Security for open ports?
- Thread starter dtokez
- Start date
Best option is set up OpenVPN server on your Synology, then just forward one port to the VPN server.
Now on your remote devices, install the OpenVPN client, then connect to the Synology, from here you can access the rest of your network
Now on your remote devices, install the OpenVPN client, then connect to the Synology, from here you can access the rest of your network
Once you're connected to your VPN server, it is like you're on your own internal network so probably no need to forward anything more. It's analogous to being connected to your network at home as if you were physically plugging a cable into your home router. That's assuming your Synology sits on your network at home in a fairly normal fashion i.e. You can get to it from any other machine on your network at home.
Ah that makes sense now cheers bigt
Think I have found some instructions - https://support.nordvpn.com/hc/en-us/articles/206930589
Looks slightly complicated, and I notice that synology offer their own vpn server in the package centre but is openVPN the one to go for?
Cheers
Think I have found some instructions - https://support.nordvpn.com/hc/en-us/articles/206930589
Looks slightly complicated, and I notice that synology offer their own vpn server in the package centre but is openVPN the one to go for?
Cheers
Soldato
- Joined
- 20 Oct 2008
- Posts
- 12,083
Two main uses of VPNs:
- VPNs you setup yourself so that you can securely dial into your network from outside. You use the VPN to avoid having to have a load of unsecured ports open on your firewall.
- VPNs offered by providers such as the one you linked that provide VPN servers you can dial out to. Mainly used by people wanting to try and hide what they're doing on the Internet.
I hope the OP doesnt mind me jumping in.
So if for example a device such as a CCTV camera software uses port 80.. Can you close port 80 and the camera will still be accessible when you logged into the VPN? What i mean are the ports for external access to the network?
So if for example a device such as a CCTV camera software uses port 80.. Can you close port 80 and the camera will still be accessible when you logged into the VPN? What i mean are the ports for external access to the network?
Yes, once you VPN into your network, it's pretty much as if you were connected directly to your router. Once into the VPN, you're inside the firewall.
You should never open port 80 like that either. Asking for trouble!
edit.
This is important!
Maybe tell us exactly how you want to use everything..
You should never open port 80 like that either. Asking for trouble!
edit.
This is important!
Maybe tell us exactly how you want to use everything..
Last edited:
You could try this on your pi
http://www.pivpn.io/
http://www.pivpn.io/
Soldato
- Joined
- 20 Oct 2008
- Posts
- 12,083
Synology's own website provides instructions linked from this page https://www.synology.com/en-uk/knowledgebase/DSM/help/VPNCenter/vpn_desc.
Have you read them, and where did you get stuck?
If you're going to dial in you'll be needing a static WAN IP (if your ISP offers them) or a subscription to a Dynamic DNS service. If you don't your client devices won't know where they're supposed to be connecting to.
Have you read them, and where did you get stuck?
If you're going to dial in you'll be needing a static WAN IP (if your ISP offers them) or a subscription to a Dynamic DNS service. If you don't your client devices won't know where they're supposed to be connecting to.
If you have to open something up to the world because VPN is not practical for various reasons, then put it in a DMZ or reverse proxy to it if possible. Also a quick win can be to just block access to all IP addresses that are countries you don't ever intend to be accessing the service from.