Monday, August 19, 2013

Cyber Monday - Setting up an VPN with Synology Part 1 of 3

So recently, I was traveling abroad and wanted access to my files at home and wanted to make sure to have (more) secure access to the internet for the future. In doing so, I found out several things:

1.  PPTP is NOT secure due to its MS-CHAP v2,  PPTP's authentication protocol. Currently there are ways to penetrate them easily. (Side note: even its creator, Microsoft, has abandoned it!)
2.  OpenVPN is secure (at least for now), fast, reliable, and diverse (described below).
3.  There are a ton of ways to setup a VPN server and OpenVPN is available for apple products, android, and windows.

The two most interesting ways I found to setup OpenVPN was using Untangle. I really like Untangle for the reason that they can filter all of your internet traffic BEFORE it goes to your system, it can filter viruses out, install a secure firewall, intrusion detection system, spyware filter, phish filter, etc. It is absolutely amazing, free (or pay for premium), and easy on resources. I did install it on a spare laptop to see how exactly it runs and really enjoyed its ease of use and simplicity. However, you do need a dedicated system for it and it will slow your traffic down slightly.

At my home, I don't have the resources (i.e. a spare PC or laptop with 2+ nic cards) to run Untangle, so instead, I used my Synology server (DSM 4.2-3211) and opened a port on my router to the outside world for my VPN setup. So, lets get started!

Setting up the Server:

1. Log into your synology device and open up the Package Center and install the VPN Server

2. Once installed, it will create an icon on the dropdown menu.

3. Once open, select OpenVPN in the Settings Folder and enable it.  I chose to have a maximum of 3 simultaneous connections as I don't have many users in my home and feel safer limiting the number of instances possible. Likewise, I wanted the speed to be as fast as possible, so I enabled compression on the VPN link.  Next, you should go to the Privileges and choose who has access to the VPN. Under General Settings, you can also allow newly created users to automatically have access if you choose. Once set, export the configuration files and you're good to go.  

4. To be extra safe, you'll probably want to enable the AutoBlock under the General Settings as well. This will help prevent those nice people from China & Niagara from permanently gaining access to your server once they find it (Like they tried to do to a friend's synology server).  

5. Now you'll likely want to punch a hole into your router to allow for the server to have access to the outside world. If you're setting up a VPN you'll hopefully know how to do this, however, there are two ways, one would be to place your whole Synology server outside of the firewall using DMZ, sort of defeating the purpose of the work you just did, the other, which I HIGHLY recommend, is just port forwarding. Depending on your setup you'll type in the IP address of your synology server, and the port to forward (port 1194 & UDP only).

Congrats the OpenVPN server is now set up!  Next you'll need to setup the client side of it.  Check out how to setup the client for windows in Part 2, and for an android & apple iphone device in part 3.  Also a short bonus page of advanced things you can do to your synology with OpenVPN like IP forwarding.

No comments:

Post a Comment

Your name and email will never be sold, distributed, or revealed to the public by any means.