Hi
I have a synlogy nas and I noticed you can setup a VPN server
Now I dont know alot about VPN stuff but I am ok with basic networking and computers so I guess I Can learn the basics
But Id like to know does setting up the Nas VPN server allow all my internet traffic to be encrypted and private?
Thats my goal with this, so all my internet traffic is private
Is this different from a paid service such as NordVPN etc?
That VPN server is for you to VPN into your home network from the outside.
You will have to install a VPN client on your phone, tablet, laptop, etc and figure it to hit the server and it’ll look like you’re on your home network.
This is not meant as an outbound VPN service.
I would suggest looking into a Wireguard or equivalent router if you want a gateway solution. They are much faster than the synology with ipsec and open vpn.
The synology solution works but pretty slow. I have tried to use it as a gateway before and it work, but it is really designed so your internal app such as bittorrent or download manager uses the vpn to connect to the Internet.
The point of VPN is that you are contacting with machine that is away, probably in other country and using that machine’s internet to resolve your queries. That’s what makes it semi-anonymous. If you will set up VPN at home it’s not making it anymore secure than it already is. The point of NAS VPN is so you can take your laptop, go to another country and connect with your home network through VPN on NAS and run your network traffic through your home network.
To get your network secure, check the open ports on your router using the pages that are checking ports, block what you need, set up Pi-hole or similar on your NAS and use common sense :). That’s for starters ;].
Forget VPNs, look into DNS over HTTPS for better privacy.
ahh thanks so I misunderstood that !
Cool yeh I wanted to hide my shifty activities from the world, so I need to probably get a subscription or something to do that right?
… not if OP is setting up a VPN SERVER like he said in his post. He needs to get some concepts straight before making any attempt
What? Bro. That just encrypts the initial request. Not any of the content. And doesn’t hide where you surf. It just secures the request and prevents interception and spiking if setup correctly.
The easy way: sign up to a VPN service that supports the OpenVPN protocol (e.g. mullvad), then configure your Synology to connect to it 24 by 7 (google “mullvad Synology” to learn how) (and no it does not involve the VPN Server app on Synology at all), profit
The harder way - OpenVPN is slower than Wireguard. Figure out how to setup your Synology to be a wireguard client, then have it connect to a VPN service (like mullvad) via the wireguard protocol, and make sure every service routes through the VPN connection. Done.
I had the same thoughts when I saw the VPN server app. Fundamentally, the problem with using only your NAS as a VPN server (with the goal of being anonymous) is that your NAS is on your network. It’s just another computer on your network that can be tied to you through IP address and by contacting your ISP.
You need a third party VPN ($) to connect to so it looks like you are “them” when you’re on the internet. After that, you can do various things on your NAS, router, or computers to utilize that VPN.
HTTPS encrypts the content and everything is HTTPS. That’s a non issue.
I actually just did the openvpn connection with my Synology yesterday with Mullvad. Works a treat.
Will do but can’t I just have my server PC that’s on 24 7 to connect to it to the VPN ?
OpenVPN it’s old and deficient, mulvad support (and push) using WIREGUARD which also powers Tailscale sd-wan vpn.
Maybe what he needs is tailscale or similar (Zerotier or nebula).
A VPN relay on external service as mulvad is excellent for privacy (as doing crypto business or downloading stuff from bittorrent), but for remote secure access to your lan (home) network an SD-WAN VPN is indicated specially if your ISP pug you behind s CG-NAT.
Yes, the content of the dns requests. Not the data downloaded, or where it’s downloaded from.
My Synology DS918+ is connected via VPN 24x7. Nice and secure!
It really depends on what OP is actually trying to say with this statement of his: “That’s my goal with this, so all my internet traffic is private”
Case 1: Does he view “opening his desktop PC and opening a browser to pornhub.com (or any other website for that matter)” as part of “all my internet traffic”?
Case 2: Does he view “connecting to his jellyfin running on his Synology from anywhere” as part of “all my internet traffic”?
Case 3: Does he view “using his Download Station / qbittorrent / any torrent tool running on his Synology / other machines on this local LAN” as part of “all my internet traffic”?
If all 3 cases are yes, then tailscale is not sufficient. And there are numerous other scenarios too… tbh OP is pretty vague on what it is that he is after.
Like you said, tailscale is good for remote secure access to your LAN, so only case 2 of the 3 cases above is covered.
When I say “HTTPS” I’m not talking about the content of the DNS over HTTPS, I’m talking about HTTPS more generally, which easily 90% of internet traffic uses (and to be safe and make it 100% you can run a plugin like HTTPS Everywhere).
HTTPS is a free VPN, without a sketchy man in the middle storing your personal data on a server in Lithuania. The only hole it has is that it doesn’t cover DNS. Thus why my suggestion was DNS over HTTPS. Everything else being HTTPS already is a given you don’t need to do anything to take advantage of it.
Got it, I see where you’re coming from.
So a thought on this: if i visit https://website-i-trust/how-to-build-a-bomb the content may be secured, but my isp, and several other places have information I may not want them to have vs if I view them over a vpn, only the vpn provider and my browser/computer has that info.
