Frequently Asked Question

Application: How to connect to Synology's VPN Server using a Windows PC or Mac?
Last Updated 8 years ago

Overview

A VPN (virtual private network) is a private network that uses a public network infrastructure (usually the Internet) to provide secure and encrypted connections for data transmission. Businesses often implement VPN to provide a method for employees to securely access servers or other resources located within the company's private network even when they are traveling or at home.
With Synology's VPN Server package, your Synology NAS can become a VPN server, allowing DSM users to remotely and securely access resources shared within the Synology NAS's local area network.
In the guide below, we'll teach you how to connect to Synology's VPN Server using a Windows PC or Mac.

1. Before You Start

This article assumes that you have already done the following:
  • Set up your Synology NAS and installed Synology DiskStation Manager (DSM). (For details, please see the Quick Installation Guide for your model.)
  • Installed and set up the Synology VPN Server package. (For detailed instructions, please see this tutorial.)
Note: Only DSM users belonging to the administrators group can install and set up VPN Server.

2. Set up PPTP and L2TP/IPSec VPN Connections

Follow the steps below to set up PPTP and L2TP/IPSec VPN connections on a Windows PC or Mac.
Note: For details regarding how to set up VPN connections on Linux, refer to this document or other Internet resources.

2.1 For Windows

In the following example, we will use Windows 7 to demonstrate how to connect to VPN Server and set up PPTP or L2TP/IPSec VPN connections on a Windows PC.
  1. On Windows 7, go to Control Panel > Network and Internet > Network and Sharing Center. Click Set up a new connection or network.
  2. Select Connect to a workplace.
  3. Select Use my Internet connection (VPN).
  4. Enter the IP address of your Synology NAS in the Internet address field. Name this VPN connection in the Destination name field.
  5. Enter your DSM user credentials and click Connect to connect to the VPN Server.
  6. Once connected, you should be able to access resources shared within the Synology NAS's local area network.
  7. To disconnect, click the Network icon in the system tray. Select the VPN connection and click Disconnect.
  8. If you cannot connect to VPN Server, check the settings by right-clicking the VPN connection and select Properties. In the window that appears, select the Security tab. Check if you have chosen PPTP or L2TP/IPSec as your Type of VPN and the same Data encryption as the image below.
  9. Check your Authentication settings. Make sure you have selected Allow these protocols and ticked the appropriate protocols according to the settings specified on VPN Server.
  10. Switch to the Networking tab and make sure Internet Protocol Version 4 (TCP/IPv4) and Client for Microsoft Networks are checked.
  11. You should be able to connect to VPN Server now.
    12. Note: If you cannot access the Internet while connected to VPN Server, see Configure gateway and routing settings on VPN clients in this article.

2.2 For Mac OS

In the following example, we will use Mac OS X to demonstrate how to connect to VPN Server and set up PPTP or L2TP/IPSec VPN connections on your Mac.
  1. On your Mac, click System Preferences in the Apple menu.
  2. Click Network.
  3. Click the + icon in the lower left corner to create a new connection.
  4. Select VPN for Interface; PPTP or L2TP/IPSec for VPN Type. Name this VPN connection in the Service Name field.
  5. Enter the IP address of your Synology NAS in the Server Address field, and a valid DSM username in the Account Name field.
  6. Select an Encryption type for the VPN connection. It must be identical to the settings specified on VPN Server.
  7. Click Authentication Settings and enter the user's password.
  8. Click Connect to establish the VPN connection. Once connected, you can click Disconnect to disconnect from VPN Server.
    Note:     If you want to connect to the Internet through VPN Server, see Configure gateway and routing settings on VPN clients in this article.

3. Set up OpenVPN VPN Connections

OpenVPN is an open source solution for implementing VPN. Follow the steps below to set up OpenVPN VPN connections on a Windows PC or Mac.
Note: For details regarding how to set up VPN connections on Linux, refer to this document or other Internet resources.

3.1 For Windows

To set up OpenVPN connections on Windows 7, follow the steps below:
  1. Download and install the application from OpenVPN's official site.
  2. After the installation is complete, you will find OpenVPN GUI in the Start menu. Launch it as an administrator.
  3. Export configuration file from the OpenVPN tab on VPN Server. Unzip the exported file, which contains ca.crt, openvpn.ovpn, and README.txt.
  4. Open openvpn.ovpn with a text editor and replace YOUR_SERVER_IP with the public IP address of your Synology NAS. If your Synology NAS is behind a router, replace YOUR_SERVER_IP with the router's IP address.
  5. Put ca.crt and openvpn.ovpn into the config subdirectory under the OpenVPN directory (i.e. C:\Program Files\OpenVPN\config\).
  6. Double click the OpenVPN GUI icon in the system tray.
  7. Use DSM user credentials to connect to VPN Server.
  8. Once the connection is established, you can click Disconnect to disconnect and Reconnect if the connection is interrupted.


3.2 For Mac OS

To set up OpenVPN connections on Mac OS X, follow the steps below:
  1. Export configuration file from the OpenVPN tab on VPN Server. Unzip the exported file, which contains ca.crt, openvpn.ovpn, and README.txt.
  2. To download and install Tunnelblick, an OpenVPN client for Mac, visit here.
  3. After the installation is complete, launch it as an administrator.
  4. Click I have configuration files.
  5. Select OpenVPN Configuration(s).
  6. Choose Open Private Configurations Folder as we already have configuration files exported from VPN Server.
  7. Edit openvpn.ovpn and replace YOUR_SERVER_IP with the public IP address of your Synology NAS. If your Synology NAS is behind a router, replace YOUR_SERVER_IP with the router's IP address.
  8. Put ca.crt and openvpn.ovpn into the configuration folder opened in Step 6. Click Done.
  9. Now you will see the Tunnelblick icon in the top-right corner. Click the icon and choose Connect openvpn to establish a connection.
  10. Choose Details to check the connection status. Here you can disconnect by clicking Disconnect.

4. Configure Gateway and Routing Settings on VPN Clients

4.1 For Windows

When a VPN connection is active on Windows, the system will set the VPN connection as the default gateway for all outgoing connections. As a result, your requests to connect to the Internet have to go through VPN connection, meaning you will first connect to a VPN server and then to the Internet. In this case, you will have a slow connection which keeps dropping.
To stay connected to the Internet through the local gateway, do the following:
  1. Click the Network icon in the system tray on Windows.
  2. Right-click your VPN connection and click Properties.
  3. Switch to the Networking tab. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  4. Click Advanced in the window that appears.
  5. In the pop-up window, we suggest you keep Use default gateway on remote network checked under the IP Settings tab. Alternatively, you may uncheck Use default gateway on remote network, but make sure to set the VPN server's IP address as the static route to the remote gateway. Both your VPN connection and Internet connection should be active after applying this setting.

4.2 For Mac OS

Mac will not set your VPN connection as the default routing for connections to the Internet. We recommend either method below to access your Synology NAS (and the devices in the same local network) via VPN connection:
To set VPN as the default connection:
This method spares you complex network settings by directing all network traffic over VPN connection, but it may slow the connection.
  1. Go to System Preferences > Network, and click the VPN connection on the left panel.
  2. Click Advanced... > Options, and tick Send all traffic over VPN connection.
  3. Click OK.

To use VPN as a non-default connection:
If you wish to access your Synology NAS without setting VPN as the default connection, you need to change the following static routing configurations on your Mac:
  1. On Mac, run Terminal and execute the command below:
    > ifconfig –a
  2. You will see a screen as below:
  3. Here you can see your VPN (PPP) IP address and gateway. Note that the gateway is only for connecting to the VPN server and not for connecting to the Internet. If you want to connect to the Internet through the VPN server, change the gateway by executing the following commands:
    > sudo route add -net 192.168.X.X/16 10.10.0.50
    or
    > sudo route add -net 192.168.X.X/16 10.10.0.1

    Replace 192.168.X.X with the internal IP address of your Synology NAS and 10.10.0.50/10.10.0.1 with your own PPP IP/gateway. You can now connect to the Internet through the private network of your Synology NAS.




ZGTLv160509
Help Topics
ACE Support

Please Wait!

Please wait... it will take a second!