Well, site-to-site VPN is a way to connect multiple sites (homes, business locations, etc), over the Internet but in such a way that the communication between sites remains "local". So what is a site-to-site VPN to begin with? ![]() When we talk about site-to-site VPN connections in the Synology eco-system, then you will have to have certain prerequisites in place in order to configure it. Now let's be clear, this is nothing groundbreaking new even in the Synology world, but it is also not so common unless you actually need it. Also, you have to allow access to those resources on your router in order to be able to access them in the first place, and that means, you are not the only one that can do that.īut what about when you have multiple locations that you want to have secure, remote access to but still have them configured in such a manner that the apps and services (including devices) are not exposed to the rest of the world?Įnter site-to-site VPN. The "problem" there is that you have to harden those services as best as possible or limit access if you want to increase security. There are ways that you can get to your data while you are away from your local network by publishing the services over revers proxy for example. How to get to my data safely over the Internet? Running your own services, or storing data but still being able to get to it all while away from your network is a common question. From there you just fiddle with permissions settings, VPN parameters etc.Nowadays, security is a top priority for almost everyone, especially businesses. Tell the router to authenticate on the IP and correct port of the NAS. Make sure the router can use radius auth for the VPN setup you want on the router. Create users on your NAS (local users or LDAP if you need more features like grouping permissions etc) and install the Radius package and configure it to auth against the local users or LDAP users. Or their support might have a walkthrough. I would bet the synology forums (if they have them) will have someone who has done this before. ![]() They are 2 parts that work together to provide authentication and authorization (who can login, and what they are allowed to do when they login) for any devices that can talk to them.įrom there it gets much more furry because radius has a lot of parts in it and LDAP has a lot of parts in it and the devices that need to talk to them have a lot of parts.įortunately having both your devices run Synology software should help. ![]() Radius is an authentication and authorization (and other related stuff) service that talks to a variety of back end directory services (flat file, local user, SQL, LDAP/AD, etc). In my point of view, LDAP is a directory service that provides information about users and user groups and other resources like servers or whatever. I haven't messed with either of your products but given that they are consumer oriented it will probably be hard to get under the covers and tinker and look at the debug and stuff so if you can keep things simple it will make your life easier. The NAS has a radius package, I would bet the router uses more or less the same thing: Well this is one of those things where getting your feet and hands and ears wet is the best way to get started and as long as you are working in the LAN where you are setting it up, you can't mess up too much as long as you are careful with passwords and don't rush things.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |