Synology DiskStation VPN Center User's Guide

blueberrystoreSecurity

Dec 9, 2013 (3 years and 6 months ago)

152 views

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
1





Synology DiskStation
VPN Center User’s Guide














2011-06-03
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
2


Synology Inc.
® 2011 Synology Inc.
All rights reserved.
No part of this publication
may be reproduced, stored
in a retrieval system, or
transmitted, in any form or
by any means, mechanical,
electronic, photocopying,
recording, or otherwise,
without prior written
permission of Synology Inc.,
with the following
exceptions: Any person is
hereby authorized to store
documentation on a single
computer for personal use
only and to print copies of
documentation for personal
use provided that the
documentation contains
Synology’s copyright notice.
The Synology logo is a
trademark of Synology Inc.
No licenses, express or
implied, are granted with
respect to any of the
technology described in this
document. Synology retains
all intellectual property
rights associated with the
technology described in this
document. This document is
intended to assist
application developers to
develop applications only
for Synology-labeled
computers.
Every effort has been made
to ensure that the
information in this document
is accurate. Synology is not
responsible for
typographical errors.
Synology Inc.
3F-3, No. 106, Chang-An W.
Rd. Taipei 103, Taiwan
Synology and the Synology
logo are trademarks of
Synology Inc., registered in
the United States and other
countries.
Marvell is registered
trademarks of Marvell
Semiconductor, Inc. or its
subsidiaries in the United
States and other countries.
Freescale is registered
trademarks of Freescale
Semiconductor, Inc. or its
subsidiaries in the United
States and other countries.
Other products and
company names mentioned
herein are trademarks of
their respective holders.
Even though Synology has
reviewed this document,
SYNOLOGY MAKES NO
WARRANTY OR
REPRESENTATION,
EITHER EXPRESS OR
IMPLIED, WITH RESPECT
TO THIS DOCUMENT, ITS
QUALITY, ACCURACY,
MERCHANTABILITY, OR
FITNESS FOR A
PARTICULAR PURPOSE.
AS A RESULT, THIS
DOCUMENT IS
PROVIDED “AS IS,” AND
YOU, THE READER, ARE
ASSUMING THE ENTIRE
RISK AS TO ITS QUALITY
AND ACCURACY. IN NO
EVENT WILL SYNOLOGY
BE LIABLE FOR DIRECT,
INDIRECT, SPECIAL,
INCIDENTAL, OR
CONSEQUENTIAL
DAMAGES RESULTING
FROM ANY DEFECT OR
INACCURACY IN THIS
DOCUMENT, even if
advised of the possibility of
such damages.
THE WARRANTY AND
REMEDIES SET FORTH
ABOVE ARE EXCLUSIVE
AND IN LIEU OF ALL
OTHERS, ORAL OR
WRITTEN, EXPRESS OR
IMPLIED. No Synology
dealer, agent, or employee
is authorized to make any
modification, extension, or
addition to this warranty.
Some states do not allow
the exclusion or limitation of
implied warranties or liability
for incidental or
consequential damages, so
the above limitation or
exclusion may not apply to
you. This warranty gives
you specific legal rights,
and you may also have
other rights which vary from
state to state.
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
3

Table of Contents
Introduction ................................................................................................................................ 4

What is VPN? .................................................................................................................... 4

Synology VPN Center ........................................................................................................ 4

Before You Start......................................................................................................................... 4

Install and Run VPN Center ...................................................................................................... 4

Install and Run VPN Center ............................................................................................... 4

Manage VPN Service ................................................................................................................ 6

Set up VPN Servers in VPN Center .......................................................................................... 8

Set up PPTP Server ............................................................................................................ 8

Set up OpenVPN Server .................................................................................................... 9

Set up PPTP VPN Connection ................................................................................................. 11

On Windows ................................................................................................................... 11

On Mac ............................................................................................................................ 16

Set up OpenVPN Connection .................................................................................................. 20

On Windows ................................................................................................................... 20

On Mac ............................................................................................................................ 21

Client's Gateway and Routing Settings for VPN Connection .................................................. 24

On Windows ................................................................................................................... 24

On Mac ............................................................................................................................ 26

Learn More .............................................................................................................................. 27



Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
4

Introduction
To establish a long distance and secured connection, businesses or some individuals are used to build
dedicated private networking system with owned or leased lines and dialup network. But with the need for
expanding networking capabilities growing, the cost of this physical networking system and their
technical support will increase exponentially. When considering the cost-efficiency and the long-term
maintenances, VPN is a smart and increasingly attractive solution.
What is VPN?
A VPN, or virtual private network, is a solution to meet the need to securely access resources on your
private network from the Internet. With encryption and other security mechanisms, VPN technology
allows business members to easily access the central network of the company and leveraging the
resources in it just as in LAN. Individuals can also access resources on their home LAN when being far
away from home. Though, VPN is not easy to set up for general users. The cost of a VPN server may
also intimidate some of them.
Synology VPN Center
Now with Synology VPN Center, VPN technology becomes more available than ever. Synology VPN
Center is an add-on package that enables your DiskStation to become a VPN server, allowing DSM
users over the Internet to access resources shared within DiskStation's local area network. The
user-friendly interface and setup procedures make it easy to build your own VPN server. Integrating the
most commonly used protocols of VPN service --- PPTP and OpenVPN, Synology VPN Center is the
best tool for you to establish a VPN server and manage all the VPN connections.
This Guide describes how to build your own VPN service with Synology VPN Center, and also gives
instructions to establish a connection to VPN Center as a client on different platforms.
Before You Start
Before installing the VPN Center package on your DiskStation, please make sure the following:

Your Internet connection is normal.

The volume of your DiskStation is normal.

The DiskStation Manager (DSM) of your DiskStation is the latest version.

To set up VPN Center, you must be admin or a user belonging to the administrators group of
this DiskStation.
Install and Run VPN Center
Install and Run VPN Center
1 After downloading the package, log in to DSM with the credentials of admin or a user belonging to
the administrators group.
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
5

2 Go to Main Menu > Package Management.

3 Click Install and select the VPN Center package which you have downloaded to install it on
DiskStation.


Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
6

4 After installing the package, select it on the UI and click Run to enable the service.

Manage VPN Service
1 Go to Main Menu > VPN Center to launch the application.

2 You will see Status page first as below. Under Management section in the left pane of VPN Center,
you will see 4 items for you to manage DiskStation’s VPN service, they are: Status, Connection List,
Log, and General Settings. The details are described as follows.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
7

 Status: There are 3 sections on the Status page.

The Package Info: Indicates the version of the VPN Center package

The PPTP and OpenVPN info boxes: Includes Status (whether the server is enabled), Client IP
range (the range of dynamic IP set in PPTP settings), and Current connection (the network
interface you choose in General Settings)

 Connection List: The list of concurrent clients that are connecting to VPN Center. You can log out a
connecting client by selecting him in the list and clicking Disconnect. You can also refresh the list by
clicking Refresh.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
8

 Log: The records of every activity of VPN Center. You can Clear, Export, or Refresh the log.

 General Settings: Choose the Network interface for VPN connection from the drop-down list if you
have multiple connection interfaces on the DiskStation. The default interface will be LAN1, or the first
available LAN port.

Set up VPN Servers in VPN Center
VPN Center provides 2 types of VPN services: PPTP and OpenVPN. These are the VPN solutions most
commonly used on different platforms.
Set up PPTP Server
PPTP (Point-to-Point Tunneling Protocol) is a commonly used VPN solution supported by most clients
(including Windows, Mac, Linux, and mobile devices). For more information about PPTP, refer to
here
.
To enable PPTP VPN server:
1 Log in to DSM with the credentials of admin or a user belonging to the administrators group.
2 Go to Main Menu > VPN Center.
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
9

3 Click PPTP under the Settings section in the left pane.
4 Tick Enable PPTP VPN server.

5 Specify a virtual IP address of VPN server in the Dynamic IP address fields. Refer to About
Dynamic IP Address below for more information.
6 Set Maximum connection number to limit the number of concurrent VPN connections.
7 Choose either of the following from the Authentication drop-down menu to authenticate VPN clients:

PAP: VPN clients' password will not be encrypted during authentication.

MS-CHAP v2: VPN clients' password will be encrypted during authentication using Microsoft CHAP
version 2.
8 If you use MS-CHAP v2 for authentication, choose any of the following from
the Encryption drop-down menu to encrypt VPN connection:

None: VPN connection will not be protected with encrypting mechanism.

Require MPPE (40/128 bit): VPN connection will be protected with 40-bit or 128-bit encrypting
mechanism, depending on the client's setting.

Maximum MPPE (128 bit): VPN connection will be protected with 128-bit encrypting mechanism,
which provides the highest level of security.
9 Click OK.
Note: The authentication and encryption types of VPN clients must be identical to the settings specified in
VPN Center.
Set up OpenVPN Server
OpenVPN is an open source solution for implementing VPN service. It protects VPN’s connection with
the SSL/TLS encrypting mechanism. For more information about OpenVPN, visit
here
.
To enable OpenVPN VPN server:
1 Log in to DSM with the credentials of admin or a user belonging to the administrators group.
2 Go to Main Menu > VPN Center.
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
10

3 Click OpenVPN under the Settings section in the left pane.
4 Tick Enable OpenVPN server.

5 Specify a virtual internal IP address of VPN server in the Dynamic IP address fields. Refer to About
Dynamic IP Address below for more information.
6 Set Maximum connection number to limit the number of concurrent VPN connections.
7 Tick Enable compression on the VPN link if you want to compress data during transfer.
8 Click OK.
To export configuration file:
OpenVPN requires VPN server to issue an authentication certificate to the clients. To export the
configuration file, click Export Configuration in the right pane of OpenVPN page.
The exported file is a zip file that contains 3 items:
 ca.crt: Certificate file for VPN server
 openvpn.ovpn: Configuration file for the client
 README.txt: Simple instruction on how to set up OpenVPN connection for the client

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
11

About Dynamic IP Address
Depending on the number you entered in Dynamic IP address, VPN Center will choose from a range of
virtual IP addresses while assigning IP addresses to VPN clients. For example, if the dynamic IP address
of VPN server is set as "10.0.0.0", a VPN client's virtual IP address could range from "10.0.0.1" to
"10.0.0.255".
Before specifying the dynamic IP address of VPN server, please note that Dynamic IP addresses allowed
for VPN server should be any of the following:
 From "10.0.0.0" to "10.255.255.0"
 From "172.16.0.0" to "172.31.255.0"
 From "192.168.0.0" to "192.168.255.0"
The specified dynamic IP address of VPN server and the assigned virtual IP addresses for VPN clients
should not conflict with any IP addresses currently used within your local area network.
Set up PPTP VPN Connection
In this section, we will show you how to set up PPTP VPN connection on Windows and Mac systems. For
VPN connection settings on Linux system, please refer to
Internet resources
.
On Windows
PPTP is the built-in VPN protocol on Windows from Windows Vista. You don’t have to install any extra
application. To set up PPTP VPN connection on Windows 7, follow the steps below:
1 On Windows 7, go to Control Panel > Network and Internet > Network and Sharing Center. Click
Set up a new connection or network.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
12

2 In the next window, select Connect to a workplace and click Next.

3 In the next window, select Use my Internet connection (VPN).

4 Type in the IP address of your DiskStation in the Internet address field and then assign a name for
this VPN connection in Destination name field.


Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
13

5 Enter the DSM user credentials and click Connect to connect to the VPN Center.

6 You can start to access the resource in the LAN of the DiskStation once the connection is established.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
14

7 You can right-click on the connected VPN connection and then click Disconnect to disconnect the
connection.

8 If you are not able to connect to the VPN Center. Check out the settings in VPN Connection
Properties by right-clicking the VPN Connection and select Properties. In VPN Connection
Properties dialog, select the Security tab. Check if your Type of VPN and Data encryption settings
are identical as the image below.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
15

9 Check the Authentication. Make sure you select Allow these protocols and the protocols below are
ticked following the PPTP VPN settings in VPN Center.

10 Switch to Networking tab and make sure Internet Protocol Version 4 (TCP/IP) and Client for
Microsoft Networks are both checked.

11 The connection is now ready to use.
Note: If you cannot access the Internet when connecting to VPN Center, refer to
Client's Gateway and
Routing Settings for VPN Connection
in this document for troubleshooting.
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
16

On Mac
PPTP is the built-in VPN protocol on Mac. You don’t have to install any extra application. To set up PPTP
VPN connection on Mac, follow the steps below:
1 In Apple menu, click System Preferences.

2 In System Preferences, click Network.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
17

3 In the Network dialog, click the “+” icon at the bottom-left corner to create a new connection.

4 Select VPN for Interface, PPTP for VPN Type. And then assign a Service Name for this connection.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
18

5 Enter the IP address of your DiskStation in the Server Address field. And then enter a valid DSM user
name into the Account Name field.

6 Select the Encryption type for the VPN connection. It must be identical with the PPTP Encryption
settings in VPN Center.
7 Click Authentication Settings and enter the user’s password for the connection. Click OK to
continue.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
19

8 Click Connect to establish the VPN connection to VPN Center. After the connection is established,
you can click Disconnect to disconnect the connection.

Note: If you want to access the Internet through VPN Center on Mac, refer to
Client's Gateway and
Routing Settings for VPN Connection
in this document.
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
20

Set up OpenVPN Connection
In this section, we will show you how to set up OpenVPN connection on Windows and Mac systems. For
VPN connection settings on Linux system, please refer to
Internet resources
.
On Windows
OpenVPN is an open source type of VPN solution. You need to download the application before setting
up the connection. You can go to
OpenVPN’s official site
for the download.

To set up OpenVPN connection on Windows 7, follow the steps below:
1 Once you have finished installing the OpenVPN on Windows, you will see the OpenVPN GUI show in
the start menu. Click the program icon and launch it as administrator.

2 Unzip the configuration zip file exported by VPN Center. There should be 3 files in the zip: ca.crt:,
openvpn.ovpn, and README.txt.
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
21

3 Open openvpn.ovpn with a text editor and replace YOUR_SERVER_IP with the public IP of your
DiskStation. If your DiskStation is behind a router, replace YOUR_SERVER_IP with the router's IP.
4 Put ca.crt and openvpn.ovpn into the config subdirectory under OpenVPN directory (ie. C:\Program
Files\OpenVPN\config\).
5 Double click the OpenVPN GUI icon in the system tray.

6 Connect to the VPN Center with DSM user credentials.

7 Once the connection is established, you can click Disconnect to disconnect the connection and
Reconnect if the connection is interrupted.
On Mac
To set up OpenVPN connection on Mac, follow the steps below:
1 Download the OpenVPN client for Mac from
here
and install it on your Mac. The OpenVPN client on
Mac is called Tunnelblick.
2 Once you have finished installing Tunnelblick, launch it as administrator.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
22

3 You will see the welcome page of Tunnelblick asking if you have configuration files for VPN connection.
Click I have configuration files since VPN Center can export configuration files for clients.

4 Select the type of your configuration files. Since the configuration files exported by VPN Center are
OpenVPN Configurations, select OpenVPN Configuration(s) here.

5 In this step, you need to “create” VPN configuration files. Since we already have the files exported by
VPN Center, we will choose Open Private Configurations Folder here and we will be brought to the
folder.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
23

6 Edit openvpn.ovpn and replace YOUR_SERVER_IP with public IP of your DiskStation. If your
DiskStation is behind a router, replace YOUR_SERVER_IP with the router's IP.

7 Put ca.crt and openvpn.ovpn into the configurations folder opened in step 5. And click Done in the
window below.

8 After finished configuring the connection, you will see the icon of Tunnelblick at the top-right corner.
Click the icon and then click Connection openvpn to establish the connection.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
24

9 Click Details to see the connection status. Here you can disconnection the connection by clicking
Disconnect.

Client's Gateway and Routing Settings for VPN Connection
On Windows
When a VPN connection is active on Windows, the system will take the connection as the default
gateway for all the outgoing connection. Therefore, your request to connect to the Internet will also go
through the VPN connection, which mean it will firstly connect to the VPN Center and then to the Internet.
This is for securing the connection from VPN server to the Internet but the connection speed would be
very slow, or the connection might totally fail.
If you want to stay connected to the Internet through the local gateway, do the following steps:
1 Click the Network icon at the bottom-right corner on Windows. You will see the VPN connection that
you’ve established by following the previous steps.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
25

2 Right-click VPN Connection and click Properties.
3 In the VPN Connection Properties dialog, switch to the Networking tab.
4 Select Internet Protocol Version 4 (TCP/IPv4) from the using item list of this VPN connection.
Click Properties.

5 Click Advanced in Internet Protocol Version 4 (TCP/IPv4) Properties dialog.

Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
26

6 In Advance TCP/IP Settings dialog, switch to the IP Settings tab and uncheck the Use default
gateway on remote network check box. And then click OK to save the settings. Both your VPN
connection and Internet connections should be active after applying the settings if the Internet
connection is available for you.

On Mac
When a VPN connection is established on Mac, the system will not take VPN connection as the default
routing for connecting to the Internet. But on the other hand, if you want to connect to the Internet through
the VPN server, you have to change the following setting:
To changing the routing configuration on Mac, follow the steps below:
1 On Mac, run Terminal then execute the command below:
> ifconfig –a
Synology DiskStation VPN Center User’s Guide
2011-06-203| Copyright ® 2011 Synology Inc. All Rights Reserved.
27

2 You will see a screen as below:

Here you will see your VPN (PPP) IP and gateway. But the gateway is only for connecting to VPN
server and not for connecting to the Internet. If you want to connect to the Internet through the VPN
connection, change the gateway by executing the following commands:
> sudo route add -net 192.168.X.X/16 10.10.0.50
or
> sudo route add -net 192.168.X.X/16 10.10.0.1
Replace
192.168.X.X
by the internal IP of your DiskStation and
10.10.0.50
/
10.10.0.1
Learn More
by your own PPP
IP/gateway and you can connect to the Internet through the private network of the DiskStation.
Congratulations! Your VPN Center is set up now. For more information or online resources about your
DiskStation, please visit
www.synology.com
.