Synology SSL VPN

Synology SSL VPN is a VPN service that supports SSL (Secure Sockets Layer) authentication and encryption. This service offers fast and secure SSL VPN access to web pages, files, and applications on the Internet or local networks.

General Management

To set up Synology SSL VPN:

  1. Click Synology VPN on the left panel and go to SSL VPN.
  2. Tick Enable Synology SSL VPN.
  3. Specify the settings below:
    • Active licenses: Check the number of your active licenses for the premium features. To add licenses, go to License on the left panel.
    • Client IP range: Select a client IP range (i.e., a subnet or an IP range behind your Synology Router) as virtual IP addresses available for clients. To add more subnets or IP ranges, go to Object > Address Pool.
    • Self-owned domain name: Click Edit to configure the Domain Setting.
    • Port: Specify the port for connections via this protocol. The default port is 443. If Synology SSL VPN and WebVPN are both enabled, we recommend a non-443 port for Synology SSL VPN lest the WebVPN speed be affected.
    • Security level: Choose a preferred security level.
    • Authentication: Select a method to authenticate clients.
    • Encryption: Select a method to encrypt connections.
    • Disallow duplicate logins: Tick this checkbox to prevent accounts from creating multiple connections via this protocol.
    • Enable split tunneling: Allow clients to connect to destination web pages/applications/servers within certain local subnets or local IP ranges (defined by objects) through Synology SSL VPN. The rest of the traffic will go through the default gateway. Click Edit to add objects to the Split-tunnel List.
  4. Click Apply to finish the setup. A customized URL for the VPN Plus web portal will show at the bottom of this page.

Note:

To install a third-party certificate to the Synology Router:

The network administrator can purchase a certificate from a trusted third-party and install it to the Synology Router. After installation, all clients can smoothly access the VPN Plus web portal without browser alerts.

  1. Go to SRM Control Panel > Services > Certificate.
  2. Under the Action section, click Import certificate.
  3. Click Browse and provide the acquired private key and certificate.
  4. Click OK to import the certificate.

To install the Synology Router certificate to local devices:

If no trusted third-party certificates are available, the network administrator can create a self-signed certificate from the Synology Router, and install it to all client devices.

  1. Go to SRM Control Panel > Services > Certificate.
  2. Under the Action section, click Create certificate > Create self-signed certificate. Follow the on-screen instructions in the wizard to create a certificate for the VPN Plus web portal.
  3. Under the Server certificate section, click Export certificate to download the self-signed certificate.
  4. Share this certificate with local users. Ask them to install it on their devices as instructed in the Usage Guide.

Usage Guide

In the sections below, you will know how to use the Synology SSL VPN service to Internet and local network resources.

To connect via Synology SSL VPN:

You can establish Synology SSL VPN connections with two exclusive clients: Synology SSL VPN Client (for Windows/Mac/Linux computers) and the Synology VPN Plus mobile app (for iOS/Android devices).


Web browsers on computers (except for Firefox):

  1. Launch a web browser and enter the VPN Plus web portal URL in the address bar.
  2. Sign in with your SRM credentials.
  3. Click SSL VPN on the left panel.
  4. Click Download to install Synology SSL VPN Client to your local computer.
  5. Follow the on-screen instructions in the wizard to finish the installation.
  6. When the SSL VPN client starts running, the web page will refresh automatically.
  7. Click Connect to connect via Synology SSL VPN. (See the Note below.)
  8. Now all your connections from the local computer will go through the Synology SSL VPN.
  9. To stop using this VPN service, click Disconnect on the VPN Plus web portal.

Firefox on computers:

  1. Launch Firefox and enter the VPN Plus web portal URL in the address bar.
  2. Sign in with your SRM credentials.
  3. Click SSL VPN on the left panel.
  4. Click Download to install Synology SSL VPN Client to your local computer.
  5. Follow the on-screen instructions in the wizard to finish the installation.
  6. Go back to the VPN Plus web portal > SSL VPN, and click on the here button to add a security exception for the browser.
  7. A browser alert will display on the web page. Click Advanced... > Accept the Risk and Continue.
  8. Click Proceed. Now all your connections from the local computer will go through the Synology SSL VPN.
  9. To stop using this VPN service, click Disconnect on the VPN Plus web portal.

Note:

iOS/Android devices:

  1. Download and install Synology VPN Plus (Apple's App Store/Google Play) on your mobile device.
    Note: Android application package (APK) is also available on Synology's Download Center. For more information on how to manually install the application on your Android device, please refer to this article.
  2. Open Synology VPN Plus, enter the IP address (e.g., "210.61.203.200")) or the domain name (e.g., "vpn.service.com") of your Synology Router.
    Note: If you use a custom port other than 443, please add the port number after the domain name/IP address with a colon (e.g., "prefix.domain.com:10001").
  3. Sign in with your SRM credentials.
  4. Tap Connect to connect via Synology SSL VPN.
  5. Now all your connections from the mobile device will go through the Synology SSL VPN.
  6. To stop using this VPN service, tap Disconnect.

Note:

To install a certificate to your device:

If no trusted third-party certificates are available on VPN Plus Server, you can download and install a self-signed certificate on your computer to avoid repeated browser alerts.

  1. Go to the VPN Plus web portal.
  2. Click the person icon in the upper-right corner.
  3. Click Configurations.
  4. In the pop-up window, click Download to download the ca.crt certificate to your computer.

Follow the steps below to install the certificate according to your computer’s operating system.

For Windows:

  1. Double-click the ca.crt file on your computer.
  2. Click Open > Install Certificate... > Next.
  3. Select Place all certificates in the following store.
  4. Click Browse and choose Trusted Root Certification Authorities.
  5. Click OK and follow the on-screen instructions in the wizard to finish the installation.
  6. Reopen the browser to make the certificate take effect.

For Mac:

  1. Double-click the ca.crt file on your computer.
  2. Select System for Keychain, and click Add.
  3. Enter the user credentials and click Modify Keychain.
  4. Open Keychain Access on your Mac computer.
  5. On the left panel, select System under Keychains and then select Certificates under Category.
  6. Find and double-click the certificate.
  7. In the pop-up window, click Trust, and select Always Trust for When using this certificate.
  8. Close the pop-up window and follow the on-screen instructions to finish the installation.