Frequently Asked Question
Network: How to set up a QNAP NAS as a VPN server?
Last Updated 7 years ago
Virtual private networks (VPN) offer secure connections to access network resources and services across a public network. QNAP NAS provides a VPN service for users to access anything on their NAS or other sources via the internet. Layer 2 Tunneling Protocol over IPsec (L2TP/IPsec), Point-to-Point Tunneling Protocol (PPTP), OpenVPN software is also supported, providing advanced certification and encryption to provide the safest connection for QNAP NAS users.
Note: In QTS version 4.2.2 or below, only local NAS users are allowed to be VPN users. Domain users are allowed to be VPN users after upgrading to QTS 4.3 and installing the “QVPN Service” application.
You can also use your WAN IP or myQNAPcloud DDNS to connect to your QNAP NAS. If you want to enable the myQNAPcloud service, please click “myQNAPcloud Service” to open the “myQNAPcloud setting page”.
Setting L2TP/IPsec on Mac OS X10.10
Set up OpenVPN on Mac OS X 10.11
Set up OpenVPN on Android 5.0
Set up OpenVPN on Windows
TKC170626
Setting up the VPN service
Preparation
- The Internet connection is normalb.L2TP/IPsec is supported in QTS version 4.2.0 or above.
- L2TP/IPsec is supported in QTS version 4.2.0 or above.
- In QTS version 4.3, the VPN Server, VPN Client and L2TP/IPSec VPN services have been combined into one application, “QVPN Service”, which can be downloaded to your NAS in App Center. If you are upgrading your NAS to QTS 4.3 from an earlier version, and any VPN services have been configured, the system will automatically install the “QVPN Service” application and keep all your VPN configuration settings during the upgrade.
Enable L2TP/IPsec, PPTP or OpenVPN services.
- L2TP/IPsecL2TP
- L2TP (Layer Two Tunneling Protocol) is a combination of the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). Compared to PPTP, which only establishes a single tunnel between the two end points, L2TP supports the use of multiple tunnels. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity checks. The combination of these two protocols provides a high-security VPN solution which is known as L2TP/IPsec. L2TP/IPsec is supported by most clients, including Windows, Mac, Linux, and mobile devices.
- VPN Client IP pool: Enter the start and end IP addresses to define the IP range for the VPN clients to connect to the VPN server.
- Preshared key: Enter the Preshared key for the VPN client user to be verified by L2TP/IPsec.
- Maximum number of clients: Select the maximum number of concurrent client connections supported by the VPN server.
- Authentication: Select how the VPN clients will be authenticated.
- Network interface: Choose a network interface.
- Specify DNS server manually: Specify the DNS server IP for the VPN clients. When disabled, the DNS settings of the NAS will be used. This option is disabled by default.
- * In QTS 4.3, go to “App Center” > “QVPN Service”> “VPN Server Settings” > “L2TP/IPSec”.
- L2TP (Layer Two Tunneling Protocol) is a combination of the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). Compared to PPTP, which only establishes a single tunnel between the two end points, L2TP supports the use of multiple tunnels. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity checks. The combination of these two protocols provides a high-security VPN solution which is known as L2TP/IPsec. L2TP/IPsec is supported by most clients, including Windows, Mac, Linux, and mobile devices.
- PTPP
- PPTP (Point-to-Point Tunneling Protocol) enables secure data transfer from a remote location to the NAS by creating a virtual private network (VPN). PPTP is supported by most clients, including Windows, Mac, Linux, and mobile devices.
Go to “Control Panel” > “Applications” > “VPN Server” >”VPN Server Settings”, enable L2TP/PPTP VPN Server and select “PPTP” and enter the configuration settings:*- VPN Client IP pool: Enter the start and end IP addresses to define the IP range for the VPN clients to connect to the VPN server.
- Maximum number of clients: Select the maximum number of concurrent client connections supported by the VPN server.
- Authentication: Select how the VPN clients will be authenticated.
- Encryption: Select an encryption method.
- Network interface: Choose a network interface.
- Specify DNS server manually: Specify the DNS server IP for the VPN clients. When disabled, the DNS settings of the NAS will be used. This option is disabled by default.
- * In QTS 4.3, go to “App Center” > “QVPN Service” > “VPN Server Settings” > “PPTP”.
- PPTP (Point-to-Point Tunneling Protocol) enables secure data transfer from a remote location to the NAS by creating a virtual private network (VPN). PPTP is supported by most clients, including Windows, Mac, Linux, and mobile devices.
- OpenVPN
- OpenVPN is open-source software that supports encrypted VPN access. You have to install software on your computer to connect to the OpenVPN server. Click “Download Configuration File” to download the VPN client settings, certification/key, and installation instructions and then upload the settings file to the OpenVPN client.
Go to “Control Panel” > “Applications” > “VPN Server” >”VPN Server Settings”, enable OpenVPN Server and enter the configuration settings:*- VPN Client IP pool: Enter the start and end IP addresses to define the IP range for the VPN clients to connect to the VPN server.
- VPN Server Port: Select UDP or TCP as the OpenVPN transport protocol. The OpenVPN server will listen for client connections on port 1194.
- Maximum number of clients: Select the maximum number of concurrent client connections supported by the VPN server.
- Authentication: Select how the VPN clients will be authenticated.
- Network interface: Choose a network interface.
- Redirect gateway: Selecting this option will cause all IP network traffic originating on client machines to pass through the OpenVPN server.
- Enable compressed VPN link: Select this option to compress the data before transferring via the VPN. The data transfer speed will increase but more CPU resources of the NAS will be used. This option is enabled by default.
- Specify DNS server manually: Specify the DNS server IP for the VPN clients. When disabled, the DNS settings of the NAS will be used. This option is disabled by default.
- Please note: If you change your OpenVPN settings, myQNAPcloud name, or security certificate you must your upload settings files again.
- * In QTS 4.3, go to “App Center” > “QVPN Service” > “VPN Server Settings” > “OpenVPN ”
- OpenVPN is open-source software that supports encrypted VPN access. You have to install software on your computer to connect to the OpenVPN server. Click “Download Configuration File” to download the VPN client settings, certification/key, and installation instructions and then upload the settings file to the OpenVPN client.
Add a new VPN user.
Go to “Control Panel” > “Applications” > “VPN Service” > “VPN Client Management” > “Add VPN Users”. Administrators can choose the connection types of other users to each protocol.Note: In QTS version 4.2.2 or below, only local NAS users are allowed to be VPN users. Domain users are allowed to be VPN users after upgrading to QTS 4.3 and installing the “QVPN Service” application.
Setup port forwarding on your router
If your QNAP NAS is located behind a NAT router, you need to open the ports on the NAT router and forward these ports to the fixed LAN IP of the NAS. This function is available on most routers and is often known as "Port Forwarding", "NAT Server" or "Virtual Server". The following is the corresponding port number of each protocol; please follow the router provider’s instructions to enable port forwarding.Protocol | Port |
---|---|
L2TP/IPsec | UDP 500、UDP 1701、UDP 4500 |
PPTP | 1723 |
OpenVPN | UDP 1194 (Default) |
Appendix. Use VPN software to connect to the internal network.
L2TP/IPsec settings on Windows 8- Go to “Control Panel” > “Network and Internet” > “Network and Sharing Center” and select “Set up a new connection or network”.
- Select “Connect to a workplace”.
- Select “Use my Internet connection (VPN)”.
- Enter your myQNAPcloud name or IP address in “Internet address”. You can also name your connection in “Destination name”.
- Go to “Control Panel” > “Network and Sharing Center” > “Change adapter settings”, right click on the VPN connection and select “Properties”.
- Go to the “Security” tab, select the “Type of VPN” as L2TP/IPsec then click “Advanced settings”.
- Select “Use preshared key for authentication” and enter the same key as the server’s settings.
- You can now connect to the VPN.
Setting L2TP/IPsec on Mac OS X10.10
- Go to “System Preferences” > “Network”.
- Select “Add new service (+)” and choose “VPN” in “Interface”. Choose “L2TP/IPsec” in “VPN Type”. You can also name your connection in “Service Name”.
- Enter your myQNAPcloud name or IP address in “Server Address” and your QNAP NAS user name in “Account Name”. Then click “ Authentication Settings”, and enter the password & preshared key.
- Click “Connect” to connect to the VPN.
- Go to “Settings” > “VPN”. Click “Add VPN profile”.
- Enter “Name” and choose the type as “L2TP/IPsec PSK"
- Enter “IPsec Pre-shared key”.
- Click the VPN profile and enter your username and password to start connection.
- Go to “Settings” > “General” > “VPN”.
- Choose “Add VPN Configuration…”
- Choose “L2TP” and name your connection in “Description”, before entering the myQNAPcloud name or IP address in “Server”, and then your QNAP NAS username, password and preshared key.
- Go to “Settings” > “General” > “VPN” to connect to the VPN.
- Go to “Control Panel” > “Network and Internet” > “Network and Sharing Center” and select “Set up a new connection or network”.
- Select “Connect to a workplace”.
- Select “Use my Internet connection (VPN)”.
- Enter your myQNAPcloud name or IP address in “Internet address”. You can also name your connection in “Destination name”.
- Go to “Control Panel” > “Network and Sharing Center” > “Change adapter settings” and right click this VPN connection then select “properties”.
- Enter “Security” page, select the “Type of VPN” as PPTP.
- You can now start using the VPN.
- Go to “System Preferences” > “Network”.
- Select “Add new service (+)” and choose “VPN” in “Interface”. Choose “PPTP” in “VPN Type”. You can also name your connection in “Service Name”.
- Enter your myQNAPcloud name or IP address in “Server Address” and your QNAP NAS user name in “Account Name”. Then click “ Authentication Settings”, enter the password and preshared key.
- Click “Connect” to start using the VPN.
- Go to “Settings” > “VPN”. Click “Add VPN profile”.
- Enter “Name” and choose the type as “PPTP"
- Click the VPN profile and enter your username and password to start the connection.
- Go to “Settings” > “General” > “VPN”.
- Choose “Add VPN Configuration…”
- Choose “PPTP” and name your connection in “Description”, before entering the myQNAPcloud name or IP address in “Server”, and then your QNAP NAS username and password.
- Go to “Settings” > “General” > “VPN” to start the VPN connection.
Set up OpenVPN on Mac OS X 10.11
- Download and install Tunnelblick from https://tunnelblick.net/
- Launch Tunnelblick.
- Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
- Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
- Double click on the configuration file (or right click it and import the file with Tunnelblick).
The certification file will be imported automatically. - Click “Connect”.
- Enter your NAS username and password to activate the connection.
- Install OpenVPN Connect from https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8
- Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
- Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
- Open the configuration file with OpenVPN Connect (you can send the file to your email address and open it on your device, or you can send the file to the OpenVPN folder via PC with a third-party application such as “iTools for Windows”) and enter your NAS username and password to activate the connection.
If you have imported the configuration file to the OpenVPN folder you will see it in OpenVPN Connect.
Set up OpenVPN on Android 5.0
- Install OpenVPN Connect from https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en
- Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
- Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
- Import your settings files to the folder on your Android device.
- Launch OpenVPN Connect and select "Import" in the top-right menu. Find and import the configuration file. Then follow the instructions to import the certification file.
- Enter your NAS username and password to activate the connection.
Set up OpenVPN on Windows
- Download and install OpenVPN from http://openvpn.net/index.php/open-source/downloads.html/
The default folder for the installation is C:\Program Files\OpenVPN - Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
- Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
- Place “ca.crt” and “openvpn.ovpn” in the folder C:\Program Files\OpenVPN\config
- Use an administrator's account to launch OpenVPN and activate the connection.
TKC170626