Tag Archives: Synology

Connect from Phone to Synology VPN Server

From previous post on how to setup VPN on Synology Server,

Setting up Virtual Private Network (VPN) on Synology

The next thing is to test it. Probably the easiest step is to connect via phone, I will demonstrate how to connect via Iphone.

The first thing is you need to download the Open VPN Client from App Store.

WhatsApp Image 2017-04-06 at 9.08.09 PM

 

Download it and open, you would see something like below

 

WhatsApp Image 2017-04-06 at 9.08.10 PM

 

Install the Open VPN certification

The next thing need to do is to install OpenVPN certification on your OpenVPN application in your phone, there are a couple of ways to copy the certificate and configuration file to your Iphone, but the easiest one is to use ITunes.

10

Connect your Iphone to Itunes on your machine, in the “Apps” section, pick the “OpenVPN” application in the “File Sharing” panel. This is one of the way to copy and paste any file to specific IOS application.

11.PNG

Navigate and access to ca.crt and openvpn.ovpn file in your unzipped directory And Sync it to your Iphone directly.

WhatsApp Image 2017-04-06 at 9.08.10 2 PM

Immediately, you will the OpenVPN application refresh the screen and display one external certificate available. Press the [+] button. add it to your profile.

WhatsApp Image 2017-04-06 at 9.08.11 PM

Enter your Synology username or password and then connect to your Synology VPN server by toggling the connect/disconnect button.

WhatsApp Image 2017-04-06 at 9.08.12 PM

If you are seeing the “connection details” and the “VPN” wording at the toolbar, means you connected to your Synology VPN server successfully.

Advertisements

Setting up Virtual Private Network (VPN) on Synology

I have an ex-colleague read my blog about how to do port forwarding on router for connecting to Synology Disk Station few months ago, and once he told me that I shouldn’t do that because it is very insecure approach.

I went back and think twice, what he said is was entirely true. First, anyone do a random can ping my router. If I disallow my router to being ping by others, they still can create a software to scan the entire Telco network to examine which IP actually has router accessibility.

Although I changed my router admin page to a specific port example: 3333 to make it harder to hack, no doubt that hackers still scan through all the 65535 ports for each IP address in order to land on my router main page. my last approach probably disable the router management page from outside to access it, but my Synology Disk Station login page need to be exposed so I can access my Surveillance Station from WAN.

So the only feasible solution is to install VPN server on the NAS.

Generate a self-signed certification

The first thing need to do is to make sure your synology has a self-signed certification. You can easily generate one from Control Panel > Security > Certificate

5

6

7

After done, move to next step!

Install VPN Server

Basically Synology Disk Station comes with VPN server application, and the setup is pretty straight forward if you get the concept right.

1.PNG

Install the VPN server, and then access to it. I am still using the DSM 5.2, if you are using DSM 6.0 or above probably you will see a similar screen too.

2.PNG

Understand which protocol to use

It comes with 3 standard protocols, PPTP, OpenVPN and L2TP/IPSec.
From what I understand is that PPTP will be slightly faster, but it is less secured.

https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

IF you are looking at the above link, it said that:

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OK, looks like PP2P is not an option for me, I would rather pick OpenVPN, but the only drawback is you need to install the OpenVPN client software.

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

Enable the VPN Server

So the first step is to enable the OpenVPN by checking the “Enable OpenVPN server”.
The rest of settings can just follow the default one.

Once you managed to set it up, means the VPN server in Synology Disk Station is enabled and ready to use. But remember to export the Configuration by clicking on “Export Configuration”

3.PNG

You will see that your a zip file being downloaded, and inside should have 3 files : Certification, open VPN file and a readme.txt file

4

Modify the openvpn file

The openvpn.ovpn come with a default domain, so we need to change that and point to our router IP address or a domain. So when we put this configuration and certification on our phone, so that our phone can connect to the VPN securely.

8.PNG

Port forwarding 1194 Port at router

The next thing is, open only 1 port at router port-forwarding page, and only allow port 1194 (UDP). Please make sure it is UDP!

9.png

 The next step….

Of course is to test it, make sure it works so we can use it. Please refer to:

Connect from Phone to Synology VPN Server

Setup TP-Link NC-250 on Synology Surveillance Station

It is pretty easy to setup the NC-250 IP Camera on Synology Surveillance Station. Basically we don’t really need to do any hacking other than add the camera into surveillance station with a couple of quick setting.

The first thing we need is to make sure we know the IP address of the TP-Link NC-250. But before that, it would be better if you install the IP camera using TP-Link phone app so that it can connect to your router, and then you get the IP address of the camera from DHCP list or from the setting page in the phone app.

1.PNG

Because TP-Link NC-250 IP camera is not officially recognized as compatible camera in Synology Surveillance Station, so we have to choose [User Define] brand.

Put “8080” as your port number and this is fixed by TP-Link firmware, the source path is “/stream/video/mjpeg”, default username is “admin”, default password is “admin”, but the key thing is you can’t put the actual password here, TP-Link firmware recognize only base64 encoded password, so go to https://www.base64encode.org/, and encode it to base64 format. Example, password “admin” would be converted to “YWRtaW4=”, passsword “qwerty123” would converted to “cXdlcnR5MTIz”. Put the encoded password at the password field. Click “Test Connection”, you would see your IP camera video screen if everything is correct.

But anyway, I still can’t get the video setting correctly to work dynamically like other brand, so everything would follow the default IP camera setting.

2.PNG

Reply or comment below if you need my help.

Disk Station Manager 6.0 (Release Candidate)

This is the moment! Synology is going to launch their latest Disk Station Manager (DSM) version 6.0. The latest beta testing can be downloaded from their web site and you can refer to your specific models here in order to make sure if your model can use the latest version.

The latest disk station version contains a couple of major changes include Mail Services, Spreadsheet Collaboration Tools, improvement on their Note Station with charting features, and optimized 64-bit computing.

mail_01
Mail Services in your private cloud
yourown_01
Nore Station charting features
powerful_01
Powerful Context indexing

 

 

Modify Synology Photo Station Default Directory

By default, Synology Disk Station will only accept one photo directory as the photo station source. But sometimes you want to re-connect the existing photo directory that you already have, or migrate the photo directory to a bigger hard disk volume. You can’t select multiple photo directories unless you install the Synology Media Server application.

If you don’t want to do that, the only solution is to change your photo station default directory to the hard disk volume that you preferred.

After you installed the Photo Station on your Synology NAS, go to Control Panel and refer to the “Shared folder” page.

photo1

photo2

As you can see now, the default shared folder of the Photo Station is pointing at “Volume 1”, So our task now is to migrate it to “Volume 2”.

photo3photo4photo5

 

Connect DS Cam to your Synology NAS

Since we had already setup external access for our Synology NAS, now is time to test it and make sure we can access our Synology Surveillance Station from the WAN network using our phone or browsers. If you are using IOS or Android phone, download the Synology official Surveillance Cam App,

IOS: https://itunes.apple.com/us/app/ds-cam/id349087111?mt=8
Android: https://play.google.com/store/apps/details?id=com.synology.DScam&hl=en

Install them, and you would see the DS cam icon like below,

 

You can enter your router external IP Address with the forwarded port, if you are not sure how to do a port forwarding for Synology NAS please refer to my previous post here.

IMG_1742

The green box is “navigation menu”, and the red one is “view all mode”

IMG_1743

If you click on individual camera, the right box at the top is “manual recording”.

IMG_1744

Navigation Menu

IMG_1745

Recordings video

IMG_1746

You can filter the recording videos by source, cameras, and date. And if you want you can sort it by date.

IMG_1747

This is “view all” mode. You can see all the camera real time activities in a single view.

IMG_1748

 

Setup external access to your Synology NAS

2 Ways

There are 2 ways to setup external access for your Synology NAS, the first way is to setup Synology QuickConnect ID. The other method is to setup router port forwarding. If you are using QuickConnect ID definitely would be safer compare to router port forwarding method because you have to manage your router security better if you are doing it your way.

A standard port to access Synology NAS HTTP is port 5000. HTTP then required port 5001. To access photo station externally then you required a port 80. Surveillance Station required standard port 5000 or 5001.

Synology Network Ports

You can see the complete list of network port for Synology NAS, refer to here.

https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/What_network_ports_are_used_by_Synology_services

Although in the network port list, they mentioned required port 9000 or 9001 for Surveillance Station, but I noticed that exposing port 5000 and 5001 is sufficient enough.

Router Port Forwarding

Let’s say, for an example if your Synology NAS URL is, http://192.168.0.108:5000/webman/index.cgi

You can set your router port forwarding like below,

forward1.PNG

If your external IP address (router IP address) is like 175.200.142.46, you can access your Synology NAS using http://175.200.142.46:20000/ then you can see your Synology NAS login screen.

For cloud station, just access it with http://175.200.142.46:20001/ will do.

In order to test if your Synology NAS successfully exposed to external access, use Google Paping to double check with “paping 175.200.142.46 -p 20001”.

*Most importantly, setup your Synology NAS properly, please refer to here.*