Usage of DDNS vs VPN?

[Makhaira]

I need an education please.

I'm trying to understand DDNS vs VPN for my Synology NAS and I think I'm missing some pieces of the puzzle, or just being slow.

So, two requirements:
1 - I want to be able to access the files on my NAS whilst outside of my LAN
2 - I want to be able to remote desktop to my main machine (on the same network as the NAS) whilst outside of my LAN

So far I understand that I can use the Synology utility to set up a Dynamic DNS service to give me a static address to access my router, and through port forwarding that will pipe me into the NAS. I understand that a VPN is an encrypted connection between two computers to allow a secure "tunnel" through the net.

I thought therefore that I'd need to use both DDNS and VPN to achieve this, but a friend who knows more about networks than I do has advised me only DDNS is required and then I could remote desktop to my main machine.

To say I'm a bit confused would be an understatement. I'd be more than happy to do my own research if someone could point me in the right direction please, so far all the material seems to assume a level of knowledge that I don't have. Thanks in advance!

 

[Armageus]

Dynamic DNS is needed if your ISP doesn't supply a static IP - purely so that every time your routers external IP address changes, dynamic dns updates the "signpost" to tell you where to find it, so that you can talk to you router via e.g Makhaira.dyn-dns.net.

Whilst you could forward the Synology ports directly to the internet - you are then relying on Synology to keep their software up to date and free of security problems.

VPN is normally used, as VPN software is updated a lot more often to fix security issues, normally offers multiple different security options, and offers the option to securely access all of your home network remotely (rather than having to port forward every device that you may want)

 

[ChrisD.]

but a friend who knows more about networks than I do has advised me only DDNS is required and then I could remote desktop to my main machine.

It's possible but not advised, you really ought to be using a VPN rather than leaving the likes of RDP open to the internet.

 

[Makhaira]

Thanks both. So to check my understanding, I'll use the DDNS to get a static address to get me to my NAS. The VPN will connect me to the NAS, but in doing so it allows me to browse the entire network - i.e. the NAS at the "receiving end" of the connection isn't confining the VPN to just that machine, but is acting as a gateway onto my entire LAN? So I use DDNS as a convenient address, open a VPN tunnel to the NAS, and I can then RDP around my network as if I was at home?

If that understanding is correct, the one last bit I don't get is how do I enable DDNS in such a way that it DOESN'T allow direct connections without a VPN? Is that just by NOT doing port forwarding?

 

[neodude]

Yes. The only port you'll be forwarding will be the one for the VPN and the VPN server will only allow certain clients (i.e. your phone) to connect.

 

[skyripper]

Well the VPN will let any client connect if they supply the right credentials and connection details. But yes, the recommended route is don't expose your NAS or RDP to the internet and use a VPN with a strong key and up-to-date protocol.

Anyone opening up RDP to the internet is going to get battered by brute force attacks.

 

[Deleted member 77746]

100% use a VPN then you can connect to services as if you where inside your local network. Your router might support this, if not you will need either a router that supports it or a service on your network then port forward from that.