• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

I need help setting up a VPN server

Status
Not open for further replies.
G

grecinos

Joined
Jan 13, 2015
Messages
135 (0.04/day)
Hey guys!

I have a Synology NAS that has the ability to act as a VPN server. I was able to successfully enable and configure the VPN server. I'm using Windows 10 as the client. Thus far, I've tried PPTP and L2TP. I was able to establish a connection over the local area network, but I haven't been able to get it to work over the internet. I have Bright House Networks as my ISP. I was able to log into the router and configure the required port forwarding settings. But still no luck.

If anyone has any suggestions, I'd greatly appreciate it!

Cheers,

grecinos
 
First I would recommend NOT using PPTP, as it is not very secure, but for testing it should be fine.

I would recommend you see if your version of NAS can support an OpenVPN tunnel, you might find that more suitable to your needs as it handles routing and DNS updates better in my experience.

What errors do you receive when it doesn't work?

How are you connecting when testing? PPTP and L2TP shouldn't be accessible if you're on the same LAN as the server, you must be on a different network unless you have some crazy routing happening.

I have seen some VPN issues with Windows 10, and PPTP is slowly getting cut out from support on iOS devices too so I can only assume that Windows 10 isn't far behind either. Again it's not very secure and can use plaintext passwords which is not secure at all...so better not to use it once you are resolved. I don't even like to use L2TP, just skip straight to an IPSEC VPN or OpenVPN tunnel and be done with it. :D

Can you provide more details to the NAS model, setup, what you've done, what you have set?

Are you running a DDNS URL to a dynamic home public IP address? If so, is it properly updating? I use one...with no issues, but I have my router setup to auto-update when it's public IP changes.
 
Thanks for the quick reply!

I got it to work after some fiddling around. I only got it to work with PPTP, though.

When I select PPTP as the server type on my Synology NAS, there is an option for encryption, “MPPE”. Is this not safe?

Anyway, I was able to successfully connect to the VPN server and access my shared resources. Exactly as I wanted.
 
MPPE is a Microsoft encryption option for PPTP, regardless it still isn't as secure...but would be better to have MPPE than not.

Glad you got it working though! Any chance you could detail what your problem was and what fiddling around you did to make it work?

Frankly, if you can find something other than PPTP to use, you should. Anything better is a little more work to setup and more trial and error, but keeping your network more secure and resilient from attacks is a HUGE plus. PPTP is going away as I said above... iOS/OSX no longer supports it, and it's not safe as-far-as VPN's are concerned. Though at least have some elevated encryption is better than nothing....especially NOT passing plain text passkeys. That's like taking candy from a baby...but worse.

:toast:
 
Sure.

On the client side, I didn't do much. I used Windows 10 built in VPN feature. I made sure the IP address was correct, used PPTP VPN Type, username and password. On the server side (Synology VPN Server), I enabled PPTP, allowed a maximum of 5 connections, authentication type: MS-CHAP v2, MPPE encryption. I Opened port 1723 on my router. After establishing a connection to the internet on my client using my mobile wifi hotspot device, I was able to connect without any issues. Once connected, I was able to print to my network printer, access files on my NAS, access my local web server, etc. Since Windows 10 doesn't support OpenVPN, I did some research on it. I know you can download an OpenVPN client, but I don't want it to mess with my network settings.

Cheers :)
 
The OpenVPN client is what you use for all versions of Windows, OSX, Android, iOS, Linux. There's different clients, like Tunnelblick for OSX.

It actually works very very well, but I can see someone preferring the built-in OS one....but OpenVPN is so much more secure than PPTP, that it's almost laughable. Really PPTP provides a simple, barely encrypted tunnel that allows you to work on your LAN from the WAN-side (Internet). OpenVPN and IPSEC can be increased to the point noone will want to waste time trying to intercept or decrypting your packets during traversal or be able to do a good job sniffing...making your network and data far far far more secure.

Honestly OpenVPN is so easy to work with, I deploy OVPN servers on PFSense routers almost daily...I have 20+ OVPN tunnels I connect to daily...and they all work so damn well.

When you're ready to better secure your VPN connection, come back and we'll get you sorted. :toast:
 
both l2tp and open vpn are options with Synology. both are more secure than pptp.
 
As slozomby mentioned, Synology supports OpenVPN. Can you please tell me where I can download reliable OpenVPN client for Windows 10? I'd like to try it on my "experimental" PC.
 
remember, once you launch the main gui icon all it does is launch the systray process. you always need to either right click or double click the systray icon to connect and disconnect.

you wouldn't believe how many support calls I get about that.
 
Ok, guys, I downloaded the client and installed it on my Windows 10 PC. The installation part was easy, but the configuration part threw me off. The part I couldn't figure out was how to create the config and ca.crt files. I had to read the tutorial carefully. Once I found out how to export those files from the Synology server, everything else sort fell into place. I just had to modify the config file and copy them to the correct folder on my local PC. It's working great now, I'm able to access all of the resources on my LAN, just as I wanted.

Here's an interesting question for you... I have a web server at home. If I connect to the LAN at home using OpenVPN (from a remote location) and use VNC (remote control software) to control my web server, will the data encryption provided by OpenVPN suffice, or should I enable encryption on the VNC viewer as well? In other words, would it be redundant and unnecessary?
 
OpenVPN will suffice, depending on what you setup. Depending on the size of the key, 2048-bit or higher recommended, I imagine you're using AES256 encryption, so that will be very good.

You should be fine to RDP onto your server through the OVPN tunnel, that's what I do. I use Teamspeak as an external failover solution if for some reason RDP or OVPN fail. I guess if you're on Linux and need VNC, then you can use VNC however you want.

But if you're using VNC as a local remote session, just make sure it stays that way and nothing from your router is doing port forwarding for VNC or RDP ports to your server. It never hurts to have more encryption either, except for processing power and performance will start to suffer. So it's a fine line...frankly I'd run VNC un-encrypted locally or use RDP sessions if using Windows OSes, and rely on OVPN for the tunnel encryption and traffic handling.

:toast:
 
if your web server is windows use remote desktop
if your webserver is Linux/bsd/solaris use ssh
 
Status
Not open for further replies.
Back
Top