Synology Network Attached Storage (DSM 6), How to setup and configure a Synology NAS (DSM 6)

How to Setup a Synology NAS Part 35: Installing and Configuring L2TP/IPSec on VPN Server

2,329 views

With our Synology NAS now remotely accessible, we take a look at an alternative method for securely connecting to our home network. So in this video we demonstrate how to install and configure Synology’s VPN Server package.

Quick reference notes:

Log into Disk Station Manager (DSM) with administrators privileges
Open Package Centre and install VPN Server onto your Synology NAS

Notes: If you enabled the Firewall on your NAS, during the installation process you will be prompted to open the Ports that VPN Server will need to use. For now simply select OK, as you will be looking at the Firewall later.

Now, open VPN Server from within the Main Menu
Under Manage VPN Server select General Settings
Remove the tick to Grant VPN Permission to newly added local users
Select Apply
Locate and select Privilege
Remove the ticks next to any users who you do not wish to give VPN access. As we are only installing L2TP/IPSec VPN do not place ticks in the PPT and OvenVPN columns.

Note: As PPTP is not a very secure VPN Protocol we recommend that you do not use it. Both Open VPN and L2TP/IPSec should work well, however until we have VPN Server working correctly, we recommend that you do not enable more than one VPN Protocol. It’s better to get one protocol working, before attempting to activate and configure a second. So we start with L2TP/IPSec as both Windows and macOS have built in VPN clients that work well with this protocol.

Select L2TP/IPSec from under Setup VPN Server
Check the tick box Enable L2TP/IPSec VPN server
Leave Dynamic IP address with its default setting
Select the Maximum connection number from the drop down menu
Change the Maximum number of connections with same account to 1
Authentication needs to remain set as MS-CHAP v2
MTU can remain set to 1400
Leave the checkbox for Use Manual DNS unchecked
Set your Pre-shared key
Choose Apply

Notes: While VPN Server has now been configured and is running. If you enabled the Firewall on your NAS, you will also need to check that the correct ports are open.

From the DSM desktop open Control Panel
Within Control Panel select Security – Firewall
Under Firewall Profile choose Edit Rules
You should find listed a new VPN Server rule make sure that this rule is above the Deny All rule
Highlight the VPN Server rule and select Edit
Choose Select next to Select from a list of built in applications
Scroll through the list of rules to locate the VPN server rules.
Remove the ticks from VPN Server Ports 1723 and VPN Server Ports 1194
Click OK, OK, OK to save the changes to the Firewall

Notes: We now need to update the Port Forwarding rules on our router. If your router is not compatible with your Synology NAS you will have to manually configure the Port Forwarding rules on your router.

Still in Control Panel, open External Access – Router Configuration
Now select Create – Built in Application
When you select Next, you will be presented with list of Built in applications
Scroll through the list to locate the 4 VPN Server options
Tick the check boxes next to VPN Server UDP 1701, 500 and 4500
Select Apply
Save your changes

Reference materials:

Synology Support Article – Setup VPN Server
Synology Support Article – How to connect to Synology’s VPN Server using a WIndows PC or Mac
Synology Support – Synology NAS Port numbers

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 Year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the Advertisement category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
gdpr_status	6 months 2 days	This cookie is set by the provider Media.net. This cookie is used to check the status whether the user has accepted the cookie consent box. It also helps in not showing the cookie contest box upon re-entry to the website
JSESSIONID	Session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__gads	1 year 24 days	This cookie is set by Google and stored under the name dounleclick.com. This cookie is used to track how many times users see a particular advert which helps in measuring the success of the campaign and calculate the revenue generated by the campaign. These cookies can only be read from the domain that it is set on so it will not track any data while browsing through another sites.
CONSENT	16 years 4 months 2 days 11 hours 7 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
session_depth	30 minutes	This cookie is used to store the video preferences of the user using the embedded YouTube Video
uid	5 months 30 days	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embedded video the website
YSC	Session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
anj	3 months	The anj cookie contains data denoting whether a cookie ID is synced with our partners. ID syncing enables our partners to use their data from outside the Platform on the Platform.
CMID	1 Year 30 days	The cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
CMPRO	3 months	This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMPS	3 Months	This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMRUM3	1 year	This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMST	1 day	The cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
i	1 year	No description available.
IDE	1 Year 30 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
KADUSERCOOKIE	3 months	The cookie is set by pubmatic.com for identifying the visitors' website or device from which they visit PubMatic's partners' website.
KTPCACOOKIE	1 day	This cookie is set by pubmatic.com for the purpose of checking if third-party cookies are enabled on the user's website.
mc	1 year 1 month	This cookie is associated with Quantserve to track anonymously how a user interact with the website.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
uuid	3 months	To optimize ad relevance by collecting visitor data from multiple websites such as what pages have been loaded.
uuid2	3 months	This cookies is set by AppNexus. The cookies stores information that helps in distinguishing between devices and browsers. This information us used to select advertisements served by the platform and assess the performance of the advertisement and attribute payment for those advertisements.
VISITOR_INFO1_LIVE	6 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never

Cookie	Duration	Description
__gpi	1 Year 24 days	No description
cookielawinfo-checkbox-functional	1 year	No description available
fc	5 months 27 days	No description available
pf	Session	PingFederate identifies sessions by their respective PF cookies. Some adapters, such as the HTML Form Adapter, also utilize the PF cookie to manage their adapter-sessions
pxs	5 months 27 days	No description available

How to Setup a Synology NAS Part 35: Installing and Configuring L2TP/IPSec on VPN Server

Quick reference notes:

Reference materials:

Thank you for your support

Login

Advertisement