Menu

How to Setup Synology NAS as a VPN Server (L2TP) & How to Access it from Clients.

Author: ,

In this tutorial you will find step-by-step instructions on how to set up Synology NAS as an L2TP VPN server and how to connect to it and access its files over the Internet. Configuring your Synology NAS as a VPN server will allow you to remotely and securely access the shared files on your Synology NAS Server, and the Synology NAS Server's internal network, protecting you from Internet attacks and data interception.

 

How to Set up & Connect to Synology NAS L2TP VPN Server.

Part 1. Setup L2TP VPN Server on Synology NAS.
Part 2. Setup a VPN Client for Synology NAS VPN Server.

 

Part 1. How to Setup & Configure Synology NAS as a VPN Server.

Step 1. Install and Enable VPN L2TP Server on Synology NAS.

1. Go to Packages and install the VPN Server package

2. Open VPN Server Package.

3. Navigate to L2TP/IPSec and select Enable L2TP/IPSec VPN Server.

4. Specify a virtual IP address of VPN server in the Dynamic IP address fields, or leave the default. *

* Notes:
1. The Dynamic IP Address specified here, will be the Virtual IP address of the VPN server.
2. The Dynamic IP addresses allowed for VPN server can be any of the following:

  • From "10.0.0.0" to "10.255.255.0"
  • From "172.16.0.0" to "172.31.255.0"
  • From "192.168.0.0" to "192.168.255.0"

5. Set Maximum connection number to limit the number of concurrent VPN connections.

6. Set Maximum number of connections with same account to limit the number of concurrent VPN connections with the same account.

7. Select the MS-CHAP v2 authentication method, in order the VPN clients passwords to be encrypted during authentication.

How to Setup Synology VPN Server

 

8. Click at Pre-shared key box and select Use a Securely Generated Password, or specify your own strong key/password. (don't forget to write the key down).

Synology VPN Server

 

9. Check the Enable SHA2-256 compatible mode (96 bit) to permit certain clients (non RFC standard) to use L2TP/IPSec connection.

10. When done, click Apply.

image

 

11. Finally, click OK at message informing you which ports needed to open in you Firewall in order the  L2TP VPN Server to work.

image

 

Step 2. Setup PORT Forwarding Rules for Synology VPN Server on your Router/Firewall.

The next step is configure the L2PT/IPSec port forwarding to your router.

1. Login to router's web interface.
2. Inside the Router configuration setup, forward the following ports to the IP address of the Synology VPN Server: 1701, 500 & 4500 (UDP)

 

 

Part 2. How to Connect to Synology VPN Server from Windows 10.

 

Step 1. Allow L2TP Connections Behind NAT in Registry.

By default, modern Windows 10, 8 or 7 and the Windows Server 2016, 2012 & 2008 operating systems do not support L2TP/IPsec connections if the Windows computer or the VPN server are located behind a NAT. To bypass this problem you have to modify registry as follows, on the Windows VPN client/computer:

1. Open Registry Editor. To do that:

1. Simultaneously press the Win image + R keys to open the run command box.
2. Type regedit and press Enter to open Registry Editor.

regedit

 

2. At the left pane, navigate to this key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Sevices\PolicyAgent

3. Right click at an empty space at the right pane and select New –> DWORD (32 bit) Value.

image

4. For the new key name type: AssumeUDPEncapsulationContextOnSendRule and press Enter.

* Note: The value must be entered as shown above and with no space.

5. Double click at AssumeUDPEncapsulationContextOnSendRule value, type 2 at Value data and click OK.

image

6. Close Registry Editor and reboot the machine.

 

Step 2. Configure a new VPN L2TP Connection for Synology VPN Server on Windows 10.

Upon making the required modification in Registry, you're ready to create and setup the VPN connection to the Synology NAS L2TP VPN server.

1. From Settings image click Network and Internet, OR, right click at the Network icon on the taskbar and choose Open Network & Internet settings.

vpn client setup windows 10

 

2. Click VPN on the left and then click + to Add a VPN connection.

How to Setup a VPN Connection Windows 10

 

 

3. At the next screen, fill out the following information and click Save:

  • VPN provider: Windows (built-in).
  • Connection name: Type a friendly name for the VPN connection. (e.g.. "Synology VPN")
  • Server name or address: Type the public IP address or the DNS Name of the VPN server (e.g. "example.dyndns.net" .
  • VPN Type: Use the drop down arrow and select L2TP/IPsec with pre-shared key.
  • Pre-shared key: Type the Pre-shared key.
  • Type of sign-in info: Use the drop down arrow and select User name and password.
  • User Name: Type your VPN User name.
  • Password: Type your VPN Password.
  • Check the "Remember my sign-in info" checkbox, if you want to save your sign-in credentials for the VPN connection and then click Save.

setup synology vpn client L2TP

 

4. Now click Change adapter options.

image

 

5. Right-click on the VPN Connection for the Synology NAS an select Properties.

image

 

5a. At Security tab, select Allow these protocols, and check the following protocols:

  • Challenge Handshake Authentication Protocol (CHAP)
  • Microsoft CHAP Version 2 (MS-SHAP v2)

image

 

5b. At Networking tab:

  • Uncheck the Internet Protocol Version 6 (TCP/IPv6).
  • Select the Internet Protocol Version 4 (TCP/IPv4) and click Properties.

image

 

5c. Click Advanced.

use default gateway on local network

 

5d. Uncheck the "Use default gateway on remote network"* and click OK three (3) times to apply changes and close all windows. *

Note: By keeping this setting enabled, all the Internet traffic of the client computer, will pass through the VPN's Server network, so its better to keep this setting disabled. BUT, proceed and enable this setting only if you cannot access other devices on Synology NAS network.

use default gateway on remote network

 

6. Finally, click on Network icon on the taskbar, select the Synology VPN network connection and click Connect to connect to your Synology NAS VPN Server.

image

7. If the connection is successful, proceed to check if you can access the shared files on your NAS Server. (see step-3 below)

 

Step 3. Access NAS File shares.

Now check if you can access the file shares on your Synology NAS Server, by doing the following:

1. Simultaneously press the Win image + R keys to open the run command box.
2. Type "\\" followed by the Virtual IP address of the VPN server (e.g. "\\10.2.0.0" in this example), and click OK.

image

 

3. If you can access the file shares on your Synology NAS server, then you 're done.

That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:
Konstantinos Tsoukalas
Latest posts by Konstantinos Tsoukalas (see all)

Konstantinos Tsoukalas

Konstantinos is the founder and administrator of Wintips.org. Since 1995 he works and provides IT support as a computer and network expert to individuals and large companies. He is specialized in solving problems related to Windows or other Microsoft products (Windows Server, Office, Microsoft 365, etc.).

Related Posts

2 Comments

  1. Tony Su
    November 15, 2024 @ 6:34 am

    A million thanks to this post and the author, and this article, especially the registry part, saved my life.

    Reply

  2. David
    July 19, 2023 @ 3:52 pm

    Thank you for this excellent guide! I don't know if the registry part or the advanced network settings part did the trick but one of those did the trick on my Windows 11 setup.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *