Excellent video as always! The added value is the way you are able to explain a relatively complex topic in a way that everyone can understand! Amazing job Frank!
client-cert-not-required option (gives an error) seems to be replaced by verify-client-cert none. But this also gives this message error: --verify-client-cert requires --mode server (openvpn client 2.6.10)
Hi Frank , I’m gonna try OpenVPN because of your video :) I already configured my port forwarding on my router. One of the best Synology by far RUclips channel.
Thank you very much for the kind words! Yeah, I prefer self-hosted (OpenVPN or WireGuard) as opposed to Tailscale, but it definitely has its place for a lot of people!
@@sylvainalain6637 I will if Synology ever updates the Kernel! Unfortuantely, WireGuard isn't supported out of the box on Synology devices because the kernel is too old, but hopefully it gets released at some point!
Top explanation. Thanks a lot. Client cert not required Phase was not explained by another RUclipsr. Are there any risks oder disadvantages to add this phrase?
Thanks! The risk is on the Synology side for not using it. Synology doesn't allow client certs so all that does is bypass the check. The reason it doesn't popup on other options (potentially) is because they use a cert, so yes, it's technically a problem, but no, the line isn't the problem - it's that Synology doesn't use it.
This video helped me a lot. Can I set 2 NAS openvpn at the same time at my home? Why the first openvpn of the first NAS did not work after setting the 2nd one with the same way? Is there any conflicts?
Technically, yes if you use a different port (and if you're using a separate NAS/vDSM instance). The only thing is, they'll do the same thing unless they're configured differently (separate VLAN, etc).
Great video! Very informative. One question. Why do you need a static IP address if you have configured DDNS? Isn't the whole point of DDNS automatically updating a dynamic IP address? I'm sure I'm missing something because your video says that DDNS is not necessary with a static IP address so I'm assuming the opposite is true as well. If you've configure DDNS you don't need a static IP address...
Thanks! DDNS is for your external IP address (that your ISP gives you), and we set the internal IP address. Setting the internal IP can be done on your router (preferred), or on the NAS itself using the method shown in the video. We need a static internal IP so we can port forward to the NAS (the OpenVPN port) without the IP address changing.
@@WunderTechTutorials Thanks for your help. The reply made perfect sense. When I rewatched the video it was very clear. However, now that everything is working my question is what do I do to actually see the my NAS once the vpn connection is established? How would I see File Station? Or Photos? What would I use on my phone? Would I have to go through the browser all the time?
@@ericturner5154 On the app itself (on your phone), you'll type in the local IP address of the NAS. If you were using QuickConnect or something different, you'd have to remove that and type in the local IP address. From there, you connect to the VPN when you're remote, and then you'll access the apps as if you are at home.
Thank you for your very professional video and accompanying site. Initially I only watched the video and I found the Firewall setting section was missing - but its mentioned on the site. I wasn't able to get a usable connection, by that I mean that the connection list on the Synology VPN Server shows the attempt from the correct clients IP address, but the connection isn't completed and instead of the user it shows "UNDEF". On the client side it shows "Wating for server reply" and it seems to be caused by a "TLS Error / TLS handshake failed". I can't find any more detailed log on the server side.
That's a weird error to receive as it sounds like the VPN server sees the connection. I am assuming you're using a username/password that is configured on the NAS?
Hello Frank. I’m glad I found your website and RUclips videos. They are very helpful as I am relatively new to Synology NAS. I am currently using QuickConnect for remote access (mainly for DS Drive, Photos, Video, and Files). Would you say that Open VPN would be a safer, more secured route? Thank you in advance.
Glad that they help! I would say that OpenVPN is safer, mainly because you're managing it as opposed to Synology, but that's not to say QuickConnect is unsafe. Just lower on the security scale - I know a lot of people who use QC for the simplicity and prefer it. You could always disable DSM for QC if you'd like, but ultimately, the decision is up to you.
Hi, I have setup OpenVPN, I am able to connect if on same network as NAS but not able to connect with mobile hotspot. I have two routers on my newer. Both are in series to extend coverage. Is it some causing any issue?
Great video!! question though for my growing setup. I have a 5g teltonika Router and a synology nas, what would be the most secure setup for external access to the nas. teltonika router > a Protectli Vault running pfsense and openvpn > then nas? or is that over kill and would still be secure with teltonika router > openvpn on nas? thanks
Thanks! That's probably overkill - as long as you're using OpenVPN/WireGuard on any device and the port forwarding/configuration is done properly, no need to add a second firewall in between. Only exception is if you actually want to do that.
@@WunderTechTutorials Thanks, i decided to go without the PFsense for now. however, after doing some troubleshooting to understand why this setup was never working for me, i've found out that the sim provider uses Carrier Grade NAT (CGNAT), which is why the port forwarding was never working for me. Ive just also found your video on tailscale, how does this compare security wise to openvpn?
currently I have no access to my nas locally having issues with quick connect being slow. do you need to use a local ip or can ddns and openvpn can be done remotely?
Hi, I tried both static ip and ddns reservation also ddns(test connection NORMAL) also export the file also edit the file to my ddns and other thing in the file that you require also port forwarding but it still wont work, showing connection timeout(connection failed to establish within givin time)
Thanks for guidance! My question: - Is it possible to share files in a simple way (as without the Open VPN) and preferable with my custom domain name? Or will there be a difference?
Thanks! The simplest way is by using QuickConnect. If you want to use your own custom domain though, you're going to have to set up a reverse proxy or DDNS (though I'd suggest a reverse proxy). Not the most straightforward unfortunately but it can be done.
The only way you can use OpenVPN is if you plan on giving the external user access to it. Though that generally doesn't work well, so it's really not designed for that.
Excellent video! I've followed every single step. However, I'm left confused. Whilst on the hotspot, I can't access my NAS via the static ip of the NAS. If I use the VPN's IP, I can but it is totally similar to QuickConnect whereby I have to FIRST download a file (i.e.: docx file) to view it or edit. Unless I'm getting it wrong, I thought that I would be able via the VPN to access my NAS as I was actually on my local network (whereby I do have a shortcut of my NAS on file explorer). Please can you help me to see where I'm getting it wrong?
Thanks! That is correct - you should be able to access it by the local IP. If you are using SMB, have you tried to access it by using the local IP on macOS or Windows?
hello, I am sure I put a comment either on this video or another, but can't seem to find it. I see on one of your written articles about having a line underneath the redirect line in the config file - if using iphone , it referenced that if the additional line of text (which I can't find atm) isn't under the redirect line , even if # is in front of the redirect line, then it would not be a split tunnel ... could you do a short video explaining that a bit more please? Also; I used Open VPN. Port forwarded on the router to the NAS (as in OpenVPN). however, I am completely confused about the firewall and what IP my phone would be using .. When I open the OpenVPN app on my phone it says 'private IP' (10.8.X.X) , but google says something else .... regarding the firewall, I'm not sure what IP I should allow ... furthermore, how would the firewall know if my phones' IP changes? I did set to 'allow' from my country but wondered if there is a better way?
The firewall rule would reference the local IP (10.8.X.X). The other is most likely the external IP address of the device you're using or the local IP on whatever server you're connected to.
hi firsts off all i most thank you for your effort secondly After following the instructions for ( adguard ) , I'm having trouble making another MacVlan Can you help me to make more than one on the same Docker for example i want to install pihole and adguard on the same container
You can only have one macvlan network interface per NIC. If you have multiple ports on your NAS, you can create a second with a different NIC, but you can't create two on an individual interface.
Hi, First off all, very good tutorial. Seems very simple. I have a Raspberry Pi with Wireguard to access my local network if I'm out and for some reason, I need to restart my network. Regarding the Synology, i have done port forwarding on my router to access the NAS, and for mobile apps (Photos, DS Audio, DS Video, DS File, DS Finder, Active Insight, and FolderSync Pro). Also, I created a user profile for my niece to be able to sync her photos from a iPhone to my NAS, using my DDNS, her account, and 2FA. So, if change it all to OpenVPN like you explained here, she would need to have it too, right? If so, it wouldn't work... 😆
Thanks! Yes, if you set it up, she would have to use it (assuming you remove the port forwarding). It's definitely the more secure option, but I understand not wanting to complicate it for her.
@@WunderTechTutorials Honestly, I never thought you would answer. Thanks for that! Yes, she is one of that person that you say "do this; it's simple" but she never does (exactly like my sister, her mother). 🤦🏼 Thanks again!
@@Kurt013 Anytime! One other thought is that if you have WireGuard set up and she's using an iPhone, you can configure it to use certain VPN profiles at certain times (it's all automated - that's how I have my wife's device set up otherwise it would never be connected either). You wouldn't have to route all traffic through the VPN tunnel - just the IP for the NAS, which would probably do exactly what you're looking for. No need to go crazy configuring OpenVPN.
Frank, this is excellent of course, but I have a question regarding the "typical' home ISP. My ISP uses CGNAT. Can you tell me if your approach to setting up the VPN can be made to work with CGNAT? Thanks. Gary
Thanks! Unfortunately, no, this will not work with CGNAT. Have you looked into Tailscale? That's my preferred option in situations like that. Here is a tutorial if you're interested: www.wundertech.net/how-to-set-up-tailscale-on-a-synology-nas/
Nice one, I personally like to have the TEP on the FW and from there reach to LAN. But having a dedicated server for VPN has it's own use cases. Could you maybe as well do a side by side comparison of OpenVPN vs Wireguard on Synology?
Agreed - one size doesn't fit all for everyone! Unfortunately, WireGuard isn't supported (officially) on a Synology NAS, but if it ever is - absolutely!
@@WunderTechTutorials Well natively sadly not, which I dont understand why they didn't yet include it. But you can always do it via a Container. Which is neat but on the other hand for newcommers Dockers/Containers maybe a bit of a scare.
@@MiFonito Have you gotten it working with a Container? I don't think I ever got it working because the Linux kernel isn't high enough on Synology devices for WireGuard to work (natively, or container). At least not without adding a custom configuration to the NAS...which I'd prefer not to do.
@@WunderTechTutorials Yea you are right, I did got it work on RPI and other linux distros using docker-compose. I didnt try it on Synology, kinda I had the same reason as you described. The moment I started to go into the rabbit hole on the Synology with this I decided to its kinda not worth it as there is OpenVPN and other possibilities to run Wireguard on other devices. Maybe if I have time I will revisit the topic of WG and Synology, kinda curious if there was any progress on this. Personally I would welcome native support on Synology for WG from Synology itself.
Great video! I successfully set things up and can access my NAS from my mobile (on cellular). But, for some reason, OpenVPN on my Mac fails to connect, says network is unavailable (using my mobile's hotspot). I can connect to it on my Mac while on my LAN, and I can keep that connection going if I switch to hotspot. But I cannot initiate a connection if I am already on hotspot or remote. Am I missing something?
@@WunderTechTutorials the Connect app has an error message "Network unavailable. Please try to connect later with active network." Logs on the Mac just has "EVENT: NETWORK_UNREACHABLE Network unreachable" Don't have any other VPN's active on this Mac to cause issues, either. On iPhone, still no issues, connects flawlessly.
@@darth_ry That's definitely weird because that makes it sound like it can't connect to the VPN server. Are you using the same server (DDNS/IP)? Full Tunnel or Split?
@@WunderTechTutorialsused the same config files, both Full tunnel and split tunnel. Tried the files on Windows too. Found a solution: used Tunnelblick on Mac instead. But clunky. But it works. I think there may be some issue with the Apple Silicon version of OpenVPN Connect
I don't believe that you can go back (you most likely have to reconfigure DDNS), but it's not super important unless you want the valid SSL cert renewing through DNS.
Dumb question. What is the benefit of using a VPN on the NAS? I have a NAS set up in two different states. Is there any benefit to utilizing VPN on them? We don't share anything really. They're set up mainly for Plex and TV antenna access. Thanks.
Great tutorial. I have this set up and connected. A question, when on my LAN on my Mac OS I connect to my NAS with smb:\\Terry_NAS_Network, which I set up. Is there a way I can do that when on OpenVPN (instead of using the IP address).
Thanks! If you set up the configuration file to use a DNS server and point it to the same DNS server that your local client devices are using, it should function the way you're looking for.
My Synology Open VPN for unknown reasons stopped working recently as it has been up and running for years. Now the Open VPN fails on router configuration. Please help?
I'm not sure what you mean by it failing on the router config, but is there a chance the certificate expired? I'd try and re-export a config file and start over.
AWESOME , may i ask u something . I have my NAS in my oficce and maped as network drive for example e: , so when i am connected in another notwork eg my home i cant acces to my maped drive. if i follow your tutorial , after i run the openvpn in my laptop and make a connection i will have access to the drive with letter e: again ? Ok i know that i can have one network drive maped with my local ip adress eg e: and also i can map the same drive with my external ip after the portforwared with another letter but i want to have always the same letter of the drive because i have some programms that needs a permant directory to load an ms access file
That is correct - as long as you're accessing it through the local IP, it'll connect. Don't do anything with port forwarding - this is a better option.
@@WunderTechTutorials i follow your guide , and it works like a charm . Thank u very much! may ask u smthing else , my certificate expires at 1/6/24 , it will be renew automatically or i have to renew it manually ?
@@WunderTechTutorials Got it working, it turned out my modem was a router as well, so I had two routers, one with the port forwarded and the other without it forwarded. I was able to forward the port to the secondary router and its working now. Thanks!
I believe the same thing happened to me, the connection time out for me occurred at the end after setting everything up and trying to connect to the NAS through the VPN on a separate network from the local network.
@@WunderTechTutorials Alright, I've check with my Internet Provider and they say my router has problem. So I change the router today and it's enable to connect with openvpn now
@@WunderTechTutorials But the download and upload speed is still slow.. Here's my testing result: - Quickconnect 300KB/s - External ip without VPN 300KB/s - External ip with Openvpn 150KB/s - TPlink DDNS 300 KB/s is there any way to make the download and upload speed faster when remote?
sorry ihave other questions Ad blockers violate RUclips's Terms of Service It looks like you may be using an ad blocker. Video playback is blocked unless RUclips is allowlisted or the ad blocker is disabled. Ads allow RUclips to be used by billions worldwide. You can go ad-free with RUclips Premium, and creators can still get paid from your subscription. this message popped up after use adguard and pihole
Excellent video as always! The added value is the way you are able to explain a relatively complex topic in a way that everyone can understand! Amazing job Frank!
Thanks Avi!
thank you so much for this! I thought I had to buy a vpn router just to vpn into my NAS but this saved me.
Thank you for putting this video together. It was easy to follow and simply explained. I now have the VPN on my phone, iPad, and laptop😊
You rock! Another tutorial didn’t mentioned the “client-cert-not-required” and therefore didn’t want to connect. Thanks mate!
client-cert-not-required option (gives an error) seems to be replaced by verify-client-cert none. But this also gives this message error: --verify-client-cert requires --mode server (openvpn client 2.6.10)
@@ludwigmarien9861 my vpn is working. I can watch my home television (belgium) from the US. When I disconnect vpn doesn’t work 👌👌
Hi Frank , I’m gonna try OpenVPN because of your video :) I already configured my port forwarding on my router. One of the best Synology by far RUclips channel.
I think OpenVPN and DDNS from Synology is a better setup then using Tailscale
Thank you very much for the kind words! Yeah, I prefer self-hosted (OpenVPN or WireGuard) as opposed to Tailscale, but it definitely has its place for a lot of people!
Any plan to release a video about Wireguard and Synology since you said that you don’t use anymore OpenVPN :) Look hard to make it work on Synology .
@@sylvainalain6637 I will if Synology ever updates the Kernel! Unfortuantely, WireGuard isn't supported out of the box on Synology devices because the kernel is too old, but hopefully it gets released at some point!
Thank you so much!
This is exactly what I was looking for to get explained in a normal understandable way to me.
Hope it helps! Thanks for watching!
Thanks a lot!!! It was useable for me!! It helped me so much!!!
Another incredibly explained video! Great job Frank!
Thanks for watching, Tony!
thank you so much
best youtube channel for synology
Thank you very much for the kind words!
with all the languages and slangs in the world : THANKS VERY MUCH ...👓
Top explanation. Thanks a lot.
Client cert not required Phase was not explained by another RUclipsr.
Are there any risks oder disadvantages to add this phrase?
Thanks! The risk is on the Synology side for not using it. Synology doesn't allow client certs so all that does is bypass the check. The reason it doesn't popup on other options (potentially) is because they use a cert, so yes, it's technically a problem, but no, the line isn't the problem - it's that Synology doesn't use it.
Nice video, and also have t osay, even I liked the old videos, the news ones are better, the nice setup in the background has a calming effect :-)
Thank you very much!
Superb... I'm totally impressed... Thank you.
Glad it helped!
This video helped me a lot. Can I set 2 NAS openvpn at the same time at my home? Why the first openvpn of the first NAS did not work after setting the 2nd one with the same way? Is there any conflicts?
Technically, yes if you use a different port (and if you're using a separate NAS/vDSM instance). The only thing is, they'll do the same thing unless they're configured differently (separate VLAN, etc).
Thank you sir!
Great video! Very informative. One question. Why do you need a static IP address if you have configured DDNS? Isn't the whole point of DDNS automatically updating a dynamic IP address? I'm sure I'm missing something because your video says that DDNS is not necessary with a static IP address so I'm assuming the opposite is true as well. If you've configure DDNS you don't need a static IP address...
Thanks! DDNS is for your external IP address (that your ISP gives you), and we set the internal IP address. Setting the internal IP can be done on your router (preferred), or on the NAS itself using the method shown in the video. We need a static internal IP so we can port forward to the NAS (the OpenVPN port) without the IP address changing.
@@WunderTechTutorials Thanks for your help. The reply made perfect sense. When I rewatched the video it was very clear. However, now that everything is working my question is what do I do to actually see the my NAS once the vpn connection is established? How would I see File Station? Or Photos? What would I use on my phone? Would I have to go through the browser all the time?
@@ericturner5154 On the app itself (on your phone), you'll type in the local IP address of the NAS. If you were using QuickConnect or something different, you'd have to remove that and type in the local IP address. From there, you connect to the VPN when you're remote, and then you'll access the apps as if you are at home.
Thank you for your very professional video and accompanying site. Initially I only watched the video and I found the Firewall setting section was missing - but its mentioned on the site. I wasn't able to get a usable connection, by that I mean that the connection list on the Synology VPN Server shows the attempt from the correct clients IP address, but the connection isn't completed and instead of the user it shows "UNDEF". On the client side it shows "Wating for server reply" and it seems to be caused by a "TLS Error / TLS handshake failed". I can't find any more detailed log on the server side.
That's a weird error to receive as it sounds like the VPN server sees the connection. I am assuming you're using a username/password that is configured on the NAS?
@@WunderTechTutorials I finally got it to work. Issue was the Primary DNS server.
Hello Frank. I’m glad I found your website and RUclips videos. They are very helpful as I am relatively new to Synology NAS. I am currently using QuickConnect for remote access (mainly for DS Drive, Photos, Video, and Files). Would you say that Open VPN would be a safer, more secured route? Thank you in advance.
Glad that they help! I would say that OpenVPN is safer, mainly because you're managing it as opposed to Synology, but that's not to say QuickConnect is unsafe. Just lower on the security scale - I know a lot of people who use QC for the simplicity and prefer it. You could always disable DSM for QC if you'd like, but ultimately, the decision is up to you.
Thanks!
Thank you so much!!
Hi, I have setup OpenVPN, I am able to connect if on same network as NAS but not able to connect with mobile hotspot. I have two routers on my newer. Both are in series to extend coverage. Is it some causing any issue?
Can you help with this question?
Port forward both your routers
Köszönjük!
Thank you so much!
Please mention CG NAT when explaining port forwarding. Most people will do everything right, but it will still not work because of the CG NAT.
Great video!! question though for my growing setup. I have a 5g teltonika Router and a synology nas, what would be the most secure setup for external access to the nas. teltonika router > a Protectli Vault running pfsense and openvpn > then nas? or is that over kill and would still be secure with teltonika router > openvpn on nas? thanks
Thanks! That's probably overkill - as long as you're using OpenVPN/WireGuard on any device and the port forwarding/configuration is done properly, no need to add a second firewall in between. Only exception is if you actually want to do that.
@@WunderTechTutorials Thanks, i decided to go without the PFsense for now. however, after doing some troubleshooting to understand why this setup was never working for me, i've found out that the sim provider uses Carrier Grade NAT (CGNAT), which is why the port forwarding was never working for me. Ive just also found your video on tailscale, how does this compare security wise to openvpn?
currently I have no access to my nas locally having issues with quick connect being slow. do you need to use a local ip or can ddns and openvpn can be done remotely?
Hi, I tried both static ip and ddns reservation
also ddns(test connection NORMAL)
also export the file
also edit the file to my ddns and other thing in the file that you require
also port forwarding
but it still wont work, showing connection timeout(connection failed to establish within givin time)
did u resolve it?
Thanks for guidance! My question:
- Is it possible to share files in a simple way (as without the Open VPN) and preferable with my custom domain name? Or will there be a difference?
Thanks! The simplest way is by using QuickConnect. If you want to use your own custom domain though, you're going to have to set up a reverse proxy or DDNS (though I'd suggest a reverse proxy). Not the most straightforward unfortunately but it can be done.
That's the way I have it configured now, custom domain name + reverse proxy + firewall. Can it be combined with Open VPN?@@WunderTechTutorials
The only way you can use OpenVPN is if you plan on giving the external user access to it. Though that generally doesn't work well, so it's really not designed for that.
Excellent video! I've followed every single step. However, I'm left confused. Whilst on the hotspot, I can't access my NAS via the static ip of the NAS. If I use the VPN's IP, I can but it is totally similar to QuickConnect whereby I have to FIRST download a file (i.e.: docx file) to view it or edit. Unless I'm getting it wrong, I thought that I would be able via the VPN to access my NAS as I was actually on my local network (whereby I do have a shortcut of my NAS on file explorer). Please can you help me to see where I'm getting it wrong?
Thanks! That is correct - you should be able to access it by the local IP. If you are using SMB, have you tried to access it by using the local IP on macOS or Windows?
hello, I am sure I put a comment either on this video or another, but can't seem to find it.
I see on one of your written articles about having a line underneath the redirect line in the config file - if using iphone , it referenced that if the additional line of text (which I can't find atm) isn't under the redirect line , even if # is in front of the redirect line, then it would not be a split tunnel ... could you do a short video explaining that a bit more please?
Also; I used Open VPN. Port forwarded on the router to the NAS (as in OpenVPN). however, I am completely confused about the firewall and what IP my phone would be using .. When I open the OpenVPN app on my phone it says 'private IP' (10.8.X.X) , but google says something else .... regarding the firewall, I'm not sure what IP I should allow ... furthermore, how would the firewall know if my phones' IP changes?
I did set to 'allow' from my country but wondered if there is a better way?
The firewall rule would reference the local IP (10.8.X.X). The other is most likely the external IP address of the device you're using or the local IP on whatever server you're connected to.
hi
firsts off all i most thank you for your effort
secondly After following the instructions for ( adguard ) , I'm having trouble making another MacVlan
Can you help me to make more than one on the same Docker
for example i want to install pihole and adguard on the same container
You can only have one macvlan network interface per NIC. If you have multiple ports on your NAS, you can create a second with a different NIC, but you can't create two on an individual interface.
thanks @@WunderTechTutorials
Hi,
First off all, very good tutorial. Seems very simple.
I have a Raspberry Pi with Wireguard to access my local network if I'm out and for some reason, I need to restart my network.
Regarding the Synology, i have done port forwarding on my router to access the NAS, and for mobile apps (Photos, DS Audio, DS Video, DS File, DS Finder, Active Insight, and FolderSync Pro).
Also, I created a user profile for my niece to be able to sync her photos from a iPhone to my NAS, using my DDNS, her account, and 2FA.
So, if change it all to OpenVPN like you explained here, she would need to have it too, right? If so, it wouldn't work... 😆
Thanks! Yes, if you set it up, she would have to use it (assuming you remove the port forwarding). It's definitely the more secure option, but I understand not wanting to complicate it for her.
@@WunderTechTutorials Honestly, I never thought you would answer. Thanks for that!
Yes, she is one of that person that you say "do this; it's simple" but she never does (exactly like my sister, her mother). 🤦🏼
Thanks again!
@@Kurt013 Anytime! One other thought is that if you have WireGuard set up and she's using an iPhone, you can configure it to use certain VPN profiles at certain times (it's all automated - that's how I have my wife's device set up otherwise it would never be connected either). You wouldn't have to route all traffic through the VPN tunnel - just the IP for the NAS, which would probably do exactly what you're looking for. No need to go crazy configuring OpenVPN.
FolderSync Pro why need if have all synology photo or synology drive?
Frank, this is excellent of course, but I have a question regarding the "typical' home ISP. My ISP uses CGNAT. Can you tell me if your approach to setting up the VPN can be made to work with CGNAT?
Thanks.
Gary
Thanks! Unfortunately, no, this will not work with CGNAT. Have you looked into Tailscale? That's my preferred option in situations like that. Here is a tutorial if you're interested: www.wundertech.net/how-to-set-up-tailscale-on-a-synology-nas/
I'll take a look at Tails ale. Thanks.
Would this method work with something like WD My cloud pr4100?
This is for Synology only.
@@WunderTechTutorials Thank you X~X XD
Nice one, I personally like to have the TEP on the FW and from there reach to LAN. But having a dedicated server for VPN has it's own use cases. Could you maybe as well do a side by side comparison of OpenVPN vs Wireguard on Synology?
Agreed - one size doesn't fit all for everyone! Unfortunately, WireGuard isn't supported (officially) on a Synology NAS, but if it ever is - absolutely!
@@WunderTechTutorials Well natively sadly not, which I dont understand why they didn't yet include it. But you can always do it via a Container. Which is neat but on the other hand for newcommers Dockers/Containers maybe a bit of a scare.
@@MiFonito Have you gotten it working with a Container? I don't think I ever got it working because the Linux kernel isn't high enough on Synology devices for WireGuard to work (natively, or container). At least not without adding a custom configuration to the NAS...which I'd prefer not to do.
@@WunderTechTutorials Yea you are right, I did got it work on RPI and other linux distros using docker-compose. I didnt try it on Synology, kinda I had the same reason as you described. The moment I started to go into the rabbit hole on the Synology with this I decided to its kinda not worth it as there is OpenVPN and other possibilities to run Wireguard on other devices. Maybe if I have time I will revisit the topic of WG and Synology, kinda curious if there was any progress on this. Personally I would welcome native support on Synology for WG from Synology itself.
Great video! I successfully set things up and can access my NAS from my mobile (on cellular). But, for some reason, OpenVPN on my Mac fails to connect, says network is unavailable (using my mobile's hotspot). I can connect to it on my Mac while on my LAN, and I can keep that connection going if I switch to hotspot. But I cannot initiate a connection if I am already on hotspot or remote.
Am I missing something?
Thanks! Are you getting any specific errors or is it just not working?
@@WunderTechTutorials the Connect app has an error message "Network unavailable. Please try to connect later with active network."
Logs on the Mac just has "EVENT: NETWORK_UNREACHABLE Network unreachable"
Don't have any other VPN's active on this Mac to cause issues, either.
On iPhone, still no issues, connects flawlessly.
@@darth_ry That's definitely weird because that makes it sound like it can't connect to the VPN server. Are you using the same server (DDNS/IP)? Full Tunnel or Split?
@@WunderTechTutorialsused the same config files, both Full tunnel and split tunnel. Tried the files on Windows too.
Found a solution: used Tunnelblick on Mac instead. But clunky. But it works.
I think there may be some issue with the Apple Silicon version of OpenVPN Connect
8:51 DNS certificate from Let's Encrypt. What if you have already done this without "checking the box"? Is there a redo that will accomplish this?
I don't believe that you can go back (you most likely have to reconfigure DDNS), but it's not super important unless you want the valid SSL cert renewing through DNS.
Dumb question. What is the benefit of using a VPN on the NAS? I have a NAS set up in two different states. Is there any benefit to utilizing VPN on them? We don't share anything really. They're set up mainly for Plex and TV antenna access. Thanks.
Ultimately, the main benefit is secure remote access. If you don't need to access anything when you're not home, the benefits won't really be there.
Could I run NordVPN on NAS?
Great tutorial. I have this set up and connected. A question, when on my LAN on my Mac OS I connect to my NAS with smb:\\Terry_NAS_Network, which I set up. Is there a way I can do that when on OpenVPN (instead of using the IP address).
Thanks! If you set up the configuration file to use a DNS server and point it to the same DNS server that your local client devices are using, it should function the way you're looking for.
My Synology Open VPN for unknown reasons stopped working recently as it has been up and running for years. Now the Open VPN fails on router configuration. Please help?
I'm not sure what you mean by it failing on the router config, but is there a chance the certificate expired? I'd try and re-export a config file and start over.
AWESOME , may i ask u something . I have my NAS in my oficce and maped as network drive for example e: , so when i am connected in another notwork eg my home i cant acces to my maped drive. if i follow your tutorial , after i run the openvpn in my laptop and make a connection i will have access to the drive with letter e: again ? Ok i know that i can have one network drive maped with my local ip adress eg e: and also i can map the same drive with my external ip after the portforwared with another letter but i want to have always the same letter of the drive because i have some programms that needs a permant directory to load an ms access file
That is correct - as long as you're accessing it through the local IP, it'll connect. Don't do anything with port forwarding - this is a better option.
@@WunderTechTutorials i follow your guide , and it works like a charm . Thank u very much! may ask u smthing else , my certificate expires at 1/6/24 , it will be renew automatically or i have to renew it manually ?
@@agka8l What type of certificate is it? Is it the default Synology cert or are you using Let's Encrypt?
@@WunderTechTutorials its from letsencrypt for the DDNS
Not working, getting connection timeout in the OpenVPN app after following all the steps.
Can you confirm that the port is forwarded properly?
@@WunderTechTutorials Got it working, it turned out my modem was a router as well, so I had two routers, one with the port forwarded and the other without it forwarded. I was able to forward the port to the secondary router and its working now. Thanks!
Hi I followed all the steps but connection timeout at the end. Can anyone tell me what goes wrong?
Where are you getting the timeout?
I believe the same thing happened to me, the connection time out for me occurred at the end after setting everything up and trying to connect to the NAS through the VPN on a separate network from the local network.
@@WunderTechTutorials Alright, I've check with my Internet Provider and they say my router has problem. So I change the router today and it's enable to connect with openvpn now
@@WunderTechTutorials But the download and upload speed is still slow.. Here's my testing result:
- Quickconnect 300KB/s
- External ip without VPN 300KB/s
- External ip with Openvpn 150KB/s
- TPlink DDNS 300 KB/s
is there any way to make the download and upload speed faster when remote?
sorry ihave other questions
Ad blockers violate RUclips's Terms of Service
It looks like you may be using an ad blocker. Video playback is blocked unless RUclips is allowlisted or the ad blocker is disabled.
Ads allow RUclips to be used by billions worldwide.
You can go ad-free with RUclips Premium, and creators can still get paid from your subscription.
this message popped up after use adguard and pihole
Yes, you can't use ad-blockers with RUclips unfortunately. They blocked them.
many thanks i have learn so much form you @@WunderTechTutorials 🖖live long live good 😎