Set up VPN Server

Under Settings in the left panel, choose any of the following types of VPN server to enable VPN service on your DiskStation.

Note:

PPTP

PPTP (Point-to-Point Tunneling Protocol) is a commonly used VPN solution supported by most clients (including Windows, Mac, Linux, and mobile devices). For more information about PPTP, refer to here.

To enable PPTP VPN server:

  1. Tick Enable PPTP VPN server.
  2. Specify a virtual IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information.
  3. Set Maximum connection number to limit the number of concurrent VPN connections.
  4. Choose either of the following from the Authentication drop-down menu to authenticate VPN clients:
  5. If you use MS-CHAP v2 for authentication, choose any of the following from the Encryption drop-down menu to encrypt VPN connection:
  6. Set MTU (Maximum Transmission Unit) to limit data packet size through the VPN network.
  7. Tick Use manual DNS and specify DNS server IP to push DNS to PPTP clients or the setting will be the presented DNS setting of DiskStation.
  8. Click OK.

Note:

OpenVPN

OpenVPN is an open source solution for implementing VPN service. It protects VPN's connection with the SSL/TLS encrypting mechanism. For more information about OpenVPN, visit here.

To enable OpenVPN VPN server:

  1. Tick Enable OpenVPN server.
  2. Specify a virtual internal IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information.
  3. Set Maximum connection number to limit the number of concurrent VPN connections.
  4. Tick Enable compression on the VPN link if you want to compress data during transfer.
  5. Click OK.

Note:

To export configuration file:

Click Export Configuration. OpenVPN allows VPN server to issue an authentication certificate to the clients. The exported file is a zip file that contains ca.crt (certificate file for VPN server), openvpn.ovpn (configuration file for the client), and README.txt (simple instruction on how to set up OpenVPN connection for the client). For more information, refer to Synology VPN User's Guide.

L2TP/IPSec

L2TP (Layer 2 Tunneling Protocol) over IPSec provides virtual private networks with increased security and is supported by most clients (such as Windows, Mac, Linux, and mobile devices). For more information about L2TP, refer to here.

Before you start:

To use L2TP/IPSec, make sure your DiskStation is running DSM 4.3 or later.

To enable L2TP/IPSec VPN server:

  1. Tick Enable L2TP/IPSec VPN server.
  2. Specify a virtual IP address of VPN server in the Dynamic IP address field. Refer to About Dynamic IP Address below for more information.
  3. Set Maximum connection number to limit the number of concurrent VPN connections.
  4. Choose either of the following from the Authentication drop-down menu to authenticate VPN clients:
  5. Set MTU (Maximum Transmission Unit) to limit data packet size through the VPN network.
  6. Tick Use manual DNS and specify DNS server IP to push DNS to L2TP/IPSec clients or the setting will be the presented DNS setting of DiskStation.
  7. Enter and confirm a pre-shared key. This secret key can be given to your L2TP/IPSec user to authenticate the connection.
  8. Click OK.

Note:

About Dynamic IP Address

Depending on the number you entered in Dynamic IP address, VPN Server will choose from a range of virtual IP addresses while assigning IP addresses to VPN clients. For example, if the dynamic IP address of VPN server is set as "10.0.0.0", a VPN client's virtual IP address could range from "10.0.0.1" to "10.0.0.[maximum connection number]" for PPTP, and from "10.0.0.2" to "10.0.0.255" for OpenVPN.

Important:Before specifying the dynamic IP address of VPN server, please note:

  1. Dynamic IP addresses allowed for VPN server should be any of the following:
  2. The specified dynamic IP address of VPN server and the assigned virtual IP addresses for VPN clients should not conflict with any IP addresses currently used within your local area network.

About Client's Gateway Setting for VPN Connection

Before connecting to DiskStation's local area network via VPN, the clients might need to change their gateway setting for VPN connection. Otherwise, they might not be able to connect to the Internet when VPN connection is established. For detailed information, refer to Synology VPN User's Guide.