Hi everyone,
I have a very newbie question concerning the setup of VPN on my NAS.
My use case is really basic: it is a home server where I store my family admin files, work files and photos. I usually access these from my home and when I do have to use them or work on these folders, I connect either through Synology Drive or QuickConnect/File Station. Down the road, I would like to manage the downloading of some torrents independantly from my Nas… that’s it. Nothing more nothing less, at least for the moment.
Needless to say that I am absolutely dogshit in network stuff etc…
However, I am a bit paranoid and I want to make sure that everything is well secured. I understand that for my remote access, QuickAccess give some level of security. I do always connect to internet through a VPN myself (Proton).
While looking for the various ways to secure, I came accross the openvpn configuration. I therefore did setup the Proton VPN on my Nas and it is now “connected”.
BUT, I am still unsure if that means that all my connections with my NAS, whether when I am home or accessing through QuickConnect are using this VPN… I know, it must sound very basic… but it is quite confusing for me. Does that also mean that if I configure Download Station on DSM to download some torrents, the downloads will be made through the VPN?
Final question : most of the videos I see on youtube talk about seting up a VPN SERVER. I understand this is not what I have done… but what is not clear for me is, in my use case, what would a VPN server on my NAS bring to me as all my PC/Macs at home are connecting to internet through Proton and I have set up a VPN client on my Nas for the connection between my NAS and these computers…
Anyway, thanks to all who have spent some time reading this novel 
ProtonVPN on your NAS acts as a VPN client, meaning it routes the NAS’s internet traffic through ProtonVPN’s servers to secure and anonymize that traffic. This is great for protecting your NAS’s outgoing connections, like when downloading torrents or syncing with cloud services.
A VPN server, on the other hand, is something you set up on your NAS to allow remote devices (like your laptop when you’re away from home) to securely connect to your home network. This creates a secure, encrypted tunnel between your remote device and your NAS, giving you access to your NAS and other devices on your home network as if you were physically there.
So, while ProtonVPN as a client protects the NAS’s internet traffic, a VPN server on your NAS would protect and manage your remote access to the entire network. They’re two different tools serving different purposes.
Besides to make it more secure:
• Enable Two-Factor Authentication (2FA)
• Set Up a VPN Server
• Disable Unused Services and Ports
• Regularly Update DSM and Installed Packages
• Configure Firewall Rules
• Use Strong, Unique Passwords
• Restrict Admin Access
• Enable IP Blocking/Geo-Blocking
• Secure Backup Strategy
• Monitor Logs Regularly
• Enable HTTPS and SSL Certificates
• Disable Default Admin Account
Oh and how do I know it is working ? I guess I cannot use some website like “whatismyip” or something because it will be identifying the IP issued by Proton FOR MY COMPUTER and not the NAS, right ?
For a complete noob and well beyond Tailscale is by far the easiest and low effort, yet secure VPN option. Install the package and you’re up and running. If you want to allow it to be an exit node, great, but that’s optional. For most home users the free tier is more than enough. I should have setup Tailscale a long time ago.
Thannnnnnks a lot!!! it is clear. I had a lot of confusion and couldn’t find clear answer (at least for me) on the Client side.
Given my use case, I assume that setting up an VPN server would be a bit overkill then… I can live happily with QuickConnect so far, save if I want to manage remotely some app like download station or stuff like that but I think I don’t really need that so…
Yup, aside from the VPN Server, I am following most of those guidelines… Thanks !!!
You can via command line. My code pasted like dog shit from my phone, but just curl the url in here:
def get_public_ip(): try: response = requests.get(‘https://api.ipify.org?format=text’) response.raise_for_status() return response.text except requests.RequestException as e: print(f"Error fetching public IP address: {e}") return None
ahaha funny, I am discovering it right now on youtube! Indeed, seems to be the good solution for me! Thanks !!!
You can install Tailscale that can do both and it also uses the wireguard protocol that is far superior to OpenVPN. Tailscale is free, you can use it to connect directly to your NAS without quickconnect. It also has a paid addon for mullvad (VPN service like ProtonVPN) for routing your outgoing traffic from your NAS.
I detected that you might have found your answer. If this is correct please change the flair to “Solved”. In new reddit the flair button looks like a gift tag.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
Thanks! crazy that there is no easier way than going to the terminal to do some command line …
sorry, I tried to understand how to copy this to my terminal (on Windows 10 but I can use Linux Zorin as well if needed)… I am total noob with all command lines etc
You ssh to the Synology then run it
