Professional Documents
Culture Documents
2011-06-03
2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.
Synology Inc. 3F-3, No. 106, Chang-An W. Rd. Taipei 103, Taiwan Synology and the Synology logo are trademarks of Synology Inc., registered in the United States and other countries. Marvell is registered trademarks of Marvell Semiconductor, Inc. or its subsidiaries in the United States and other countries. Freescale is registered trademarks of Freescale Semiconductor, Inc. or its subsidiaries in the United States and other countries. Other products and company names mentioned herein are trademarks of their respective holders. Even though Synology has reviewed this document, SYNOLOGY MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. AS A RESULT, THIS DOCUMENT IS PROVIDED AS IS, AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL SYNOLOGY BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR 2
Synology Inc. 2011 Synology Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Synology Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Synologys copyright notice. The Synology logo is a trademark of Synology Inc. No licenses, express or implied, are granted with respect to any of the technology described in this document. Synology retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Synology-labeled computers. Every effort has been made to ensure that the information in this document is accurate. Synology is not responsible for typographical errors.
INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Synology dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state.
Table of Contents
Introduction ................................................................................................................................ 4
Introduction
To establish a long distance and secured connection, businesses or some individuals are used to build dedicated private networking system with owned or leased lines and dialup network. But with the need for expanding networking capabilities growing, the cost of this physical networking system and their technical support will increase exponentially. When considering the cost-efficiency and the long-term maintenances, VPN is a smart and increasingly attractive solution.
What is VPN?
A VPN, or virtual private network, is a solution to meet the need to securely access resources on your private network from the Internet. With encryption and other security mechanisms, VPN technology allows business members to easily access the central network of the company and leveraging the resources in it just as in LAN. Individuals can also access resources on their home LAN when being far away from home. Though, VPN is not easy to set up for general users. The cost of a VPN server may also intimidate some of them.
Your Internet connection is normal. The volume of your DiskStation is normal. The DiskStation Manager (DSM) of your DiskStation is the latest version. To set up VPN Center, you must be admin or a user belonging to the administrators group of this DiskStation.
3 Click Install and select the VPN Center package which you have downloaded to install it on DiskStation.
4 After installing the package, select it on the UI and click Run to enable the service.
2 You will see Status page first as below. Under Management section in the left pane of VPN Center, you will see 4 items for you to manage DiskStations VPN service, they are: Status, Connection List, Log, and General Settings. The details are described as follows.
The Package Info: Indicates the version of the VPN Center package The PPTP and OpenVPN info boxes: Includes Status (whether the server is enabled), Client IP range (the range of dynamic IP set in PPTP settings), and Current connection (the network interface you choose in General Settings)
Connection List: The list of concurrent clients that are connecting to VPN Center. You can log out a connecting client by selecting him in the list and clicking Disconnect. You can also refresh the list by clicking Refresh.
Log: The records of every activity of VPN Center. You can Clear, Export, or Refresh the log.
General Settings: Choose the Network interface for VPN connection from the drop-down list if you have multiple connection interfaces on the DiskStation. The default interface will be LAN1, or the first available LAN port.
3 Click PPTP under the Settings section in the left pane. 4 Tick Enable PPTP VPN server.
5 Specify a virtual IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information. 6 Set Maximum connection number to limit the number of concurrent VPN connections. 7 Choose either of the following from the Authentication drop-down menu to authenticate VPN clients:
PAP: VPN clients' password will not be encrypted during authentication. MS-CHAP v2: VPN clients' password will be encrypted during authentication using Microsoft CHAP version 2.
8 If you use MS-CHAP v2 for authentication, choose any of the following from the Encryption drop-down menu to encrypt VPN connection:
None: VPN connection will not be protected with encrypting mechanism. Require MPPE (40/128 bit): VPN connection will be protected with 40-bit or 128-bit encrypting mechanism, depending on the client's setting. Maximum MPPE (128 bit): VPN connection will be protected with 128-bit encrypting mechanism, which provides the highest level of security.
Note: The authentication and encryption types of VPN clients must be identical to the settings specified in VPN Center.
9 Click OK.
3 Click OpenVPN under the Settings section in the left pane. 4 Tick Enable OpenVPN server.
5 Specify a virtual internal IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information. 6 Set Maximum connection number to limit the number of concurrent VPN connections. 7 Tick Enable compression on the VPN link if you want to compress data during transfer. 8 Click OK. To export configuration file: OpenVPN requires VPN server to issue an authentication certificate to the clients. To export the configuration file, click Export Configuration in the right pane of OpenVPN page. The exported file is a zip file that contains 3 items: ca.crt: Certificate file for VPN server openvpn.ovpn: Configuration file for the client README.txt: Simple instruction on how to set up OpenVPN connection for the client
10
About Dynamic IP Address Depending on the number you entered in Dynamic IP address, VPN Center will choose from a range of virtual IP addresses while assigning IP addresses to VPN clients. For example, if the dynamic IP address of VPN server is set as "10.0.0.0", a VPN client's virtual IP address could range from "10.0.0.1" to "10.0.0.255". Before specifying the dynamic IP address of VPN server, please note that Dynamic IP addresses allowed for VPN server should be any of the following: From "10.0.0.0" to "10.255.255.0" From "172.16.0.0" to "172.31.255.0"
From "192.168.0.0" to "192.168.255.0" The specified dynamic IP address of VPN server and the assigned virtual IP addresses for VPN clients should not conflict with any IP addresses currently used within your local area network.
On Windows
PPTP is the built-in VPN protocol on Windows from Windows Vista. You dont have to install any extra application. To set up PPTP VPN connection on Windows 7, follow the steps below: 1 On Windows 7, go to Control Panel > Network and Internet > Network and Sharing Center. Click Set up a new connection or network.
11
4 Type in the IP address of your DiskStation in the Internet address field and then assign a name for this VPN connection in Destination name field.
12
5 Enter the DSM user credentials and click Connect to connect to the VPN Center.
6 You can start to access the resource in the LAN of the DiskStation once the connection is established.
13
7 You can right-click on the connected VPN connection and then click Disconnect to disconnect the connection.
8 If you are not able to connect to the VPN Center. Check out the settings in VPN Connection Properties by right-clicking the VPN Connection and select Properties. In VPN Connection Properties dialog, select the Security tab. Check if your Type of VPN and Data encryption settings are identical as the image below.
14
9 Check the Authentication. Make sure you select Allow these protocols and the protocols below are ticked following the PPTP VPN settings in VPN Center.
10 Switch to Networking tab and make sure Internet Protocol Version 4 (TCP/IP) and Client for Microsoft Networks are both checked.
11
15
On Mac
PPTP is the built-in VPN protocol on Mac. You dont have to install any extra application. To set up PPTP VPN connection on Mac, follow the steps below: 1 In Apple menu, click System Preferences.
16
3 In the Network dialog, click the + icon at the bottom-left corner to create a new connection.
4 Select VPN for Interface, PPTP for VPN Type. And then assign a Service Name for this connection.
17
5 Enter the IP address of your DiskStation in the Server Address field. And then enter a valid DSM user name into the Account Name field.
6 Select the Encryption type for the VPN connection. It must be identical with the PPTP Encryption settings in VPN Center. 7 Click Authentication Settings and enter the users password for the connection. Click OK to continue.
18
8 Click Connect to establish the VPN connection to VPN Center. After the connection is established, you can click Disconnect to disconnect the connection.
Note: If you want to access the Internet through VPN Center on Mac, refer to Client's Gateway and Routing Settings for VPN Connection in this document.
19
On Windows
OpenVPN is an open source type of VPN solution. You need to download the application before setting up the connection. You can go to OpenVPNs official site for the download.
To set up OpenVPN connection on Windows 7, follow the steps below: 1 Once you have finished installing the OpenVPN on Windows, you will see the OpenVPN GUI show in the start menu. Click the program icon and launch it as administrator.
2 Unzip the configuration zip file exported by VPN Center. There should be 3 files in the zip: ca.crt:, openvpn.ovpn, and README.txt.
2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.
20
3 Open openvpn.ovpn with a text editor and replace YOUR_SERVER_IP with the public IP of your DiskStation. If your DiskStation is behind a router, replace YOUR_SERVER_IP with the router's IP. 4 Put ca.crt and openvpn.ovpn into the config subdirectory under OpenVPN directory (ie. C:\Program Files\OpenVPN\config\). 5 Double click the OpenVPN GUI icon in the system tray.
7 Once the connection is established, you can click Disconnect to disconnect the connection and Reconnect if the connection is interrupted.
On Mac
To set up OpenVPN connection on Mac, follow the steps below: 1 Download the OpenVPN client for Mac from here and install it on your Mac. The OpenVPN client on Mac is called Tunnelblick. 2 Once you have finished installing Tunnelblick, launch it as administrator.
21
3 You will see the welcome page of Tunnelblick asking if you have configuration files for VPN connection. Click I have configuration files since VPN Center can export configuration files for clients.
4 Select the type of your configuration files. Since the configuration files exported by VPN Center are OpenVPN Configurations, select OpenVPN Configuration(s) here.
5 In this step, you need to create VPN configuration files. Since we already have the files exported by VPN Center, we will choose Open Private Configurations Folder here and we will be brought to the folder.
22
6 Edit openvpn.ovpn and replace YOUR_SERVER_IP with public IP of your DiskStation. If your DiskStation is behind a router, replace YOUR_SERVER_IP with the router's IP.
7 Put ca.crt and openvpn.ovpn into the configurations folder opened in step 5. And click Done in the window below.
8 After finished configuring the connection, you will see the icon of Tunnelblick at the top-right corner. Click the icon and then click Connection openvpn to establish the connection.
23
9 Click Details to see the connection status. Here you can disconnection the connection by clicking Disconnect.
24
2 Right-click VPN Connection and click Properties. 3 In the VPN Connection Properties dialog, switch to the Networking tab. 4 Select Internet Protocol Version 4 (TCP/IPv4) from the using item list of this VPN connection. Click Properties.
25
6 In Advance TCP/IP Settings dialog, switch to the IP Settings tab and uncheck the Use default gateway on remote network check box. And then click OK to save the settings. Both your VPN connection and Internet connections should be active after applying the settings if the Internet connection is available for you.
On Mac
When a VPN connection is established on Mac, the system will not take VPN connection as the default routing for connecting to the Internet. But on the other hand, if you want to connect to the Internet through the VPN server, you have to change the following setting: To changing the routing configuration on Mac, follow the steps below: 1 On Mac, run Terminal then execute the command below: > ifconfig a
26
Here you will see your VPN (PPP) IP and gateway. But the gateway is only for connecting to VPN server and not for connecting to the Internet. If you want to connect to the Internet through the VPN connection, change the gateway by executing the following commands: > sudo route add -net 192.168.X.X/16 10.10.0.50 or > sudo route add -net 192.168.X.X/16 10.10.0.1 Replace 192.168.X.X by the internal IP of your DiskStation and 10.10.0.50/10.10.0.1 by your own PPP IP/gateway and you can connect to the Internet through the private network of the DiskStation.
Learn More
Congratulations! Your VPN Center is set up now. For more information or online resources about your DiskStation, please visit www.synology.com.
27