Set up VPN Server
Under Settings in the left panel, choose any of the following types of VPN server to enable VPN service on your DiskStation.
PPTP
PPTP (Point-to-Point Tunneling Protocol) is a commonly used VPN solution supported by most clients (including Windows, Mac, Linux, and mobile devices). For more information about PPTP, refer to here.
To enable PPTP VPN server:
- Tick Enable PPTP VPN server.
- Specify a virtual IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information.
- Set Maximum connection number to limit the number of concurrent VPN connections.
- Choose either of the following from the Authentication drop-down menu to authenticate VPN clients:
- PAP: VPN clients' password will not be encrypted during authentication.
- MS-CHAP v2: VPN clients' password will be encrypted during authentication using Microsoft CHAP version 2.
- If you use MS-CHAP v2 for authentication, choose any of the following from the Encryption drop-down menu to encrypt VPN connection:
- None: VPN connection will not be protected with encrypting mechanism.
- Require MPPE (40/128 bit):VPN connection will be protected with 40-bit or 128-bit encrypting mechanism, depending on the client's setting.
- Maximum MPPE (128 bit): VPN connection will be protected with 128-bit encrypting mechanism, which provides the highest level of security.
- Set MTU (Maximum Transmit Unit) to limit data packet size through the VPN network.
- Tick Use manual DNS and specify DNS server IP to push DNS to PPTP clients or the setting will be the presented DNS setting of DiskStation.
- Click OK.
Note:
- The authentication and encryption types of VPN clients must be identical to the settings specified on VPN Server.
- To apply to most PPTP clients such as Windows, Mac OS, Mac iOS and Android system, the default MTU is set to 1400. For more complicated network environment, a smaller MTU might be required. Try to reduce the MTU size if you keep on receiving timeout error or experiencing unstable connection.
- Please check out the port forwarding and firewall settings on your DiskStation and router to make sure the TCP port 1723 is open.
- PPTP VPN service is built-in on some routers, the port 1723 is therefore occupied. You should disable the built-in PPTP VPN service through the router's management interface to have the PPTP of VPN Server work.
Besides, some old routers block the GRE protocol (IP protocol 47), which will cause VPN connection failure. It is recommended to use a router supporting VPN passthrough connections.
OpenVPN
OpenVPN is an open source solution for implementing VPN service. It protects VPN's connection with the SSL/TLS encrypting mechanism. For more information about OpenVPN, visit here.
To enable OpenVPN VPN server:
- Tick Enable OpenVPN server.
- Specify a virtual internal IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information.
- Set Maximum connection number to limit the number of concurrent VPN connections.
- Tick Enable compression on the VPN link if you want to compress data during transfer.
- Click OK.
Note: Please check out the port forwarding and firewall settings on your DiskStation and router to make sure the UDP port 1194 is open.
To export configuration file:
Click Export Configuration. OpenVPN allows VPN server to issue an authentication certificate to the clients. The exported file is a zip file that contains ca.crt (certificate file for VPN server), openvpn.ovpn (configuration file for the client), and README.txt (simple instruction on how to set up OpenVPN connection for the client). For more information, refer to Synology VPN User's Guide.
About Dynamic IP Address
Depending on the number you entered in Dynamic IP address, VPN Server will choose from a range of virtual IP addresses while assigning IP addresses to VPN clients. For example, if the dynamic IP address of VPN server is set as "10.0.0.0", a VPN client's virtual IP address could range from "10.0.0.1" to "10.0.0.[maximum connection number]" for PPTP, and from "10.0.0.2" to "10.0.0.255" for OpenVPN.
Important:
Before specifying the dynamic IP address of VPN server, please note:
-
Dynamic IP addresses allowed for VPN server should be any of the following:
-
From "10.0.0.0" to "10.255.255.0"
-
From "172.16.0.0" to "172.31.255.0"
-
From "192.168.0.0" to "192.168.255.0"
-
The specified dynamic IP address of VPN server and the assigned virtual IP addresses for VPN clients should not conflict with any IP addresses currently used within your local area network.
About Client's Gateway Setting for VPN Connection
Before connecting to DiskStation's local area network via VPN, the clients might need to change their gateway setting for VPN connection. Otherwise, they might not be able to connect to the Internet when VPN connection is established. For detailed information, refer to Synology VPN User's Guide.