Tailscale on a Synology NAS - Secure Remote Connection without Port Forwarding or Firewall Rules
Рет қаралды 39,767
Күн бұрынSynology 2023 NAS Confirmed Releases, Rumours & Predictions - nascompares.com/news/synology...
Synology DSM 7.1 Software Review - GUI, DRIVE, ABB, SS9, OFFICE, HYPER BACKUP, STORAGE, CHAT and More - • Synology DSM 7.1 Softw...
Synology NAS DSM 7.2-63134 Beta Coming Soon - nascompares.com/2023/01/18/sy...
Access Synology NAS from anywhere
Tailscale makes it easy to securely connect to your Synology NAS devices over WireGuard®.
Tailscale is free for most personal uses, including accessing your NAS.
Installation steps
Visit the Synology Package Center (tutorial).
Search for and install the Tailscale app.
Once the app is installed, follow the instructions to Log in using your preferred identity provider. If you don’t already have a Tailscale account, a free account will be created automatically.
Now your Synology NAS is available on your tailnet. Connect to it from your PC, laptop, phone, or tablet by installing Tailscale on another device.
That’s it!
Features
When used with Synology, Tailscale supports these features:
Web-based login to any supported identity provider.
Access your Synology NAS from anywhere, without opening firewall ports.
Share your NAS with designated Tailscale users, using node sharing.
Restrict access to your NAS using ACLs.
Use your NAS as a subnet router to provide external access to your LAN. (Currently requires command-line steps.)
Use your NAS as an exit node for secure Internet access from anywhere. (Currently requires command-line steps.)
Limitations & known issues
Some things to be aware of:
If you upgrade Synology from DSM6 to DSM7, you will need to uninstall and then reinstall the Tailscale app. Do not perform the Synology DSM7 upgrade over Tailscale or you may lose your connection during the upgrade.
Tailscale uses hybrid networking mode on Synology, which means that if you share subnets, they will be reachable over UDP and TCP, but not necessarily pingable.
Other Synology packages cannot make outgoing connections to your other Tailscale nodes by default on DSM7. See instructions below to enable.
Tailscale on Synology currently can do --advertise-routes but not --accept-routes. This means that if you have other subnet routers, devices on those other subnets will not yet be able to reach your NAS or devices on its local subnet.
Advertising subnet routes can only be configured from the command line, not the web GUI.
Tailscale SSH does not run on Synology.
Some of those limitations are imposed on Tailscale by the DSM7 sandbox. Others we intend to fix in future releases of Tailscale.
See our Synology tracking issue on GitHub for the latest status on the above issues.
Manual installation steps
An alternative to the recommended approach of installing Tailscale from the Synology Package Center is to install Tailscale using a downloadable Synology package (SPK). A reason you might want to install from an SPK is to access new Tailscale features that are not yet released in the Tailscale version that is available from the Synology Package Center.
To manually install Tailscale:
Download the SPK for your Synology device from the Tailscale Packages server. Synology SPKs are available from both stable and unstable release tracks. To determine which download is appropriate for your Synology device, visit the Synology and SynoCommunity Package Architectures page and look up your architecture by Synology model. Then, find the SPK download at Tailscale Packages that corresponds to your model.
In the Synology DSM web admin UI, go to Main menu - Package Center.
Click Manual Install, click Browse, select the SPK (.spk) file that you downloaded, and then click Next.
Follow the remaining prompts to confirm settings and complete installation.
At this point tailscaled should be up and running on your Synology device and you can configure it either using the Tailscale package’s Synology web UI or the CLI over SSH.
Video Chapters
00:00 - The Start
00:38 - When did I start using Tailscale on my Synology NAS?
01:14 - What is Tailscale?
01:49 - Why is remote accessing your NAS so dangerous and how is it done?
02:38 - What is Port Forwarding and How does it work?
03:37 - What About a VPN to Conenct to your NAS Remotely?
04:33 - Tailscale vs Port Forwarding vs Synology Quick Connect vs VPNs
06:33 - How to Install Tailscale on your Synology NAS
06:57 - How to Setup Tailscale on your Synology NAS
07:50 - How to Install, Setup and Connect to the NAS over TAILSCALE with your Windows. Mac, Android or iOS system
09:32 - Tailscale to Synology NAS Connection remote connect demonstration
11:28 - Using Tailscale DOES NOT mean you shouldn't be aware of your Synology NAS Security!!!!
@j_holtslander 6 ай бұрын
Every time I go looking for info online regarding using my NAS it's always NASCompares that I end up at as a destination. Haha. Keep up the good work!
@ZajaxFilms Жыл бұрын
How the hell did you know I was looking to research this today???
@Tetra84 Жыл бұрын
great guide! do you know how we can use Tailscale in conjunction with hyperbackup/vault to do secure connections to other Synology NAS's?
@chrismclean2989 Жыл бұрын
Surprisingly straight forward 👍
@user-yr2tn8sc1x 10 ай бұрын
You mention security at the end - where can I find instructions for adding such security - e.g. you mentioned Lets Encrypt?
@haydenlee8332 Жыл бұрын
I only have a QNAP TS-231P3, so there is no native support for Tailscale. However, I was able to set up a Tailscale VPN thanks to an extra help from another KZbin video about how to setup Tailscale via docker containers (for QNAP there's "ContainerStation") I'm loving Tailscale so far!! It's so easy!!
@drpepa09 8 ай бұрын
Is there a use case for Tailscale if NAS is behind CGNAT? Just went fullfibre with Befibre and now Plex remote access port forwarding is screwed unless i pay for a static ip fix
@showdown2006 7 ай бұрын
Will this still allow me to access my smb mount in MacOS finder to reach files I want to access/edit that are stored on the NAS?
@vladiesc Жыл бұрын
Nice one! Been using it on my Asustor NAS a while. Great piece of software! No port forward means less chance of being hacked.
@antik06 Жыл бұрын
Maybe it is a "Great piece of software", but maybe the user should think about the fact that to make it work, you are actually giving access to the NAS to a third party. Additionally, I saw a comment somewhere on the web that "If you look a bit at the advanced details, it beats those firewalls because they kind of "don't care" what the UDP packet content is as long as it looks like it's going to the correct IP, and that seems pretty dangerous to me". Well... I'm back to using the QVPN protocol with a VPN server on a QNAP QHora router 😎
@xellaz Жыл бұрын
@@antik06 Yea. I also don't like giving a 3rd party access to my devices. I run my own VPN server and that's the only way you can connect to my network from the outside. Everything else is denied. 😗
@TeufelHund Жыл бұрын
Where is tailscale available for Asustor NAS?
@nemiw4429 9 ай бұрын
@@antik06 R u the owner of QNAP and make too little income? U surely don't sound like an owner of anything other, than 1 old Qnap, but who knows. Maybe u'll share ur reason why u exist, Mr. Qnap NPC.
@antik06 9 ай бұрын
@@nemiw4429 Did you forget to take your pills?
@IYIySTiiKv1 Жыл бұрын
I just set this up! It works great but I was having trouble with ssl certificates while using the synology photos mobile app
@Alex_Railnolds 7 ай бұрын
Hi. Could you help - why my devices cant see each other if they are connected to different networks? Only on the same network they can see each other.
@vimanaboy 4 ай бұрын
Great video- subscribed! What I really need now is to figure out how to make a Tailscale certificate and make reverse proxies for my Docker services (Vaultwarden, Jellyfin, Audiobookshelf, etc)). Or whichever is the best way to access them via Tailscale if that isn't it.
@petermarin 10 ай бұрын
how can I map the NAS in the file explorer? I can't see it when the devices are discovered.
@cesiumion Жыл бұрын
how would synology photos, video or music etc services work if used with openvpn?
@jasonl7964 5 ай бұрын
Thanks for the video. I have Tailscale setup and running, I can access my NAS outside of my network using the Tailscale's IP for my NAS, How do I access it using Let's Encrypt Certificate? The certificate name only work within my local network.
@user-ly5hq5lz6v Жыл бұрын
How does Tailscale compare with Cloudflare Zero Trust Tunnel and/or Twingate??
@aryo7781 11 ай бұрын
does it need to be the same google account to access the NAS? or can other person using other google account access my NAS as long as they know my NAS' IP?
@jasonluong3862 Жыл бұрын
Does Tailscale run on all Synology NAses or just the higher end models with the x86 CPU?
@cunninghamb505 Жыл бұрын
Is the connection slow for you when using as a exit node. Mine is slow
@tonyvalenti6614 Жыл бұрын
Thanks again for yet another great video. I have been using Tailscale for several months now. Yes it was easy to setup, but I would have mentioned their recommendation to add a single line to your NAS Task Scheduler to ensure connection on reboot. That said, my use case was to connect two Synology’s, one onsite and the other offsite to use Hyper Backup supporting my 321 backup strategy. Worked great for about 7 backups, then disconnected and I was never able to reconnect or login through Hyper Backup to Hyper Vault. 😣 Tried asking everywhere, Synology and Tailscale subReddits, Synology and Tailscale themselves. No one has a solution recommendation. Would be great to see if you could get it working and share another video.
@DavidM2002 Жыл бұрын
Do you have the NAS firewall activated ? I set mine up and then later deactivated it but left the rules in place. At some time later, I got sort of locked out of the NAS; I could login to the desktop with a browser but could not move files to and from my Windows desktop with Windows File Explorer. In frustration, I went into the firewall and deleted all of the rules and turned the firewall on and then off. All was well after that. In frustration, we try almost anything; even those things that shouldn't work but this did for me this time.
@MarkDart Жыл бұрын
Thanks for the video I was starting to research solutiosn for my upcoming starlink connection. I have synology NAS which I am currently running open vpn and doing some port forwarding to my Virtual machines hosted on Synology NAS. The virtual machines are server 2003 and also investigating using XP 32 bit due to an old 32bit program I need to run. The issue with this is trying to get Tailscale installed on these machines. Is there a solution that you can think of that I can run on NAS that will give access to all my internal network when connected
@MarkDart Жыл бұрын
I found the option to have one machine advertise the subnet route which fixed my issue
@Jp421JP 5 ай бұрын
Is there a way to limit a device to a single folder on the Nas, rather than full access?
@rb65 Жыл бұрын
Great video. I am trying to figure out how to use Tailscale to allow 2 Synology NASs on 2 different external networks to each other. My goal is to map remote drives between the two so that I can drop a file in a directory on one NAS into a folder on that device and have it copy to the other...but not "sync." In other words, I want that file to automatically copy to a folder on the other NAS and then be able to delete it from the origin NAS and have it remain on the destination.
@DavidM2002 Жыл бұрын
I do that but without Tailscale. On each NAS, I have a folder simply called "Transfer". I also have both NAS's running the cloud sync app which bi-directionally syncs that folder to Google Drive ( or OneDrive ). I copy a file on NAS 1 to its Transfer folder. It is then copied to the cloud drive. On NAS 2, its cloud sync detects the folder on Google Drive, and downloads to its local Transfer folder. I know that you said that you don't want to sync files but the sync app is the one this makes this work. If you set it for bi-directional, when you move the file out of the NAS 2's Transfer folder, a bi-directional sync sees the empty folder and then deletes the copy on Google Drive and the same thing happens back on NAS 1. Sounds convoluted but works like a hot damn.
@Xsessive182 Жыл бұрын
Great i was looking for a guide like this, can this be used for a qnap to Synology file sync?
@DavidM2002 Жыл бұрын
That was my first question. What now ? Get WinSCP ( free to use ). It's like Windows File Explorer except that it shows your local machine beside your remote machine. I recall that there is some sort of sync feature built in and no idea how configurable it is as I haven't tried it.
@revlioquick Жыл бұрын
Could I request some content? The title would be "break your cloud provider reliance". Overall the review/video would provide a guide to using local NAS resources to replace Google/Amazon/Apple/MS cloud services for: 1. Automatic mobile device photograph/video backup #most important I believe 2. Document sharing/editing 3. Sharing of content via common social media, messaging platforms What with costs of these services constantly increasing, and the helpless feeling of being tied, powerless to their control. How easy is it to use Synology/QNap s/w to truly replicate that 'memories happily backed-up' feeling.
@Aleksandar.D 2 ай бұрын
I have already disconnected my entire family from Google photos and Google Drive for backing up our photos, documents, etc. However, I am still using external hard drives, which are disconnected from the internet, to back up my important data. On my NAS, everything that is exposed to the internet is something that I could live without.
@jeibar 6 ай бұрын
I started using Tailscale last night , and I’ve found that the speed is a bit slow to watch media . I can download documents and photos with not problem but when it comes to videos , it’s soo slow compare when connected to the local network . Is that Normal? Is there anything I could do to improve the speed ? Thanks heaps
@ernestodiv Жыл бұрын
I'm using cloudflare to access my synology, what do you think about cloudflare?
@rafraf23534 Жыл бұрын
How does this compare with Twingate?
@c0delama Жыл бұрын
I'm using TailScale for a while now, but what i have discovered is that especially on my Android device, many other apps (including the web browser) are not working when i'm connected to the Tailnet. Would be great to find an option to just enable it for certain use cases or apps.
@percipioergowhat Жыл бұрын
that sounds like a dns issue and might be solvable
@sourabhthorwat 11 ай бұрын
I installed and configured it on my NAS, iPhone nad Laptop. I can access my NAS on iPhone using Tailscale IP or hostname in public network. No issue al all. But I am not able to use it for Synology Photos or any other app. It just gives security warning and donesn't work.
@LaplantFilm Жыл бұрын
Is this possible on a Qnap aswell?
@pbrigham Жыл бұрын
One of the best ways to connect remotely to a NAS.
@PSP_vip 10 ай бұрын
when i enter the ip , just nothing loading
@sandervanbergem6151 Жыл бұрын
If I understand it correctly you don't need to create an quickconnect ID. But how would you connect the Synology photo&file apps on your mobile then? Or do you still create that ID and still keep the ports closed?
@ekowlloyd 2 күн бұрын
He didn’t mention but you also need to install Tailscale on your other devices and have the service running in order to connect to the Tailscale ip of your NAS
@praetorxyn Жыл бұрын
The only ports I have opened up are 80 and 443, and those are forward to the LSIO swag container, which autoredirects http to https (I only have 80 opened up because I can't be arsed to type before my URLs if I don't), and takes care of reverse proxying requests from all my subdomains to the appropriate Docker containers. I am not sure how secure this is compared to say a Cloudflare tunnel, but I have not had any issues thus far. Either way, I think I'd need the reverse proxy setup even with a Cloudflare tunnel, because I have my network configured so that requests to my domain don't go out over the internet from inside my network, so I'd need the reverse proxy to handle the local side and I could set up Cloudflare tunnels to handle the remote side without having to open any ports.
@rishipareek4522 Жыл бұрын
can we remote ssh with it ?
@ekowlloyd 2 күн бұрын
He didn’t mention but you also need to install Tailscale on your other devices and have the service running in order to connect to the Tailscale ip of your NAS
@BUBearsFan 5 ай бұрын
Good video. How do you add Tailscale to your NAS certificate to secure the connection? : )
@azwb Ай бұрын
Did you ever find out?
@anwar.shamim 5 ай бұрын
very important
@barkdongston5814 Жыл бұрын
I was troubleshooting a port forwarding issue with my NAS until 1 AM yesterday lmao
@arielgrassm.dan.rapmfellow4795 Жыл бұрын
If you limit the access to the port-forwarded portas to your mobile devices public IP address alone, why would it be risky to open ports this way, blocking all other IP addresses??
@dummyload7803 10 ай бұрын
public IPs always change. How would you setup something like this ? I guess when it comes to having restrictions on who is allowed and not most if not all smartphones are checkmate
@unklesalty3732 Жыл бұрын
Could this work for Hyper Backup?
@tonyvalenti6614 Жыл бұрын
Worked for a while for me. Then disconnected and never was able to connect to the Vault again. 😞
@samir1612 Жыл бұрын
I have Tailscale app on my phone running. Somehow my Synology-one-drive and Synology-photo-app does not work when I am outside the network. I can open browser and login to my Synology web interface. Anything I am missing? I tried to put correct addresses in both apps as per tailscale.
@jasonluong3862 Жыл бұрын
Within a few years, opening a port and port-forwarding for any outside access to your internal network is synonymous with using fax machines and having your password "password".
@dummyload7803 10 ай бұрын
i disagree
@jacobp7289 Жыл бұрын
How is this better than using quickconnect?
@laurentiudll 5 ай бұрын
It's 50 times faster
@q81tech 3 ай бұрын
so better not use ?
@djplasma02 Жыл бұрын
Cloudflare zero trust tunnels, also good for remote access.
@g.o.9513 11 ай бұрын
Is this service free?
@hernanechevarria9614 Жыл бұрын
From your other videos I had the idea that a NAS could be a substitute for Google Photos and Drive. But yesterday I found a Reddit post with all the security warnings and saying that your NAS shouldn't be exposed to the internet. My idea was to share storage space and photos with family in different countries. And now, I find that this is a big risk not only for the NAS but for all the devices on your network. I feel frustrated and disappointed. If all this is not possible, a NAS is not for me; I prefer Google in that case. Your videos are great but I got the wrong impression from them and I think you should emphasise the problems of exposing the NAS much more. Sorry if I got the wrong ideas and I would love you to correct me and tell me that I am wrong so I can have a bit hope. Thanks for your videos
@dummyload7803 10 ай бұрын
if i may. A NAS can be a substitute for Google, however i would only use it via VPN. But i have to admit ... since i dont have a smartphone ... i would not know how to configure that. Using a puplic Cloudservice ... for me ... is a big nono. Another problem is the human being itself and its knowledge of computerstuff. If your family does not want to invest some time into learning a few things about computerstuff then offering space for them is ... in my eyes ... useless.
@MrTwixraider Жыл бұрын
great, but if you like to share pictures with non users, I think then this isn't gonna work. So you will have to sacrify something
@Teilzeitotaku Жыл бұрын
for those who want to use thier synology NAS not just for themselve but to make the world a better place: Snowflake This tool makes your hardware into a TOR-Entry node...which helps other people around the world. Docker container is available...so it can be run on a synology NAS as such.
@oroville12345 Жыл бұрын
Bro zerotier is better it works with wol and adding routes is so easy... 🔥
@uenmedia4528 Жыл бұрын
Are you serious really?? What did you talk all those time? None sense really and explanation was really worse on here seen!!!!
@MacGyver0 Жыл бұрын
@NasCompares If blog/how-tailscale-works not lies, Tailscale node connections are end-to-end encrypted (a concept called “zero trust networking”).
@dean3184 Жыл бұрын
please interpret your comment for me. I'm kinda dumb when it comes to this
@MacGyver0 Жыл бұрын
@@dean3184 This means that all traffic between devices is already encrypted and cannot be inspected by someone in the middle. Thus, the tail scale provides almost the same security as a local network. I would not put additional certificates on top for each web UI within trusted local network.
@ltngnx Жыл бұрын
@@MacGyver0 In other words, certificates are not really needed? Ben loking online for days how to install certificates and it seems like there's no videosshowing how-to. Maybe it is because, at the end, is not reallt that needed?
Engr. Abhishek Roshan
Рет қаралды 23 М.
SpaceRex
Рет қаралды 258 М.
Immersed
Рет қаралды 4,9 МЛН
Sameer Gaming
Рет қаралды 2,5 МЛН