You are on page 1of 27

Synology DiskStation VPN Center Users Guide

Synology DiskStation VPN Center Users Guide

2011-06-03
2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

Synology Inc. 3F-3, No. 106, Chang-An W. Rd. Taipei 103, Taiwan Synology and the Synology logo are trademarks of Synology Inc., registered in the United States and other countries. Marvell is registered trademarks of Marvell Semiconductor, Inc. or its subsidiaries in the United States and other countries. Freescale is registered trademarks of Freescale Semiconductor, Inc. or its subsidiaries in the United States and other countries. Other products and company names mentioned herein are trademarks of their respective holders. Even though Synology has reviewed this document, SYNOLOGY MAKES NO WARRANTY OR REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. AS A RESULT, THIS DOCUMENT IS PROVIDED AS IS, AND YOU, THE READER, ARE ASSUMING THE ENTIRE RISK AS TO ITS QUALITY AND ACCURACY. IN NO EVENT WILL SYNOLOGY BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM ANY DEFECT OR 2

Synology Inc. 2011 Synology Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, mechanical, electronic, photocopying, recording, or otherwise, without prior written permission of Synology Inc., with the following exceptions: Any person is hereby authorized to store documentation on a single computer for personal use only and to print copies of documentation for personal use provided that the documentation contains Synologys copyright notice. The Synology logo is a trademark of Synology Inc. No licenses, express or implied, are granted with respect to any of the technology described in this document. Synology retains all intellectual property rights associated with the technology described in this document. This document is intended to assist application developers to develop applications only for Synology-labeled computers. Every effort has been made to ensure that the information in this document is accurate. Synology is not responsible for typographical errors.

INACCURACY IN THIS DOCUMENT, even if advised of the possibility of such damages. THE WARRANTY AND REMEDIES SET FORTH ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN, EXPRESS OR IMPLIED. No Synology dealer, agent, or employee is authorized to make any modification, extension, or addition to this warranty. Some states do not allow the exclusion or limitation of implied warranties or liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights, and you may also have other rights which vary from state to state.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

Table of Contents
Introduction ................................................................................................................................ 4

What is VPN? .................................................................................................................... 4 Synology VPN Center ........................................................................................................ 4


Before You Start......................................................................................................................... 4 Install and Run VPN Center ...................................................................................................... 4

Install and Run VPN Center............................................................................................... 4


Manage VPN Service ................................................................................................................ 6 Set up VPN Servers in VPN Center .......................................................................................... 8

Set up PPTP Server ............................................................................................................ 8 Set up OpenVPN Server .................................................................................................... 9


Set up PPTP VPN Connection ................................................................................................. 11

On Windows ................................................................................................................... 11 On Mac............................................................................................................................ 16


Set up OpenVPN Connection .................................................................................................. 20

On Windows ................................................................................................................... 20 On Mac............................................................................................................................ 21


Client's Gateway and Routing Settings for VPN Connection .................................................. 24

On Windows ................................................................................................................... 24 On Mac............................................................................................................................ 26


Learn More .............................................................................................................................. 27

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

Introduction
To establish a long distance and secured connection, businesses or some individuals are used to build dedicated private networking system with owned or leased lines and dialup network. But with the need for expanding networking capabilities growing, the cost of this physical networking system and their technical support will increase exponentially. When considering the cost-efficiency and the long-term maintenances, VPN is a smart and increasingly attractive solution.

What is VPN?
A VPN, or virtual private network, is a solution to meet the need to securely access resources on your private network from the Internet. With encryption and other security mechanisms, VPN technology allows business members to easily access the central network of the company and leveraging the resources in it just as in LAN. Individuals can also access resources on their home LAN when being far away from home. Though, VPN is not easy to set up for general users. The cost of a VPN server may also intimidate some of them.

Synology VPN Center


Now with Synology VPN Center, VPN technology becomes more available than ever. Synology VPN Center is an add-on package that enables your DiskStation to become a VPN server, allowing DSM users over the Internet to access resources shared within DiskStation's local area network. The user-friendly interface and setup procedures make it easy to build your own VPN server. Integrating the most commonly used protocols of VPN service --- PPTP and OpenVPN, Synology VPN Center is the best tool for you to establish a VPN server and manage all the VPN connections. This Guide describes how to build your own VPN service with Synology VPN Center, and also gives instructions to establish a connection to VPN Center as a client on different platforms.

Before You Start


Before installing the VPN Center package on your DiskStation, please make sure the following:

Your Internet connection is normal. The volume of your DiskStation is normal. The DiskStation Manager (DSM) of your DiskStation is the latest version. To set up VPN Center, you must be admin or a user belonging to the administrators group of this DiskStation.

Install and Run VPN Center


Install and Run VPN Center
1 After downloading the package, log in to DSM with the credentials of admin or a user belonging to the administrators group.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

2 Go to Main Menu > Package Management.

3 Click Install and select the VPN Center package which you have downloaded to install it on DiskStation.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

4 After installing the package, select it on the UI and click Run to enable the service.

Manage VPN Service


1 Go to Main Menu > VPN Center to launch the application.

2 You will see Status page first as below. Under Management section in the left pane of VPN Center, you will see 4 items for you to manage DiskStations VPN service, they are: Status, Connection List, Log, and General Settings. The details are described as follows.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

Status: There are 3 sections on the Status page.


The Package Info: Indicates the version of the VPN Center package The PPTP and OpenVPN info boxes: Includes Status (whether the server is enabled), Client IP range (the range of dynamic IP set in PPTP settings), and Current connection (the network interface you choose in General Settings)

Connection List: The list of concurrent clients that are connecting to VPN Center. You can log out a connecting client by selecting him in the list and clicking Disconnect. You can also refresh the list by clicking Refresh.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

Log: The records of every activity of VPN Center. You can Clear, Export, or Refresh the log.

General Settings: Choose the Network interface for VPN connection from the drop-down list if you have multiple connection interfaces on the DiskStation. The default interface will be LAN1, or the first available LAN port.

Set up VPN Servers in VPN Center


VPN Center provides 2 types of VPN services: PPTP and OpenVPN. These are the VPN solutions most commonly used on different platforms.

Set up PPTP Server


PPTP (Point-to-Point Tunneling Protocol) is a commonly used VPN solution supported by most clients (including Windows, Mac, Linux, and mobile devices). For more information about PPTP, refer to here. To enable PPTP VPN server: 1 Log in to DSM with the credentials of admin or a user belonging to the administrators group. 2 Go to Main Menu > VPN Center.
2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

3 Click PPTP under the Settings section in the left pane. 4 Tick Enable PPTP VPN server.

5 Specify a virtual IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information. 6 Set Maximum connection number to limit the number of concurrent VPN connections. 7 Choose either of the following from the Authentication drop-down menu to authenticate VPN clients:

PAP: VPN clients' password will not be encrypted during authentication. MS-CHAP v2: VPN clients' password will be encrypted during authentication using Microsoft CHAP version 2.

8 If you use MS-CHAP v2 for authentication, choose any of the following from the Encryption drop-down menu to encrypt VPN connection:

None: VPN connection will not be protected with encrypting mechanism. Require MPPE (40/128 bit): VPN connection will be protected with 40-bit or 128-bit encrypting mechanism, depending on the client's setting. Maximum MPPE (128 bit): VPN connection will be protected with 128-bit encrypting mechanism, which provides the highest level of security.
Note: The authentication and encryption types of VPN clients must be identical to the settings specified in VPN Center.

9 Click OK.

Set up OpenVPN Server


OpenVPN is an open source solution for implementing VPN service. It protects VPNs connection with the SSL/TLS encrypting mechanism. For more information about OpenVPN, visit here. To enable OpenVPN VPN server: 1 Log in to DSM with the credentials of admin or a user belonging to the administrators group. 2 Go to Main Menu > VPN Center.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

Synology DiskStation VPN Center Users Guide

3 Click OpenVPN under the Settings section in the left pane. 4 Tick Enable OpenVPN server.

5 Specify a virtual internal IP address of VPN server in the Dynamic IP address fields. Refer to About Dynamic IP Address below for more information. 6 Set Maximum connection number to limit the number of concurrent VPN connections. 7 Tick Enable compression on the VPN link if you want to compress data during transfer. 8 Click OK. To export configuration file: OpenVPN requires VPN server to issue an authentication certificate to the clients. To export the configuration file, click Export Configuration in the right pane of OpenVPN page. The exported file is a zip file that contains 3 items: ca.crt: Certificate file for VPN server openvpn.ovpn: Configuration file for the client README.txt: Simple instruction on how to set up OpenVPN connection for the client

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

10

Synology DiskStation VPN Center Users Guide

About Dynamic IP Address Depending on the number you entered in Dynamic IP address, VPN Center will choose from a range of virtual IP addresses while assigning IP addresses to VPN clients. For example, if the dynamic IP address of VPN server is set as "10.0.0.0", a VPN client's virtual IP address could range from "10.0.0.1" to "10.0.0.255". Before specifying the dynamic IP address of VPN server, please note that Dynamic IP addresses allowed for VPN server should be any of the following: From "10.0.0.0" to "10.255.255.0" From "172.16.0.0" to "172.31.255.0"

From "192.168.0.0" to "192.168.255.0" The specified dynamic IP address of VPN server and the assigned virtual IP addresses for VPN clients should not conflict with any IP addresses currently used within your local area network.

Set up PPTP VPN Connection


In this section, we will show you how to set up PPTP VPN connection on Windows and Mac systems. For VPN connection settings on Linux system, please refer to Internet resources.

On Windows
PPTP is the built-in VPN protocol on Windows from Windows Vista. You dont have to install any extra application. To set up PPTP VPN connection on Windows 7, follow the steps below: 1 On Windows 7, go to Control Panel > Network and Internet > Network and Sharing Center. Click Set up a new connection or network.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

11

Synology DiskStation VPN Center Users Guide

2 In the next window, select Connect to a workplace and click Next.

3 In the next window, select Use my Internet connection (VPN).

4 Type in the IP address of your DiskStation in the Internet address field and then assign a name for this VPN connection in Destination name field.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

12

Synology DiskStation VPN Center Users Guide

5 Enter the DSM user credentials and click Connect to connect to the VPN Center.

6 You can start to access the resource in the LAN of the DiskStation once the connection is established.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

13

Synology DiskStation VPN Center Users Guide

7 You can right-click on the connected VPN connection and then click Disconnect to disconnect the connection.

8 If you are not able to connect to the VPN Center. Check out the settings in VPN Connection Properties by right-clicking the VPN Connection and select Properties. In VPN Connection Properties dialog, select the Security tab. Check if your Type of VPN and Data encryption settings are identical as the image below.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

14

Synology DiskStation VPN Center Users Guide

9 Check the Authentication. Make sure you select Allow these protocols and the protocols below are ticked following the PPTP VPN settings in VPN Center.

10 Switch to Networking tab and make sure Internet Protocol Version 4 (TCP/IP) and Client for Microsoft Networks are both checked.

11

The connection is now ready to use.


Note: If you cannot access the Internet when connecting to VPN Center, refer to Client's Gateway and Routing Settings for VPN Connection in this document for troubleshooting.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

15

Synology DiskStation VPN Center Users Guide

On Mac
PPTP is the built-in VPN protocol on Mac. You dont have to install any extra application. To set up PPTP VPN connection on Mac, follow the steps below: 1 In Apple menu, click System Preferences.

2 In System Preferences, click Network.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

16

Synology DiskStation VPN Center Users Guide

3 In the Network dialog, click the + icon at the bottom-left corner to create a new connection.

4 Select VPN for Interface, PPTP for VPN Type. And then assign a Service Name for this connection.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

17

Synology DiskStation VPN Center Users Guide

5 Enter the IP address of your DiskStation in the Server Address field. And then enter a valid DSM user name into the Account Name field.

6 Select the Encryption type for the VPN connection. It must be identical with the PPTP Encryption settings in VPN Center. 7 Click Authentication Settings and enter the users password for the connection. Click OK to continue.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

18

Synology DiskStation VPN Center Users Guide

8 Click Connect to establish the VPN connection to VPN Center. After the connection is established, you can click Disconnect to disconnect the connection.

Note: If you want to access the Internet through VPN Center on Mac, refer to Client's Gateway and Routing Settings for VPN Connection in this document.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

19

Synology DiskStation VPN Center Users Guide

Set up OpenVPN Connection


In this section, we will show you how to set up OpenVPN connection on Windows and Mac systems. For VPN connection settings on Linux system, please refer to Internet resources.

On Windows
OpenVPN is an open source type of VPN solution. You need to download the application before setting up the connection. You can go to OpenVPNs official site for the download.

To set up OpenVPN connection on Windows 7, follow the steps below: 1 Once you have finished installing the OpenVPN on Windows, you will see the OpenVPN GUI show in the start menu. Click the program icon and launch it as administrator.

2 Unzip the configuration zip file exported by VPN Center. There should be 3 files in the zip: ca.crt:, openvpn.ovpn, and README.txt.
2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

20

Synology DiskStation VPN Center Users Guide

3 Open openvpn.ovpn with a text editor and replace YOUR_SERVER_IP with the public IP of your DiskStation. If your DiskStation is behind a router, replace YOUR_SERVER_IP with the router's IP. 4 Put ca.crt and openvpn.ovpn into the config subdirectory under OpenVPN directory (ie. C:\Program Files\OpenVPN\config\). 5 Double click the OpenVPN GUI icon in the system tray.

6 Connect to the VPN Center with DSM user credentials.

7 Once the connection is established, you can click Disconnect to disconnect the connection and Reconnect if the connection is interrupted.

On Mac
To set up OpenVPN connection on Mac, follow the steps below: 1 Download the OpenVPN client for Mac from here and install it on your Mac. The OpenVPN client on Mac is called Tunnelblick. 2 Once you have finished installing Tunnelblick, launch it as administrator.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

21

Synology DiskStation VPN Center Users Guide

3 You will see the welcome page of Tunnelblick asking if you have configuration files for VPN connection. Click I have configuration files since VPN Center can export configuration files for clients.

4 Select the type of your configuration files. Since the configuration files exported by VPN Center are OpenVPN Configurations, select OpenVPN Configuration(s) here.

5 In this step, you need to create VPN configuration files. Since we already have the files exported by VPN Center, we will choose Open Private Configurations Folder here and we will be brought to the folder.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

22

Synology DiskStation VPN Center Users Guide

6 Edit openvpn.ovpn and replace YOUR_SERVER_IP with public IP of your DiskStation. If your DiskStation is behind a router, replace YOUR_SERVER_IP with the router's IP.

7 Put ca.crt and openvpn.ovpn into the configurations folder opened in step 5. And click Done in the window below.

8 After finished configuring the connection, you will see the icon of Tunnelblick at the top-right corner. Click the icon and then click Connection openvpn to establish the connection.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

23

Synology DiskStation VPN Center Users Guide

9 Click Details to see the connection status. Here you can disconnection the connection by clicking Disconnect.

Client's Gateway and Routing Settings for VPN Connection


On Windows
When a VPN connection is active on Windows, the system will take the connection as the default gateway for all the outgoing connection. Therefore, your request to connect to the Internet will also go through the VPN connection, which mean it will firstly connect to the VPN Center and then to the Internet. This is for securing the connection from VPN server to the Internet but the connection speed would be very slow, or the connection might totally fail. If you want to stay connected to the Internet through the local gateway, do the following steps: 1 Click the Network icon at the bottom-right corner on Windows. You will see the VPN connection that youve established by following the previous steps.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

24

Synology DiskStation VPN Center Users Guide

2 Right-click VPN Connection and click Properties. 3 In the VPN Connection Properties dialog, switch to the Networking tab. 4 Select Internet Protocol Version 4 (TCP/IPv4) from the using item list of this VPN connection. Click Properties.

5 Click Advanced in Internet Protocol Version 4 (TCP/IPv4) Properties dialog.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

25

Synology DiskStation VPN Center Users Guide

6 In Advance TCP/IP Settings dialog, switch to the IP Settings tab and uncheck the Use default gateway on remote network check box. And then click OK to save the settings. Both your VPN connection and Internet connections should be active after applying the settings if the Internet connection is available for you.

On Mac
When a VPN connection is established on Mac, the system will not take VPN connection as the default routing for connecting to the Internet. But on the other hand, if you want to connect to the Internet through the VPN server, you have to change the following setting: To changing the routing configuration on Mac, follow the steps below: 1 On Mac, run Terminal then execute the command below: > ifconfig a

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

26

Synology DiskStation VPN Center Users Guide

2 You will see a screen as below:

Here you will see your VPN (PPP) IP and gateway. But the gateway is only for connecting to VPN server and not for connecting to the Internet. If you want to connect to the Internet through the VPN connection, change the gateway by executing the following commands: > sudo route add -net 192.168.X.X/16 10.10.0.50 or > sudo route add -net 192.168.X.X/16 10.10.0.1 Replace 192.168.X.X by the internal IP of your DiskStation and 10.10.0.50/10.10.0.1 by your own PPP IP/gateway and you can connect to the Internet through the private network of the DiskStation.

Learn More
Congratulations! Your VPN Center is set up now. For more information or online resources about your DiskStation, please visit www.synology.com.

2011-06-203| Copyright 2011 Synology Inc. All Rights Reserved.

27

You might also like