One of the simplest ways to securely access your home network is by using a VPN. In less than an hour you can set up an OpenVPN Server on your Synology NAS and connect securely from just about anywhere in the world.
With this setup, you’ll only have to forward one port from your router, to your NAS. OpenVPN’s default port is 1194 but you can pick whichever port number you want, just be sure to set any VPN clients that you are using to use your custom port.
For the OpenVPN Server to work on your Synology NAS, you’ll need to be able to get to your home network either by IP address, a DDNS service or by using a custom domain name. Check out my guide on how to set up your Synology with an SSL certificate for remote access: Synology Disktation SSL with Let’s Encrypt. You can use your Synology’s domain name to connect to this OpenVPN Server.
You’ll also need to set up a port forward on your router to forward traffic on port 1194 (or whatever custom port you choose) to your Synology NAS.
Configuring the OpenVPN Server
You can download the official VPN Server app from the Synology Package Center. Just search for “VPN Server” and install the official app that appears.
General VPN Settings
Next, click General Settings and select the network interface that you want the OpenVPN Server to listen on. You can also choose to grant VPN permission to new users but just leave it turned off unless you have a specific need for this option. Apply changes and move to the next step.
Next, I would highly recommend turning on Auto Block so click the link in the General Settings section. This will open the Synology security tab in control panel. Click the Account tab and make sure the Auto Block feature is turned on. This will keep someone from trying to log in too many times. This works for the DSM login page as well as the VPN Server.
User Account for OpenVPN Server
You should create a separate Synology user account for accessing the VPN only. This should not be an admin account, but a user account who’s sole purpose is to connect to the VPN. This is just best practice when it comes to separation of duties (in a virtual sense).
Go ahead and create that account in the Synology control panel. Give it a strong password and I would even go as far as setting “Deny” permission for any apps that you use with another Synology user account.
Once that is done, return to the VPN Server app and go to the Privilege section. Grant access to the OpenVPN Server for your newly created OpenVPN user account and save changes.
Configure OpenVPN Server Settings
Now we are at the point of configuring the OpenVPN Server settings themselves. Here you will set the VPN subnet for the OpenVPN clients, port number, protocol, encryption, etc. Be sure to choose a different subnet for this, not the same one that your NAS itself is on.
You will need to check the box to allow clients to access the LAN if you have other services or hosts on your network that you want to access after connecting through the OpenVPN Server on the Synology.
Once you have your settings configured, click Export Configuration to download the OpenVPN zip file, then apply.
OpenVPN ZIP File
However, a quick note on the OpenVPN ZIP File. If you extract the contents and open the “VPNConfig.opvn” file in a text editor, you can add your server IP (or NAS domain name with SSL), port number and also any internal DNS servers that you may need to access internal resources.
The OpenVPN Server on Synology will provide an IP address and local access to your network but it does not pass your network’s DNS servers automatically so you’ll want to add them to the .opvn config file and import that into your client setup. This way your client will have the DNS servers already and named requests will go through.
Once you have your OpenVPN Server configured and your OpenVPN client set up, you’re good to go! I hope you enjoyed this quick guide and if you’re interested in some other guides for the Synology NAS, check my Guides Category.