Frequently Asked Question
- QVPN
- VPN Server
- VPN Client
- Event Logs
- QVPN Device Client
- Connecting to a QVPN Server
QVPN
QVPN is a centralized tool for the creation and management of VPN servers and connections on your QNAP NAS.
See the following table for details on QVPN compatibility.
QVPN Version | Supported Firmware | Supported Protocols |
---|---|---|
QVPN 2.0.x |
|
|
QVPN 2.1.x | QTS 4.3.6 (TS-128 and TS-228 only) |
|
QVPN 2.2.x | QTS 4.4.1 |
|
Overview
This screen provides a general overview of the status of the QVPN service.
Section | Description |
---|---|
Connected VPN Users | Displays information related to any users currently connected to local VPN servers. Includes the following information:
Users. |
Active Local VPN Servers | Displays information related to any VPN servers running on the NAS. Includes both active connections and outgoing network interfaces. To view server settings, click the server icon. |
Outgoing Interface | Displays information related to the outgoing network interfaces of each local VPN server Includes the following information:
|
VPN Server
QBelt
QBelt is a proprietary communications protocol incorporating DTLS and AES-256 encryption.
QVPN 2.1.x does not support the use of the QBelt protocol.
Enabling a QBelt VPN Server
- Open QVPN.
- Go to VPN Server > QBelt.
- Click Enable QBelt Server.
- Configure the QBelt server settings.
Setting Description VPN client IP pool Specify a range of IP addresses available to connected VPN clients.
Important:
By default, this server reserves the use of IP addresses from
10.6.0.0/24. If another connection is configured to use this range, an
IP conflict error will occur. Before adding this server, ensure a VPN
client isn't configured to use this range as well.Server Port Specify the port used to access this server.
Tip:
Default port: 443Preshared key Specify a key (password) to verify connecting VPN clients. Maximum number of clients Specify the number of connected clients allowed at one time.
Important:
The number must be between 5 and 100.Outgoing Network Interface (Next Hop) Specify an available network interface to use when connecting to the VPN server. Available options include: - All (Auto Detect)
- None
- Manually assign
DNS Server Specify a DNS server for the QBelt server.
Note: The DNS Quick Wizard can help configure this setting. For more information, please see DNS Quick Wizard. - Click Apply.
PPTP
PPTP (Point-to-Point Tunneling Protocol) enables secure data transfer from a remote location to the NAS by creating a virtual private network (VPN). PPTP is supported on Windows, Mac, Linux, and mobile devices.
Tip:
The PPTP server listens for client connections on TCP port 1723.
Enabling a PPTP Server
- Open QVPN.
- Go to VPN Server > PPTP.
- Click Enable PPTP VPN Server.
- Configure the PPTP server settings.
Setting Description VPN Client IP Pool Specify a range of IP addresses available to connected VPN clients.
Important:
By default, this server reserves the use of IP addresses from
10.0.0.0/24. If another connection is configured to use this range, an
IP conflict error will occur. Before adding this server, ensure a VPN
client isn't configured to use this range as well.Maximum number of clients Specify the number of connected clients allowed at one time.
Important:
The number must be between 5 and 100.Authentication Select an authentication method. Encryption Select an encryption method. Outgoing Network Interface (Next Hop) Specify an available network interface to use when connecting to the VPN server. Available options include: - All (Auto Detect)
- None
- Manually assign
DNS Server Specify a DNS server for the PPTP server.
Note: The DNS Quick Wizard can help configure this setting. For more information, please see DNS Quick Wizard. - Click Apply.
L2TP/IPSec (PSK)
L2TP (Layer Two Tunneling Protocol) is a combination of the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). While PPTP only establishes a single tunnel between two end points, L2TP supports multiple tunnels.
IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity checks.
The combination of these two protocols provides a high-security VPN solution known as L2TP/IPSec. L2TP/IPSec is supported on Windows, Mac, Linux, and mobile devices.
Tip:
The L2TP/IPSec server listens for client connections on the following UDP ports:
- 500
- 1701
- 4500
Enabling a L2TP/IP Sec VPN Server
- Open QVPN.
- Go to VPN Server > L2TP/IP Sec.
- Click Enable L2TP/IP Sec VPN Server.
- Configure the L2TP/IP Sec server settings.
Setting Description VPN client IP pool Specify a range of IP addresses available to connected VPN clients.
Important:
By default, this server reserves the use of IP addresses from
10.2.0.0/24. If another connection is configured to use this range, an
IP conflict error will occur. Before adding this server, ensure a VPN
client isn't configured to use this range as well.Preshared key Specify a key used to verify connecting VPN clients. Maximum number of clients Specify the number of connected clients allowed at one time.
Important:
The number must be between 5 and 100.Authentication Select an authentication method. Outgoing Network Interface (Next Hop) Specify an available network interface to use when connecting to the VPN server. Available options include: - All (Auto Detect)
- None
- Manually assign
DNS Server Specify a DNS server for the L2TP/IPSec server.
Note: The DNS Quick Wizard can help configure this setting. For more information, please see DNS Quick Wizard. - Click Apply.
OpenVPN
OpenVPN is an open-source VPN solution encrypted and protected by SSL.
Enabling an OpenVPN Server
- Open QVPN.
- Go to VPN Server > OpenVPN.
- Click Enable OpenVPN Server.
- Configure the OpenVPN settings.
Setting Description VPN client IP pool Specify a range of IP addresses available to connected VPN clients.
Important:
By default, this server reserves the use of IP addresses from
10.8.0.0/24. If another connection is configured to use this range, an
IP conflict error will occur. Before adding this server, ensure a VPN
client isn't configured to use this range as well.Server Port Specify the port used to access this server. Maximum number of clients Specify the number of connected clients allowed at one time.
Important:
The number must be between 5 and 100.Encryption Select an encryption method. Outgoing Network Interface (Next Hop) Specify an available network interface to use when connecting to the VPN server. Available options include: - All (Auto Detect)
- None
- Manually assign
DNS Server Specify a DNS server for the OpenVPN server.
Note: The DNS Quick Wizard can help configure this setting. For more information, please see DNS Quick Wizard. - Optional: Select Use this connection as a default gateway for remote devices.
- Optional: Select Enable compressed VPN link. Tip: This setting compresses data before transferring it over the VPN. This will increase data transfer speeds, but requires additional CPU resources. This setting is enabled by default.
- Click Apply.
Downloading an OpenVPN Configuration File
An OpenVPN Configuration File or Certificate is used to import settings to an OpenVPN client.
Tip:
Clients must import an updated configuration file or certificate after every change to the OpenVPN server settings.
- Enable an OpenVPN server. For details, see Enabling an OpenVPN Server.
- Click Download Configuration File. Important:
- The OpenVPN certificate should only be used with QVPN versions earlier than v1.1. In all other cases, please use the OpenVPN configuration file instead.
Privilege Settings
This screen lists NAS users accounts and the approved access rights for each VPN server.
Adding a VPN User
- Open QVPN.
- Go to VPN Server > Privilege Settings.
- Click Add VPN Users. The Add VPN Users window opens.
- Locate an existing user account. Tip: You can switch between local user accounts and domain user accounts with the menu at the top of this window.
- Select the VPN server types.
- Click Apply.
Online NAS Users
This screen lists connections to VPN servers running on the NAS. It includes information about log-in time, up time, username, source IP, VPN client IP, and connection method.
Tip:
Clicking Disconnect in the Actions will disable the connection.
Connection Logs
This screen displays a record of connections to external VPN servers. Recorded information includes the connection date, the connection duration, username, source IP, and other detailed information.
DNS Quick Wizard
Domain Name System (DNS) is a service that translates a website’s name to its IP address. DNS makes it easier for users to access websites and services with an easy-to-remember URL (such as www.qnap.com) instead of a difficult and long IP address. The DNS Quick Wizard helps users choose the DNS service that best meets their needs. The default options in this wizard work best in most cases, but advanced users can also manually configure additional DNS services.
Note: This wizard is accessable after enabling any of the VPN servers in QVPN.
- Open the DNS Quick Wizard. The Setting DNS window opens.
- Click Next.
- Select a DNS option.
Option Description Public DNS Select a DNS from a list of public sources. NAS default Use the default DNS server.
Tip:
This option can increase the security of VPN connections.Manually assign Manually enter the IP address for a DNS service. - Click Apply.
VPN Client
The QVPN client allows the NAS to remotely connect to VPN servers using the PPTP, OpenVPN, L2TP/IPSec, or QBelt protocols.
Important:
When adding an OpenVPN connection, an OpenVPN configuration file is required to establish the connection.
VPN Connection Profiles
This screen displays existing VPN connections.
Creating a QBelt Connection
- Open QVPN.
- Go to VPN Client > VPN Connection Profiles.
- Click Add.
- Select QBelt. The Create VPN Connection (QBelt) window opens.
- Configure the VPN connection settings.
Setting Description Profile Name Specify a name to help identify this profile. Server Address Specify the IP address for the VPN server. Username Specify the username to access the VPN server. Password Specify the password to access the VPN server. Preshared Key Specify the key provided by the VPN server administrator. Server Port Specify the port used to access this server. Specify the subnet mask Specify the subnet mask. - Optional: Select Reconnect when the VPN connection is lost.
- Click Create. Note: By default, the QVPN QBelt server reserves the use of IP addresses from 10.6.0.0/24. If another connection is configured to use this range, an IP conflict error will occur. Before adding this connection, ensure an IP conflict doesn't exist.
Creating a PPTP Connection
- Open QVPN.
- Go to VPN Client > VPN Connection Profiles.
- Click Add.
- Select PPTP. The Create VPN Connection (PPTP) window opens.
- Configure the VPN connection settings.
Setting Description Profile Name Specify a name to help identify this profile. Server Address Specify the IP address for the VPN server. Username Specify the username to access the VPN server. Password Specify the password to access the VPN server. Authentication Select an authentication method. Encryption Select an encryption method. Specify the subnet mask Specify the subnet mask. - Optional: Select Reconnect when the VPN connection is lost.
- Click Create. Note: By default, the QVPN QBelt server reserves the use of IP addresses from 10.0.0.0/24. If another connection is configured to use this range, an IP conflict error will occur. Before adding this connection, ensure an IP conflict doesn't exist.
Creating a L2TP/IPSec Connection
- Open QVPN.
- Go to VPN Client > VPN Connection Profiles.
- Click Add.
- Select L2TP/IPSec. The Create VPN Connection (L2TP/IPSec) window opens.
- Configure the VPN connection settings.
Setting Description Profile Name Specify a name to help identify this profile. Server Address Specify the IP address for the VPN server. Username Specify the username to access the VPN server. Password Specify the password to access the VPN server. Authentication Select an authentication method. Preshared Key Specify the key provided by the VPN server administrator. Specify the subnet mask Specify the subnet mask. - Optional: Select Reconnect when the VPN connection is lost.
- Click Create. Note: By default, the QVPN QBelt server reserves the use of IP addresses from 10.2.0.0/24. If another connection is configured to use this range, an IP conflict error will occur. Before adding this connection, ensure an IP conflict doesn't exist.
Creating an OpenVPN Connection
- Open QVPN.
- Go to VPN Client > VPN Connection Profiles.
- Click Add.
- Select OpenVPN. A File Explorer window opens.
- Locate the OpenVPN configuration file.
- Click Open.
- Configure the VPN connection settings.
Setting Description Profile Name Specify a name to help identify this profile. Username Specify the username to access the VPN server. Password Specify the password to access the VPN server. Specify the subnet mask Specify the subnet mask. - Optional: Select Reconnect when the VPN connection is lost.
- Click Apply. Note: By default, the QVPN QBelt server reserves the use of IP addresses from 10.8.0.0/24. If another connection is configured to use this range, an IP conflict error will occur. Before adding this connection, ensure an IP conflict doesn't exist.
Using a VPN as the NAS Default Gateway
Important:
- If the primary VPN disconnects, the default gateway switches automatically.
- This option is unavailable if the NAS default gateway has already been changed from auto to fixed. For more information, go to the Network & Virtual Switch documentation.
- Open QVPN.
- Go to VPN Client > VPN Connection Profiles.
- Click Use VPN as NAS Default Gateway. The Use VPN as NAS Default Gateway window opens.
- Click
- Select a VPN profile.
- Optional: Enable a Backup VPN.
- Select a backup VPN profile.
- Specify a delay.
- Optional: Select Allow other network devices in the same subnet to connect to the VPN through the NAS.
- Click Apply.
Connection Logs
This screen displays a record of connections to external VPN servers. Recorded information includes the connection date, the connection duration, username, source IP, and other detailed information.
Event Logs
This screen displays a record of events related to the QVPN service. Common events include enabling or disabling services, changing settings, and adding or removing configuration files.
Tip:
Event logs are also kept in the System Logs.
QVPN Device Client
About QVPN Device Client
The QVPN Device Client manages connections to VPN servers running on a QNAP NAS. Consolidating tools for monitoring VPN connection speeds, reviewing connection logs, and accessing services running on the NAS, the client is available on Windows, macOS, iOS, or Android devices.
Tip:
The QVPN Device Client only supports connections to QBelt servers running on the NAS.
Current VPN Connection
This screen displays information related to the currently connected VPN profile including information related to location, IP address, and uptime. Additionally, this screen provides quick access to applications running on the NAS.
Figure 1. QVPN Device Client - Mobile
Figure 2. QVPN Device Client - PC
Connection Logs
This screen displays log records for the QVPN device client. Common events include enabling or disabling services, changing settings, and adding or removing configuration files.
Figure 1. QVPN Device Client - Mobile
Figure 2. QVPN Device Client - PC
All Speed Graphs
This screen displays upload and download speeds for VPN connections during the selected time period.
Figure 1. QVPN Device Client - Mobile
Figure 2. QVPN Device Client - PC
Settings
This screen displays settings for the QVPN device client.
Figure 1. QVPN Device Client - Mobile
Figure 2. QVPN Device Client - PC
Connecting to a QVPN Server
Windows
Connecting to QBelt on Windows 10
Install the QVPN Device Client from the QNAP website.
- Open the QVPN device client.
- Select an option.
Option Description Import from QNAP Cloud Search for a NAS connected to your QNAP cloud account. - Select a NAS from the list.
- Tap Import.
- Select the added NAS.
- Click Edit NAS.
Discover Search for a NAS connected to the same network segment. - Select a NAS from the list.
- Click Next.
Add manually Manually configure VPN connection. - Configure the VPN profile.
Field Description Profile Name Enter a name for the VPN profile. Host/IP or QNAP Cloud Name Enter the IP address of the VPN server or QNAP cloud name. Pre-Shared key Enter the VPN pre-shared key.
Important:
This field is only visible if the VPN profile cannot be automatically configured.VPN Port Enter the QBelt VPN server port.
Important:
This field is only visible if the VPN profile cannot be automatically configured.Username Enter the QTS account username. Password Enter the QTS account password. - Click Save
- Select the created profile.
- Click Connect.
- Optional: Configure Tier 2 connection.
- Click Add Network.
- Optional: Click Add New Tunnel.
- Select a tunnel.
- Click Connect.
Connecting to PPTP on Windows 10
- Go to Start > Settings > Network and Internet > VPN.
- Click Add a VPN Connection.
- Create a VPN profile.
Field Description VPN Provider Windows(build-in) Connection name Enter a name for the VPN profile. Server name or address Enter the VPN server IP address, VPN type Select PPTP. Pre-share key Enter the VPN pre-shared key. Type of sign-in info Select User name and password. Username Enter the QTS account username. Password Enter the QTS account password. - Select the created VPN profile.
- Click Connect.
Connecting to L2TP/IPSec on Windows 10
- Go to Start > Network and Internet > VPN.
- Click Add a VPN Connection.
- Create a VPN profile.
Field Description VPN Provider Select Windows(build-in). Connection name Enter a name for the VPN profile. Server name or address Enter the VPN server IP address. VPN type Select L2TP/IPsec with pre-share key. Pre-share key Enter the VPN pre-shared key. Type of sign-in info Select User name and password. Username Enter the QTS account username. Password Enter the QTS account password. - Select the created VPN profile.
- Click Connect.
Connecting to L2TP/IPSec on Windows 10 - Advanced
This process is meant for users unable to connect to the VPN server after following the steps in Connecting to L2TP/IPSec on Windows 10.
- Login to the PC with an administrator account.
- Open the Registry Editor.
- Right-click Start and select Run or press Windows logo key + R.
- Enter regedit.
- Click OK.
- Navigate to HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\PolicyAgent.
- Create a new value.
- Go to Edit > New > DWORD (32-bit) Value.
- Right-click the new value, then select Modify.
- Set Value name to AssumeUDPEncapsulationContextOnSendRule.
- Set Value data to 2.
- Restart the PC.
Connecting to OpenVPN on Windows 10
Install OpenVPN from the OpenVPN website.
- Download the OpenVPN configuration file to your device. Tip: For more information, see Downloading an OpenVPN Configuration File.
- Move the OpenVPN configuration file to C:\Program Files\OpenVPN\config.
- Open OpenVPN with an administrator account.
- Enter your QTS account credentials to connect to the NAS.
macOS
Connecting to QBelt on macOS 10.13
Install the QVPN Device Client from the QNAP website.
- Open the QVPN device client.
- Select an option.
Option Description Import from QNAP Cloud Search for a NAS connected to your QNAP cloud account. - Select a NAS from the list.
- Tap Import.
- Select the added NAS.
- Click Edit NAS.
Discover Search for a NAS connected to the same network segment. - Select a NAS from the list.
- Click Next.
Add manually Manually configure VPN connection. - Configure the VPN profile.
Field Description Profile Name Enter a name for the VPN profile. Host/IP or QNAP Cloud Name Enter the IP address of the VPN server or QNAP cloud name. Pre-Shared key Enter the VPN pre-shared key.
Important:
This field is only visible if the VPN profile cannot be automatically configured.VPN Port Enter the QBelt VPN server port.
Important:
This field is only visible if the VPN profile cannot be automatically configured.Username Enter the QTS account username. Password Enter the QTS account password. - Click Save
- Select the created profile.
- Click Connect.
- Optional: Configure Tier 2 connection.
- Click Add Network.
- Optional: Click Add New Tunnel.
- Select a tunnel.
- Click Connect.
Connecting to L2TP/IPSec on macOS 10.13
- Go to System Preferences > Network.
- Create a VPN profile.
- Click +.
- Select VPN for the interface.
- Select L2TP for the VPN Type.
- Enter a profile name.
- Click Create.
- Configure the VPN profile.
- Enter the L2TP/IPSec server IP Address or a Qnap cloud username for Server Address.
- Enter the QTS account name for Account Name
- Enter the authentication information.
- Click Authentication Settings.
- Enter the QTS account password.
- Enter the L2TP/IPSec pre-shared key for Shared Secret.
- Click OK.
- Click Connect.
Connecting to OpenVPN on macOS 10.13
Install Tunnelblick from the Tunnelblick website.
- Download the OpenVPN configuration file to your device. Tip: For more information, see Downloading an OpenVPN Configuration File.
- Open Tunnelblick.
- Double-click the OpenVPN configuration file. The configuration file will import automatically.
- Click Connect.
- Enter your QTS account credentials to connect to the NAS.
iOS
Connecting to QBelt on iOS
Install the QVPN Device Client from the QNAP website.
- Open the QVPN device client.
- Tap +.
- Select an option.
Option Description Import from QNAP Cloud Search for a NAS connected to your QNAP cloud account. - Select a NAS from the list.
- Tap Import.
- Select the added NAS.
- Tap Edit NAS.
Discover Search for a NAS connected to the same network segment. - Select a NAS from the list.
- Tap Next.
Add manually Manually configure VPN connection. - Configure the VPN profile.
Field Description Profile Name Enter a name for the VPN profile. Host/IP or QNAP Cloud Name Enter the IP address of the VPN server or QNAP cloud name. Pre-Shared key Enter the VPN pre-shared key.
Important:
This field is only visible if the VPN profile cannot be automatically configured.VPN Port Enter the QBelt VPN server port.
Important:
This field is only visible if the VPN profile cannot be automatically configured.Username Enter the QTS account username. Password Enter the QTS account password. - Tap Save
- Select the created profile.
- Tap Connect.
- Optional: Configure Tier 2 connection.
- Tap Add Network.
- Optional: Tap Add New Tunnel.
- Select a tunnel.
- Tap Connect.
Connecting to L2TP/IPSec on iOS
- Go to Settings > General > VPN.
- Tap Add VPN Configuration.
- Select L2TP for the Type.
- Configure the VPN profile.
- Tap Done.
- Go to Settings > General > VPN.
- Enable the created VPN Profile.
Connecting to OpenVPN on iOS
Install OpenVPN Connect from the Apple App store.
- Configure iOS settings.
- Go to Settings > OpenVPN > Advanced Settings
- Enable Force AES-CBC cipher suites.
- Transfer the OpenVPN configuration file to your device. Tip: For more information, see Downloading an OpenVPN Configuration File.
- Open OpenVPN Connect.
- Import the OpenVPN configuration file.
- Select OVPN Profile.
- Locate the Configuration file
- Tap Import
- Enter your QTS account credentials to connect to the NAS.
Android
Connecting to QBelt on Android 7.0
Install the QVPN Device Client from the QNAP website.
- Open the QVPN device client.
- Tap +.
- Select an option.
Option Description Import from QNAP Cloud Search for a NAS connected to your QNAP cloud account. - Select a NAS from the list.
- Tap Import.
- Select the added NAS.
- Tap Edit NAS.
Discover Search for a NAS connected to the same network segment. - Select a NAS from the list.
- Tap Next.
Add manually Manually configure VPN connection. - Configure the VPN profile.
Field Description Profile Name Enter a name for the VPN profile. Host/IP or QNAP Cloud Name Enter the IP address of the VPN server or QNAP cloud name. Pre-Shared key Enter the VPN pre-shared key.
Important:
This field is only visible if the VPN profile cannot be automatically configured.VPN Port Enter the QBelt VPN server port.
Important:
This field is only visible if the VPN profile cannot be automatically configured.Username Enter the QTS account username. Password Enter the QTS account password. - Tap Save
- Select the created profile.
- Tap Connect.
- Optional: Configure Tier 2 connection.
- Tap Add Network.
- Optional: Tap Add New Tunnel.
- Select a tunnel.
- Tap Connect.
Connecting to PPTP on Android 7.0
- Go to Settings > Connections > More connection settings.
- Tap +.
- Select PPTP for the Type.
- Enter configuration information.
- Tap Save.
- Tap the created VPN profile. The Connect to ... window opens.
- Enter your QTS account credentials.
- Tap Connect.
Connecting to L2TP/IPSec on Android 7.0
- Go to Settings > Connections > More connection settings.
- Tap +.
- Select L2TP/IPSec PSK for the Type.
- Configure the VPN profile.
- Tap Save.
- Tap the created VPN profile. The Connect to ... window opens.
- Enter the QTS account credentials.
- Tap Connect.