A VPN (Virtual Private Network) is a way for you to connect to a remote server (typically a server somewhere in the United States) via a secure connection. When you connect using a VPN, your Internet connection (WAN) becomes private, secure, and you can appear to be anywhere you want to be in the world. You can use a VPN to get past IDS (Intrusion Detection Systems) that might be monitoring your network traffic for illegal activity, or to simply provide a more private and secure way to access your data when you’re on the move. Since the security of your data is of paramount importance to us, let’s take a quick look at how you can set up a VPN in your Synology NAS.
Step 1: Install OpenVPN and generate keys
The first step in setting up a VPN is to install OpenVPN and generate keys. If you already have OpenVPN installed on your computer or mobile device, you can skip to step 2. Otherwise you can download and install OpenVPN from here:
- Google Play Store: (for Android); (for iOS): App Store
- Windows Store: (for Android); (for iOS): Windows App Store
- Mac App Store: (for Android); (for iOS): Mac App Store
- Amazon App Store: (for Android); (for iOS): Amazon App Store
- Chromebase: (for Android); (for iOS): Chromebase
- F-Droid: (for Android); (for iOS): F-Droid
After you’ve installed OpenVPN and run through the setup wizard, you can launch it and click on the “Options” button. This will open a configuration file editor where you can input your VPN Settings. For the purposes of this tutorial, we’ll use the PPKAC (Pretty Polite Key Agreement with the Chaebird’s key and certificate) certificate (you can grab this from the Google Play Store or Windows App Store), but you can use any certificate that the OpenVPN server will accept. In the Options dialog box, you’ll see a screen like this:
Step 2: Install the OpenVPN daemon on your Synology NAS
Now that you have OpenVPN installed, you can move on to configuring the daemon. For the purposes of this tutorial, we’ll use the OpenVPN GUI (Graphical User Interface) to administer our VPN, but you can use the command line if you prefer. So launch the OpenVPN GUI on your computer or mobile device and log in with your email and password. You’ll then be presented with a welcome page and a menu bar at the top of your screen. From here you can click on the “Services” tab at the top to see a list of all the VPN connections that OpenVPN has managed for you.
You can configure a few different settings for your VPN via the “Services” page. In the “Type” dropdown menu, you’ll see three options:
- IPsec– (Security)
By default, your VPN will use IPv6, but you can change this setting to use either IPv4 or IPv6. You don’t need to change this unless you’ve got an IPv6-enabled device or service that you want to connect to. Since we’re using a PPKAC certificate, it’s best that we connect using IPv4.
The “Method” dropdown menu lets you choose between the PPKAC or SHA256 certificate (if your certificate doesn’t support both, you’ll see this option greyed out). You can also decide whether or not to use a password for your VPN connection:
For the purposes of this tutorial, we’ll choose the “PPKAC” option and enter our email address and password when asked for them. The next page of the wizard will tell you that your VPN is now configured and you can connect to it.
Step 3: Test your VPN connection
Now that your VPN connection is configured, you can test it by connecting to another device or service that has OpenVPN installed. In the “Services” page of the OpenVPN GUI, click on the “+” icon to add a new server to the list and name it “My Server“.
You can also connect to the VPN from your mobile device via the apps available from the Google Play Store or App Store.
If all goes well, you’ll see a list of all the devices and services that OpenVPN knows about. You can click on the “VPN Status” tab to get more information about your connection. If everything is set up correctly, you should be able to connect to your VPN and access the Internet via a secured connection. You can also use the built-in SSH (Secure Shell) server that comes with your NAS to connect to your device securely. We’ll discuss this more in the next section.
Step 4: Configure your NAS for external access (via Wi-Fi)
To make your NAS available to remote devices, you’ll need to configure it for external access (via Wi-Fi). This can be a little tricky if you’re not used to doing this type of thing, but with a little bit of Googling you’ll be able to find helpful articles that guide you through the process. Before you do anything, it’s a good idea to make a backup of your NAS with everything intact, just in case something goes wrong. You can use the built-in disk backup tool that comes with your NAS to do this (found in the File menu).
To configure your NAS for external access, you’ll need to visit the Network Settings page of the Disk Manager application on your NAS. First, click on the “+” icon at the top of the page to add a new network connection. Then, enter a name for the connection (like “Remote Access” or “My Cloud“).
Next, you’ll need to specify the type of network connection that you have (WPA-EntireNetwork, WPA2-TKIP, or WPA2-AES). For the purposes of this tutorial, we’ll use WPA2-AES since that’s the most secure and compatible with every other device and service that we’ve tried so far. Once you’ve chosen the encryption type, you can click the “Wi-Fi Password” button to set a password for the connection. Then click on the “Save” button at the bottom of the page to set this up.
Now that your NAS is configured for external access (via Wi-Fi), you can use any device that’s connected to the Internet to access it. This includes your computer, mobile phone, or other tablets/computers that have Internet access. As long as your NAS is connected to the Internet, you can access its files and settings via a secured connection. If you’d like, you can also use a service like Private Internet Access to make your NAS’s Internet connection completely private and unobtrusive. Since this is a paid service, you’ll need to be a little more careful about which devices you connect to it from (especially if you connect from a public Wi-Fi hotspot), but it’s still the best option for those that want to remain undiscovered while surfing the Web. Or if you’re working from home, you can use a VPN to get past your ISP’s (Internet Service Provider) firewall and access your NAS remotely.