can actually have it auto detect which all all of them will be used or you can actually manually assign an ipa a a virtual switch now let me show you virtual switch that i have on my network so virtual switch allows you to create a virtual switch that you can app can use so on my interfaces i have uh i have portrait between one and two and i have another uh network connection available so i can use i can use my one and two port for my local connection i can for my vpn i can actually have a dedicated uh one gig connection just for vpn so everyone has fastest connection available and nobody in when the qnap nas is used in the office the vpn connection doesn't affect the performance of that particular connection so you can actually have because qnap provides you with multiple network ports on most of our nasa's you can actually have one of the network ports for your office connection and one of the network ports for your vpn connection to connect that you just create a new virtual switch like add a virtual switch um just go to basic mode you can select the new adapter that you have and then click on apply and once you have done that you can then select in the queue vpn you can then select the new virtual switch that you just created um and uh that will allow you to now use the adapter 3 only for vpn connection so that's how easy it is to create a new adapter uh for dns server you can select or you can create a you can go through a wizard you can select a public dns you can select the nas default dns so you can select your own manual dns i'm just going to keep it the public dns which is google's dns service 8.8.8.8. now for to join a q belt you have to download an application we we have applications for mac and windows as well as we have ios and android as well so for applications if you want to join your phone to the vpn you can actually use android and ios application called ubq vpn for the computer just click on this and it will download the application now i already have the application open um right here and you can see that um you can see this is the application that you want to use to join uh to join your to join this computer to the vpn so you can either if then if the computer is on the same network as the as the nas is you can click on discover and the qnap will discover the nas or you can just click on add manually to add manually you can uh first you have to select device type we have we because we support kuyu are we have our own router that also supports cubel uh you can also join q if you set up qvpn on the queue router then you select that but when you're doing it on the nas just select nas profile name you can just put in any profile name a home nas or office nas uh you have to select the username password for uh for the nas that you have that you're joining to you can click on remember now you can also set up ssl uh if you want to do ssl certification you can actually click on connect immediately after connection and then you have to enter the ip address or the you the the dns name so because it's a remote connection i'm going to select my remote ip uh myqnapcloud address because i'm connecting this from a remote connection so you can select that you can select the vpn connection which is q belt and under advanced you can select detect port automatically or you can uncheck that and you manually enter the port which is a 460 port that we entered and then click on save i already have this connection enabled i'm going to show you the edit network connection so this is my connection method and also pre-shed key will pop up so you can enter the pre-shot key that i have and then once you have done that click on click on connect and the qnet will now start connecting to the vpn so now the vpn is now connected so if i now try to access my nas from a local ip address you can see that i can access my nas on my home nas via the local ip address of that particular nas so i can actually access my nas and everything should be connected as well so you can click on open vpns now it should show you online user see the ques double pc which is my pc or my laptop right here and my in my office that disconnected right now you can also see under online users uh what connection what ip address the client is using how much data they are transferring through and what protocol they're using you know you can also disconnect that connection if you don't recognize that particular computer if i disconnected the vpn will be disconnected immediately so you can also do that on the connection log you should see that i just logged in and once i've disconnected it will show you the data transfer between them and now this laptop is actually you can think of this laptop as being on that same virtually being on the same network which is my home network even though i'm currently in my office i can actually access i can actually access my um my uh my nas via smb service so you can actually type the ip address of my nas and you can switch right here you can see right here i can access my uh all my folders as a via smb as well so all my folders that i'm trying to access it's actually access as if i'm i'm on the same network as even though i'm remotely accessing this i can just copy and paste something on my uh on my computer and you can see that this pd has been uh i can transfer file just by copying pasting instead of accessing when you do remote access via without the vpn you have to use only the browser-based access right because you have because you there's no smb protocols there's no ftp protocol you have to use uh the you have to use http you have to open a file station open up that file but when using a vpn connection you'll be as if on the same network as you're on the local as if the as if you're virtually on the same network right uh on the map you can see right here where the nas is and where the data has been transferred you can also see the live speed graph as well um you can also use the connection uh logs you can also do available apps so that's the q belt vpn connection so i'm just gonna stop this file transfer the next i'm gonna go you i'm gonna show you which is the most important one which is the wire guard vpn the wire guard is a newer protocol that we now support the protocol has been alive since 2019 i believe it's uh they introduced why i got a vpn uh service in 2019 it's um i believe is the most fastest vpn service available uh and gives you the bestest connection possible um uh fastest connection with the most secure connection as well so again to set up vpn first i'm gonna disable the q belt first ensuring that the vpn is not okay the q belt is now disabled so to set up wire guard you have again you have to go here on the q vpn and go to a wire guard service oh i'm uh you can no longer okay right here wireguard and then you can you can you have to enable the wiring vpn server um and then you have to download the application called wireguard on your computer let me show you the application real quick so this is the application i already added my nas for this particular demo so i'm gonna uh so i'm gonna i'm gonna show you how to add a new connection but i already added this so if you download this application for the first time this should be empty there should be nothing here to add so first of all you have to generate a new key i'm not going to generate a new key because i already have it and configured so but if you want to configure you have to generate a new key so new privacy and new public key will be will be displayed right here once you have that information download this particular application and click on add empty tunnel okay so when you add empty tunnel the only two information that you have right here will be interface and private key and also there'll be a public key first of all you can name you can name whatever you want for this particular connection i can just uh i can just name it as office connection office nas office uh sorry this is my um my home nas so i can put it as home now so you can name it as anything you wanted to and then just copy this public key okay now once you have done that you have to click on add peer and then you can just say um office pc so you have this is the pc you're going to add you'll be adding on on your nas so once you cop once you name it you can also you can name anything you wanted to but the public key you have to copy that public key that you copied from your computer onto this section right here under advanced settings you can enter a preset key an endpoint but that is optional i'm not going to enter that but what you need is allowed ip you need to copy this information and i'm going to show you where to add that so let's go back and first okay so right here once you have done that you have to enter or you have to add a few information now why wire guard is mostly a command based in uh interface so everything you are going to do is not click based it's mostly command-based you have for so first thing you have to add is address address and then just give a space equals to and space and then remember this allowed ip just copy this and paste it right here okay once you have done that next you need to enter is dns so dns again uh so let's apply this this is done right here so dns is again you can do the dns wizard or uh you can select your own dns service but i've done 8.8.8.8 so i'm just going to type that 8.8.8.8 so once you have done that um so that's the interface information now the next thing you're going to add is peer information here is where you're connecting to so this will be the nas's information so let's type here and then add public key space equals to now remember i told you this public key will pop up right here you have to just copy this and then just paste it right here next thing in the ad is allowed ips okay so this allowed ip again this allows you to add that pages if you don't have the whole network if you want to access the whole network you can just type 0.0.0 and then 0. so this will allow the whole ib address or all of the devices in your ip address or in your network to be accessed via this particular computer you can also this new once you do 0.0.0.0 a new pop-up will uh show up right here called block internal traffic or kill switch if you want if you want this particular computer to trans to use all the traffic through this vpn tunnel then you have to check this box but let's say you don't want all my internet traffic to go through this particular vpn let's see if you want to just brow you're just browsing like regular youtube videos or facebook and so you want to use all of that traffic through a regular network or your wi-fi local wi-fi then uncheck this box but if you want to have everything go through the vpn tunnel then you have to check this particular box i'm just going to uncheck to leave it as it is because i want to have all my regular traffic go through my regular internet and then all my vpn traffic will go through this vpn connection okay once you have done that you have to put endpoint endpoint is the nas's ip address so i can use my uh my qnap cloud this is where you're going to be using my qnap cloud information or your public ip address now because now also another thing to remember is the port that the y guy uses is 51820 you can change it right here or you can leave it as it is and now you have to open this particular port on your router only then this connection will work so so because you're going to be using another port other than 80 so i have to put 51820 so once you have done that that finishes that and then um the last thing you need to enter is persistent connection or persistent keep alive so persistent now this is the information that you're going to be entering from here which is the 10 which is 10 right here so just enter that once you have done all of that click on save and once you have done that you can now click on activate to join the vpn connection i've already done that so i'm using activate so once i click on activate the qnap will now this computer my client computer is now joined to the homeless vpn connection so you can see right here you can see how much data has been transferred uh what was the last handshake and what ipad does it's using now i can access all of my devices that i um on my home network that uh remotely so this is my office network but this computer will be virtually on the same network as if it's on even though i'm i'm in the office right now but this this my laptop is currently virtually in my home i can access any other devices on my network as well if i want to access my home router i can just put in my home router's ip address i can actually access that information as well if i have another device on my home again i can also transfer i can also access the nas or any file share server i i just have to put in the local ipad just for that file share and everything should be connected you can see right here i can access all my folders as if i'm as if i'm on the same network as of my home so i can just copy and paste uh any files i wanted to as well again very easy to use a very simple setup as well uh i can just stop this file transfer if i have another device let's say i have a home if i have if i have a windows computer at my home i want to remotely access it i can just put in a remote desktop connection so i can remote that i just have to put in my home home computers local ip address for metamode desktop and click on ok and you can see that it's connecting i can rdp into my local computer as well so everything connects there's no problem at all um this is and also most fastest connection method as well so very simple to use as well um and you can see right here how much data have been transferred how many uh what was last 10 check as well all of this information is all connected i once i delete this connection this computer will no longer be able to connect as well so you can actually have a very secure method if you if you no longer want any of your clients to be connected to your vpn you just delete delete them from the peer table and they won't be able to connect that as well and once i deactivate this everything will stop working and my computer will no longer virtually be connected to the same network so that is it for today's demo hopefully i was able to get you more information so uh that's the that's the introduction to qvpn and wireguard and qbell you guys have any further questions please feel free to type that in the questions box now we have a question right here um do you have a proxy vpn solution that can provide vpn access when you do not have a bridge modem or static ip address uh so you can uh for for proxy server we actually have our own proxy server application that you can actually use to create a proxy server on your nas so that that would be different than the vpn connection you can use proxy server application just go to apps and click on search for proxy server and you can use that as the processor if you want to have your nas to be a proxy server another question we have is when and where or when and where will the recording of this demo be available we usually post the recording within a day of the webinar and it will be posted on our youtube channel you will also receive and a follow-up email with the link for that particular recording so um but it will be on our youtube channel qnap college you can also you view the recording after the webinar can we can we have the another question we have is can we have the vpn map directly to our drive letter on a client when it connects partially at that will be for the windows side of it i haven't seen an application that does that uh but you can actually keep the drive um you can map the drive once the vpn is connected uh once the vpn is disconnected um the drive will obviously get disconnected as well um the only issue is you may get some errors here and there uh when it disconnects but there won't be any harm just leave that drive later and then once the vpn connection goes back alive you can just go back to my computer open up that drive letter and it should reconnect immediately so just keep it connected and that should be um that should be uh that that will be available so keep it connected on the uh keep the do not disconnect the uh do not right click and disconnect the map drive just keep leave it there and it will just it will no longer connect if the vpn is turned off another question is there a written documentation or to do the setups that were demonstrated yes we have on our so on our youtube channel we'll post all the links as well but uh yes just look up qnap q vpn and there's a guide on how to set up all of this as well um and we have a step-by-step guide a written guide with screenshots that will guide you through this connection method that we have on the nas side another question on the nasa can we force the vpn connection to only show one folder that we that we specify that is a good question unfortunately uh no because vpn um when when you connect the vpn it's just connect it's just another protocol so it will just show you everything that it possible that that is there on the website but what you can actually observe that all the photos that you have on the nas but what you can actually do is you can actually create a new user on your computer let's say for example you can create a new user called user user one and only provide him certain folders to be shared uh you can only give him access to folder one and two so when they access the qnap nas depending on the protocol if they're accessing the nas via file station they only see folder one and two if they're accessing the ftp they will only show they will only see portal one and two but if they if they try to access via samba which which i showed you in the demo they'll be able to see all the folders folder one two three four five six or whatever folders you have but they can only access for the one and two that you provide them access to so there is a way to control that just um but you can actually force them not to be able to access the folders that you don't want them to you just have to create a new a user on your nas and when they access the vpn just give them access to that same uh to that same folder that's it if a person opens a word document is it transferred to the client and then send back the document is safe so um okay that's a question for microsoft but as well as far as i know when you open up word document the word document is saved on the computer's ram and once they're done edit when they save the file it's actually saving directly on the qnap nas so um it just doesn't um it just doesn't uh so yeah it it so when you open the file directly from the nas it actually opens a part of the file on the computer on the client's computer but when you save it it goes back and saves it on the nas but if the if the connection disconnects the file is i think it's only read only and they cannot make any changes and the file on the under nas is just when when the last save was done so that that that's another comment perfect uh so thank you very much everyone for joining and hopefully you guys have a great day uh we'll have a we'll have a follow-up email with the recording of this video and uh we'll also have a future we'll we're gonna have another workshop at the end of this month and then we can have another webinar next month so stay tuned for that

Info

Channel: QNAP College

Views: 3,088

Rating: undefined out of 5

Keywords: VPN, VPNs, VPN Connection, VPN server, VPN client, QNAP, NAS, network attached storage, network-attached storage, VPN NAS, NAS VPN, NAS securtiy, NAS secure access

Id: Td9s1UNJfIU

Channel Id: undefined

Length: 36min 52sec (2212 seconds)

Published: Tue Sep 06 2022