Twingate: New Option for Synology Remote Access
HTML-код
- Опубликовано: 6 июл 2024
- Twingate is a Zero Trust Network that can replace your VPN and be configured on a Synology NAS with Docker.
🎯 Tutorials, comparisons, reviews: www.wundertech.net
✅ Written Instructions: www.wundertech.net/twingate-o...
⚡ Sign up for Twingate: www.twingate.com/
🚀 Hire Me: www.wundertech.net/wundertech...
⚡Best Synology NAS Devices: www.wundertech.net/which-syno...
⚡Product Recommendations: link.wundertech.net/rmYt
🔔 Subscribe for more tech-related tutorials and overviews: link.wundertech.net/ssYt
DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.
0:00 Intro
0:46 Sponsored by Twingate
0:55 What is Twingate?
1:25 Twingate Controller
2:05 Creating a Remote Network
2:50 Creating a Twingate Connector on a Synology NAS
5:25 Creating Groups (Permissions)
5:52 Creating a Resource
7:47 Connecting to a Resource through Twingate
8:35 Connecting to a Local Network through Twingate
9:15 High Availability
9:58 Minimum Client Requirements
10:27 Areas for Improvement
11:29 Conclusion 
Наука
What do you think about the features Twingate offers?
I am accessing my NAS, through a domain name (HTTPS and quick connect +2FA) is that not secure enough? I want to test Twingate, but I want to know how secure is Twingate self? What I mean by that, is can someone break into the company and then have access to my resources? Or let's say that a government actor requests my information stored in Twingate to access my resources?
@@Equality-and-Liberty If you're using a reverse proxy + 2FA, it's generally secure, though you're still exposing your NAS to the outside world.
Speaking honestly, when your data goes through a third party, you're never 100% certain what happens with it. Though we live in a world where just about everything we own is going through third party, closed-source tools.
Ultimately, you have to make your own decision and weigh the pros and cons. The pros of self-hosting are that you know where the data is, but the con is that you need to secure it yourself and if you don't do it right...bad things can happen.
If you want to know more about Twingate, you can check out this document. In specific, the "Data Protection & Access Control" and "Data Encryption" sections: www.twingate.com/docs/twingate-security
@@WunderTechTutorials Thanks for your reply and for sending the link. I haven't made up my mind about it yet but maybe i will after reading some more about it in the link you provided
Why can't I seem to find a Zero Trust Network service that runs on a router/gateway? It's always about setting up such a service on a computer in the LAN that acts as a proxy for the other clients in the LAN. The best appliance in the LAN running this ZTN service should be the router or the gateway itself since it already acts as the gateway to the WAN.
Do you know the steps the upgrade the Twingate in Synology-Docker? Appreciate that.
Very nice! I've been using Tailscale for some time, and it's now set it-and forget-it, but Twingate does have some nice features that I'll look into. Thanks for the heads-up!
Outstanding video and demonstration Frank. Reminds me a lot of setting up Cloudflare Zero Trust. Thanks for sharing. Nice to know there are options out there. Have a great day.
Thanks Tony! Appreciate you watching!
OMG this is so coooooool!!!! thanks for introducing and sharing oyr knowledge about it!
Thanks, Avi!
I installed Twingate and configured it as you advised in this video. There are a couple of things I want to say about it. 1. there were some errors after installation. I checked my logs in Docker and saw that the container reported some authentication problems. After 1 hour I found out that you should not use quotation marks in your docker-compose file. The second thing is that I did not find a way to delete my tenant. Since it was a test I would like to delete it but there is no option for it. Third, you cannot opt for a free user account immediately. The only option was to register as a business and try it for 2 weeks. Maybe after two weeks, you will have the option to switch to a free user account, but I haven't found that out yet.
The controller that you use is this supported by HA at Twingate? By the sounds of it if the Controller was unavailable for any reason you would not be able to authenticate nor access the resource. Can you change the period of time that the re-authentication occurs?
If the Twingate Controller goes down, you won't be able to access your home network. That is definitely one of the downsides of third-party tools like this, but they use Google Cloud Platform which is generally reliable (not sure if it's 99.9% or 99.99% uptime, but it's most likely one of them).
I could not change the time for the authentication to occur. This was the biggest annoyance to me, though I admit that it could have been because I was constantly connecting/disconnecting to test. Either way, it is something they can definitely improve on.
@@WunderTechTutorials Thanks. I appreciate the reply.
Twingate is awesome
Creating a Twingate account, I put in a token "name" for Business Name as it said it was mandatory.. now it's saying "Your Business trial will expire in 14 days" ??? Will it default to a free to use account after 14 days or just stop working completely?
You didn't put a credit card in, right? If you didn't, it will default back to the free version and yes, it will still work.
@@WunderTechTutorials Hi Frank, no I didn't submit any payment details, thanks for getting back so quickly, cheers! 👍
You know it takes me a little time to catch on but is this comparable to Cloudflare tunnels?
Yes it is!
@WunderTechTutorials The reference in this sentence is not quite clear in my opinion, it wasn't for me at least: "3. Paste the Docker Compose file below but add your Network Name (step 2 in the Configuring a User Account & Network for Twingate steps above)". I think it should be "step 1" instead of "step 2", in the video it's mentioned at 4:06... In your case =wundertech.
I'll take a look at the instructions when I get some time. Thanks for the suggestion!
@WunderTechTutorials Hi Frank. This is doing my nut in! I can't get this crap to work! I've set up the FIRST connector exactly like you instruct. i logged back in but i don't see it become operational - it still says "Not yet connected". my docker project built correctly and is running with a green light. the only thing i can see that may affect this is that on the main twingate page it talks about "continue onboarding" which (when clicked) goes to setting up resources. should i do that first before the connector will work? update - i created resources but that didn't help either. PLEASE HELP!
It's generally connected using the environment variables in the config. Did you generate both and are you using the correct TWINGATE_NETWORK?
@@WunderTechTutorials i finally got it working by rebooting my mac and adding ports 30000-31000 to my nas firewall. I don't understand why twingate talks about ports when you claim you don't need to do anything with ports?
@@steveyg777 There aren't any ports in the Docker config, so I'm not sure how that fixed the problem to be honest, but I guess it's good that it's fixed.
Do you need to open any port on your NAS firewall?
Nope!
@@WunderTechTutorials sounds good so If I turn on my firewall it blocks the twingate connection. Any suggestions?
@@silentsword8458 Hmm, that's a good one. There aren't any ports that it uses inbound so I am guessing it's outbound. Do you have any DNS issues? Can you download/install packages from Synology's package center?
@@WunderTechTutorials it only works if I turn off my firewall
How does it differ from Zero Tier?
Both are Zero-Trust Networks so they're similar. In terms of the exact differences, I'm not exactly sure as I've never used Zerotier unfortunately.
3:04 I personally don't like you MUST login with a Big tech account. The reason for private self hosting is usually to avoid this kind of stuff.
I can definitely see that. Self-hosting has its benefits for sure, this is just an alternative for people who don't mind going through a third party.
Tailscale is easier and better...
Tailscale is awesome, but I actually think this is easier (in my opinion). Installing the Tailscale app is easier, but if you want to configure local subnet access or an exit node, things get harder.
With that said, they're really different tools.
Didn't Networkchuck get a lot of shit for this because it is not self hosted?
I'm not sure exactly what happened in that scenario, but it's definitely not self-hosted. The connector itself is self-hosted, but it's not designed to be a self-hosted VPN - it's a zero-trust network. It's comparable to tools like Cloudflare Tunnels rather than a traditional VPN like OpenVPN or WireGuard, though they can accomplish similar things.
The benefit is you get a lot of additional functionality and controls that you normally don't have with VPNs, with the downside of having everything go through a third party as opposed to being totally self-hosted.
Everybody gets s*t for speaking about non-self-hosted services like that. There is also some sense in that, though one must always consider the use case. For me, a service like this, or tailscale, or zerotier are perfectly fine as anything else is too complicated, requires infrastructure, and is just not worth the extra effort.
Of course, if you want, you can selfhost moons, or use headscale, or whatever floats your boat.
Either way it's better from the security standpoint that the cloudflare tunnel.