In this guide, you will find step-by-step instructions on how to set up your Synology NAS as an L2TP VPN server and connect to it and access its files over the Internet. Setting up your Synology NAS as a VPN server allows you to remotely and securely access shared files on your Synology NAS Server, and Synology NAS Server’s internal network protects you from Internet attacks and data interception.
How to configure and connect to Synology NAS L2TP VPN server.
Part 1. Configuring L2TP VPN Server on Synology NAS.
Part 2. Configure VPN client for Synology NAS VPN Server.
Part 1. Setting up and configuring Synology NAS as a VPN server.
Step 1. Install and enable VPN L2TP server on Synology NAS.
1. go to Packages and install VPN server package
2. Open the VPN server package.
3. go to L2TP/IPSec and select Enable the L2TP/IPSec VPN server.
4. Specify the virtual IP address of the VPN server Dynamic IP address select fields or leave default. *
1. The Dynamic IP address specified here will be the Virtual IP address of the VPN server.
2. Allowed dynamic IP addresses for a VPN server can be one of the following:
- From “10.0.0.0” to “10.255.255.0”.
- From “172.16.0.0” to “172.31.255.0”
- From “192.168.0.0” to “192.168.255.0”
5. Installation Maximum connection number to limit the number of simultaneous VPN connections.
6. Installation Maximum number of connections with the same account to limit the number of simultaneous VPN connections with the same account.
7. select MS-CHAP v2 authentication method to encrypt VPN client passwords during authentication.
8. Click and select the Pre-Shared Key box Use a securely generated password, or set your own strong key/password. (don’t forget to write the key).
9. Check it out the Enable SHA2-256 compatible mode (96 bit) allowing some clients to use a (non-RFC standard) L2TP/IPSec connection.
10. Click when done Please apply.
11. Finally, click OK In the message, which ports must be opened on the firewall for the L2TP VPN server to work.
Step 2. Set PORT forwarding rules for Synology VPN Server on your router/firewall.
The next step is to configure L2PT/IPSec port forwarding on your router.
1. Access the router’s web interface.
2. When setting up the router configuration, forward the following ports to the IP address of the Synology VPN Server: 1701, 500 & 4500 (UDP)
Part 2. How to connect to Synology VPN server from Windows 10.
Step 1. Allow L2TP connections behind NAT in the registry.
By default, modern Windows 10, 8 or 7 and Windows Server 2016, 2012 and 2008 operating systems do not support L2TP/IPsec connections if the Windows computer or VPN server is located behind a NAT. To work around this issue, you need to modify the registry on your Windows VPN client/computer as follows:
1. Opening Registry editor. For this:
1. Press at the same time Win + R buttons to open the run command window.
2. Stand up regedit and press Enter To open the registry editor.
2. Go to this button in the left panel:
3. Right-click on an empty space in the right pane and select new –> A DWORD (32-bit) value.
4. For a new keyname type: UDEncapsulationContextOnSendRule and press Enter.
*Note: The value must be entered as shown above and no spaces are left.
5. Double click UDEncapsulationContextOnSendRule value, type 2 Scroll to Value Information and click OK.
6. Shut down Registry editor and restart car.
Step 2. Configure a new VPN L2TP connection for Synology VPN Server on Windows 10.
After making the necessary changes in the registry, you are ready to create and configure a VPN connection to the Synology NAS L2TP VPN server.
1. From whom Settings press Network and InternetOR, right click at Network Click and select the icon on the taskbar Open Network and Internet settings.
2. Click VPN on the left and then click + To add a VPN connection.
3. On the next screen, fill in the following information and click Save:
- VPN provider: Windows (installed).
- The name of the connection: Enter a convenient name for the VPN connection. (eg “Synology VPN”)
- Server name or address: Enter the public IP address or DNS name of the VPN server (eg “example.dyndns.net” .
- VPN type: Use the drop down arrow and select L2TP/IPsec with pre-shared key.
- Pre-shared key: Enter the pre-shared key.
- Input data type: Use the drop down arrow and select Username and password.
- Username: Enter the VPN username.
- Password: Enter your VPN password.
- Check If you want to save your login information for the VPN connection, check the box “Remember my login information” and then click. Save.
4. Click now Change the adapter settings.
5. Right-click and select VPN Connection for Synology NAS Characteristics.
5a. Yes Safety tab, choose Allow these protocols, and check following protocols:
- Challenge Handshake Authentication Protocol (CHAP)
- Microsoft CHAP version 2 (MS-SHAP v2)
5b. Yes Connect to the network tab:
- Remove the mark the Internet Protocol Version 6 (TCP/IPv6).
- Choose the Internet Protocol Version 4 (TCP/IPv4) and press Characteristics.
5c. press Complicated.
5d. Remove the mark “Use the default gateway on the remote network“* and click OK three (3) times to apply the changes and close all windows. *
Note: If this setting is enabled, all Internet traffic of the client computer will pass through the VPN server network, so it is better to disable this setting. BUT, go ahead and enable this setting only if you cannot access other devices On a Synology NAS network.
6. Finally, click on it Network select the icon on the taskbar Synology VPN connect to the network and click Connect To connect to your Synology NAS VPN server.
7. If the connection is successful, continue to check if you can access the shared files on your NAS server. (see step 3 below)
Step 3. Access NAS file shares.
Now check if you can access the file shares on your Synology NAS Server by following these steps:
1. press at the same time Win + R buttons to open the run command window.
2. type “\\” followed by The virtual IP address of the VPN server (for example, “\\ 10.2.0.0” in this example) and click OK.
3. If you can access the file shares on your Synology NAS, then you’re done.
That’s it! Let me know if this guide helped you by leaving a comment about your experience. Please like and share this guide to help others.