MediaFox

Introduce: Specialized site to share, guide and update good techniques about programming, applications, servers, blogs, Network cloud, secure storage, ... and New Trends around the world.


Synology SSL VPN Guide, Quick review


Synology SSL VPN is a VPN service that supports SSL (Secure Sockets Layer) authentication and encryption. This service provides fast and secure SSL VPN access to websites, files, and applications on the Internet or local network.

How to set up Synology VPN?
1.To set up Synology SSL VPN:

1. Click on Synology VPN on the left panel and go to SSL VPN.

Option to enable Synology SSL VPN
Specify the settings below:
Client IP range

Select a client IP range (that is, a subnet or IP range behind your Synology Router) as the virtual IP address available to the clients. To add more to use, go to Object> Address Pool.

Self-owned domain name: Click Edit to configure the domain settings.

Port: Specifies the port for connections through this protocol. The default port is 443. If both Synology SSL VPN and WebVPN are enabled, we recommend using a port other than 443 for Synology SSL VPN so the general WebVPN speed will not be affected.

Security level: Select a preferred security level

Authentication: Select a method for client authentication.

Encryption Select a method to encrypt the connection.

Active licenses: See how many active licenses for premium features are installed. To add a license, go to Licenses on the left panel.

Disallow duplicate logins: Choose to prevent your account from making multiple connections through this protocol.

Click Apply to complete the setup. A custom URL for the VPN Plus web portal appears to be used.

The URL for the VPN Plus web portal can appear in one of the following forms:

Internal IP: Only local users can access web portal through this URL. You can manually replace it with an external IP for a URL that allows remote access and add an entry number if the non-default port is used.

External IP: Local and remote users can access the web portal through this URL.

Domain: Local and remote users can access the web portal through this URL. To get the domain URL, first match the external IP address with the domain name on the DNS server or use Synology's DDNS service (see instructions). If the default port 443 is not in use, add the non-default port number (for example, 500) to the domain (for example, example.com fw00).

The entries in the Client IP range list will be added to the Split-tunnel List and can only be deleted when another object is selected for the Client IP range.

2.To install third-party certificate for Synology Router:

Network administrator can buy the certificate from trusted third party and install it into Synology Router. Once installed, all clients can easily access the VPN Plus web portal without seeing a browser warning.

1. Go to SRM Control Panel> Services> Certificate.

2. Under Action, select Import certificate.

3. Select a browser and provide private key and certificate.

4. Select finish import

3.To install the Synology Router certificate for local devices:

Without a trusted third-party certificate, a network administrator can generate a self-signed certificate from Synology Router and install it for all client devices.

1. Go to SRM Control Panel> Services> Certificate.

2. In the Actions section, click Create certificate> Create self-signed certificate, follow the wizard's instructions to create a certificate for the VPN Plus web portal.

3. Under Server certificate section, select Export certificate to download the self-signed certificate.

4.Share this certificate with local users. Ask them to install it on their device according to the instructions in the User's Guide.

4. Instructions for use

In the sections below, you will learn how to use Synology SSL VPN service for Internet and local network resources.

You can initiate a Synology VPN VPN connection with two proprietary clients- Synology SSL VPN Client (for Windows / Mac / Linux computers) and the VPN Plus mobile app (for iOS / Android devices).

Windows / Mac / Linux computers (except Firefox on Mac):

Use a web browser and enter the VPN Plus web portal URL in the URL bar.
Sign in with your user credentials.
Click SSL VPN on the left panel.
Click Download Client to install the Synology SSL VPN Client to your local computer.
Follow the wizard instructions to complete the installation.

When the client starts to run, the web page will automatically refresh.

Click Connect to connect via Synology SSL VPN. (See Notes section below.)

Now all your connections from the local computer will go through the Synology Router as SSL VPN connection.

To stop using this VPN service, click Disconnect.

Firefox on Mac:

Use a web browser and enter the VPN Plus web portal URL in the URL bar.
Sign in with your user credentials.
Click SSL VPN on the left panel.
Click Download Client to install the Synology SSL VPN Client to your local computer.
Follow the wizard instructions to complete the installation.
Go back to the VPN Plus> SSL VPN web portal and click the link below the download button.
A browser warning will appear on the web page opened. Click Advanced> Add exception.

Go back to the VPN Plus> SSL VPN web portal. Click Connect to connect via Synology SSL VPN. (See Notes section below.)

Now all your connections from the local computer will go through the Synology Router as SSL VPN connection.

To stop using this VPN service, click Disconnect.

Note:

Before connecting to the VPN, if it is your first time logging into the VPN Plus web portal on this client operating system, you will need to set up a PIN of at least 8 characters. This helps you avoid unauthorized login to the malicious VPN server.

When you set up a PIN, when you try to connect to another VPN server for the first time on the same client operating system, you are asked to re-enter the PIN.

PIN cannot be changed after setting. If you forgot your PIN or want to change it, you have to uninstall Synology SSL VPN Client and reinstall it.

IOS / Android devices:

Go to the Apple App Store or Google Play and download VPN Plus to your iOS / Android device.
Note: Android App Pack (APK) is also available on Synology Download Center. For more information on how to manually install apps on your Android device, please refer to this article.
Open VPN Plus, enter the IP address (example: 66.100. *. *) Or domain name (example: vpn.service.com) of the Synology Router.
Note: If you use a custom port other than 443, please add the port number after the domain name / IP address with a colon (for example, prefix.domain.com:10001).
Sign in with your user credentials.
Click Connect to connect via SSL VPN Synology.
Now all your connections from iOS device will go through Synology Router as SSL VPN connection.
To stop using this VPN service, tap Disconnect.
Note:

The Synology SSL VPN service has only two compatible clients: Synology SSL VPN Client and the VPN Plus mobile app.

Synology SSL VPN Client and VPN Plus mobile app are only compatible with VPN Plus Server.

If the network administrator has enabled tunneling, only traffic to target sites / applications / servers in the specified subnets or IP ranges will pass through the VPN. The rest of the traffic goes through the default gateway.

To install a certificate for your device:

If you don't have a trusted third-party certificate available on the VPN Plus Server, you can download and install a self-signed certificate on your computer to avoid repeated browser warnings.

Access the VPN Plus web portal.

Click on the people icon in the upper right corner.
Click Configuration.
In the pop-up window, click Download to download the ca.crt certificate to your computer.
Follow the steps below to install the certificate on your computer platform.


For Windows:


Double-click the ca.crt file on your computer.
Select Open> Install Certificate…> Next.
Option to place all certificates in the store.
Select Browser and select Trusted Root Certification Authorities
Select Ok and follow the instructions to finish the installation
Return to the browser and give the certificate valid


For Mac devices

Select ca.crt file in your computer.
Select System for Keychain, and select Add.
Enter the user's credentials and select Modify Keychain.


Open Keychain Access on your device. Select System under Keychains and select Certificates under Category.


Select and double-click the certificate. In the pop-up window, select Trust and select Always Trust for when using this certificate.
 Close the pop-up and follow the instructions to complete the installation

Address: 797 Nguyen Tat Thanh - Tan Phu - Vietnam. | Gmail: MediaFox.Biz - Phone: 08.00530077
Copyright © 2003 – 2020 MediaFox.Biz. All rights reserved.