Tailscale on a Synology NAS - Secure Remote Connection without Port Forwarding or Firewall Rules

แชร์
ฝัง
  • เผยแพร่เมื่อ 28 ธ.ค. 2024

ความคิดเห็น • 82

  • @j_holtslander
    @j_holtslander 11 หลายเดือนก่อน +3

    Every time I go looking for info online regarding using my NAS it's always NASCompares that I end up at as a destination. Haha. Keep up the good work!

  • @ZajaxFilms
    @ZajaxFilms ปีที่แล้ว +19

    How the hell did you know I was looking to research this today???

  • @Jonkelly-q7j
    @Jonkelly-q7j ปีที่แล้ว +5

    You mention security at the end - where can I find instructions for adding such security - e.g. you mentioned Lets Encrypt?

  • @sandervanbergem6151
    @sandervanbergem6151 ปีที่แล้ว +9

    If I understand it correctly you don't need to create an quickconnect ID. But how would you connect the Synology photo&file apps on your mobile then? Or do you still create that ID and still keep the ports closed?

    • @ekowlloyd
      @ekowlloyd 5 หลายเดือนก่อน

      He didn’t mention but you also need to install Tailscale on your other devices and have the service running in order to connect to the Tailscale ip of your NAS

    • @6Nekro
      @6Nekro 2 หลายเดือนก่อน

      Exactly, you don't need to create a quickconnect ID at all. Just need tailscale client app on both devices and have it activated just like in the video and then use for example DS file app. In the DS file app login screen you will just use the IP of the device (synology) that tailscale created for you (you can find it in your Tailscale admin section under Machines) and your synology login details just like you would log in to it normally.
      I used DS file app on my phone to test it. I disconnected from my wifi on my phone so I am on my phone data internet and I managed to connect without any issues.

  • @Tetra84
    @Tetra84 ปีที่แล้ว +2

    great guide! do you know how we can use Tailscale in conjunction with hyperbackup/vault to do secure connections to other Synology NAS's?

  • @vladiesc
    @vladiesc ปีที่แล้ว +5

    Nice one! Been using it on my Asustor NAS a while. Great piece of software! No port forward means less chance of being hacked.

    • @antik06
      @antik06 ปีที่แล้ว +2

      Maybe it is a "Great piece of software", but maybe the user should think about the fact that to make it work, you are actually giving access to the NAS to a third party. Additionally, I saw a comment somewhere on the web that "If you look a bit at the advanced details, it beats those firewalls because they kind of "don't care" what the UDP packet content is as long as it looks like it's going to the correct IP, and that seems pretty dangerous to me". Well... I'm back to using the QVPN protocol with a VPN server on a QNAP QHora router 😎

    • @xellaz
      @xellaz ปีที่แล้ว +1

      @@antik06 Yea. I also don't like giving a 3rd party access to my devices. I run my own VPN server and that's the only way you can connect to my network from the outside. Everything else is denied. 😗

    • @TeufelHund
      @TeufelHund ปีที่แล้ว +2

      Where is tailscale available for Asustor NAS?

    • @nemiw4429
      @nemiw4429 ปีที่แล้ว +1

      @@antik06 R u the owner of QNAP and make too little income? U surely don't sound like an owner of anything other, than 1 old Qnap, but who knows. Maybe u'll share ur reason why u exist, Mr. Qnap NPC.

    • @antik06
      @antik06 ปีที่แล้ว

      @@nemiw4429 Did you forget to take your pills?

  • @NikolaBulj
    @NikolaBulj 4 หลายเดือนก่อน

    What about the firewall? Should we just allow tailscale from the ip-range they give, or also other services we might need to use (photos for example)?

  • @petermarin
    @petermarin ปีที่แล้ว +2

    how can I map the NAS in the file explorer? I can't see it when the devices are discovered.

  • @BUBearsFan
    @BUBearsFan 10 หลายเดือนก่อน +2

    Good video. How do you add Tailscale to your NAS certificate to secure the connection? : )

    • @azwb
      @azwb 6 หลายเดือนก่อน

      Did you ever find out?

  • @PaulMarriott-p9v
    @PaulMarriott-p9v ปีที่แล้ว +1

    How does Tailscale compare with Cloudflare Zero Trust Tunnel and/or Twingate??

  • @cesiumion
    @cesiumion ปีที่แล้ว +1

    how would synology photos, video or music etc services work if used with openvpn?

  • @pbrigham
    @pbrigham ปีที่แล้ว +2

    One of the best ways to connect remotely to a NAS.

  • @Invadia.official
    @Invadia.official 11 หลายเดือนก่อน +1

    I started using Tailscale last night , and I’ve found that the speed is a bit slow to watch media .
    I can download documents and photos with not problem but when it comes to videos , it’s soo slow compare when connected to the local network .
    Is that Normal? Is there anything I could do to improve the speed ?
    Thanks heaps

  • @ekowlloyd
    @ekowlloyd 5 หลายเดือนก่อน

    He didn’t mention but you also need to install Tailscale on your other devices and have the service running in order to connect to the Tailscale ip of your NAS

  • @andresvaldevit3692
    @andresvaldevit3692 4 หลายเดือนก่อน

    11:13 So apart from this I should still use Synology vpn? Isn’t Tailscale a vpn already?

  • @ADDICTIVESimon
    @ADDICTIVESimon หลายเดือนก่อน

    Thanks to your video I've successfully set up Tailscale on my Synology NAS but can't work out how to configure the existing PLEX on my Synology so I can access my music via a mobile (which also has Tailscale installed)? What's are the final steps to do this?

  • @Xsessive182
    @Xsessive182 ปีที่แล้ว +1

    Great i was looking for a guide like this, can this be used for a qnap to Synology file sync?

    • @DavidM2002
      @DavidM2002 ปีที่แล้ว

      That was my first question. What now ? Get WinSCP ( free to use ). It's like Windows File Explorer except that it shows your local machine beside your remote machine. I recall that there is some sort of sync feature built in and no idea how configurable it is as I haven't tried it.

  • @drpepa09
    @drpepa09 ปีที่แล้ว +1

    Is there a use case for Tailscale if NAS is behind CGNAT? Just went fullfibre with Befibre and now Plex remote access port forwarding is screwed unless i pay for a static ip fix

  • @Alex_Railnolds
    @Alex_Railnolds ปีที่แล้ว

    Hi. Could you help - why my devices cant see each other if they are connected to different networks? Only on the same network they can see each other.

  • @revlioquick
    @revlioquick ปีที่แล้ว +4

    Could I request some content? The title would be "break your cloud provider reliance".
    Overall the review/video would provide a guide to using local NAS resources to replace Google/Amazon/Apple/MS cloud services for:
    1. Automatic mobile device photograph/video backup #most important I believe
    2. Document sharing/editing
    3. Sharing of content via common social media, messaging platforms
    What with costs of these services constantly increasing, and the helpless feeling of being tied, powerless to their control. How easy is it to use Synology/QNap s/w to truly replicate that 'memories happily backed-up' feeling.

    • @Aleksandar.D
      @Aleksandar.D 7 หลายเดือนก่อน

      I have already disconnected my entire family from Google photos and Google Drive for backing up our photos, documents, etc. However, I am still using external hard drives, which are disconnected from the internet, to back up my important data. On my NAS, everything that is exposed to the internet is something that I could live without.

  • @jacobp7289
    @jacobp7289 ปีที่แล้ว +2

    How is this better than using quickconnect?

    • @laurentiudll
      @laurentiudll 10 หลายเดือนก่อน

      It's 50 times faster

  • @Wombats-1
    @Wombats-1 27 วันที่ผ่านมา

    i still cant get my nas to mount under the devices section. ive logged out of everything and used the installed app on my nas to redirect to log back in. but still the nas wont show up

  • @showdown2006
    @showdown2006 ปีที่แล้ว

    Will this still allow me to access my smb mount in MacOS finder to reach files I want to access/edit that are stored on the NAS?

  • @haydenlee8332
    @haydenlee8332 ปีที่แล้ว

    I only have a QNAP TS-231P3, so there is no native support for Tailscale.
    However, I was able to set up a Tailscale VPN thanks to an extra help from another TH-cam video about how to setup Tailscale via docker containers (for QNAP there's "ContainerStation")
    I'm loving Tailscale so far!! It's so easy!!

  • @tonyvalenti6614
    @tonyvalenti6614 ปีที่แล้ว +2

    Thanks again for yet another great video. I have been using Tailscale for several months now. Yes it was easy to setup, but I would have mentioned their recommendation to add a single line to your NAS Task Scheduler to ensure connection on reboot. That said, my use case was to connect two Synology’s, one onsite and the other offsite to use Hyper Backup supporting my 321 backup strategy. Worked great for about 7 backups, then disconnected and I was never able to reconnect or login through Hyper Backup to Hyper Vault. 😣
    Tried asking everywhere, Synology and Tailscale subReddits, Synology and Tailscale themselves. No one has a solution recommendation. Would be great to see if you could get it working and share another video.

    • @DavidM2002
      @DavidM2002 ปีที่แล้ว

      Do you have the NAS firewall activated ? I set mine up and then later deactivated it but left the rules in place. At some time later, I got sort of locked out of the NAS; I could login to the desktop with a browser but could not move files to and from my Windows desktop with Windows File Explorer. In frustration, I went into the firewall and deleted all of the rules and turned the firewall on and then off. All was well after that. In frustration, we try almost anything; even those things that shouldn't work but this did for me this time.

  • @cunninghamb505
    @cunninghamb505 ปีที่แล้ว

    Is the connection slow for you when using as a exit node. Mine is slow

  • @vimanaboy
    @vimanaboy 9 หลายเดือนก่อน

    Great video- subscribed! What I really need now is to figure out how to make a Tailscale certificate and make reverse proxies for my Docker services (Vaultwarden, Jellyfin, Audiobookshelf, etc)). Or whichever is the best way to access them via Tailscale if that isn't it.

  • @Jp421JP
    @Jp421JP 10 หลายเดือนก่อน

    Is there a way to limit a device to a single folder on the Nas, rather than full access?

  • @GCW123
    @GCW123 21 วันที่ผ่านมา

    I can’t install tailscale on my synology nas. I’ve tried and tried.

  • @rb65
    @rb65 ปีที่แล้ว +2

    Great video. I am trying to figure out how to use Tailscale to allow 2 Synology NASs on 2 different external networks to each other. My goal is to map remote drives between the two so that I can drop a file in a directory on one NAS into a folder on that device and have it copy to the other...but not "sync." In other words, I want that file to automatically copy to a folder on the other NAS and then be able to delete it from the origin NAS and have it remain on the destination.

    • @DavidM2002
      @DavidM2002 ปีที่แล้ว +1

      I do that but without Tailscale. On each NAS, I have a folder simply called "Transfer". I also have both NAS's running the cloud sync app which bi-directionally syncs that folder to Google Drive ( or OneDrive ). I copy a file on NAS 1 to its Transfer folder. It is then copied to the cloud drive. On NAS 2, its cloud sync detects the folder on Google Drive, and downloads to its local Transfer folder. I know that you said that you don't want to sync files but the sync app is the one this makes this work. If you set it for bi-directional, when you move the file out of the NAS 2's Transfer folder, a bi-directional sync sees the empty folder and then deletes the copy on Google Drive and the same thing happens back on NAS 1. Sounds convoluted but works like a hot damn.

  • @rafraf23534
    @rafraf23534 ปีที่แล้ว

    How does this compare with Twingate?

  • @jasonl7964
    @jasonl7964 10 หลายเดือนก่อน

    Thanks for the video. I have Tailscale setup and running, I can access my NAS outside of my network using the Tailscale's IP for my NAS, How do I access it using Let's Encrypt Certificate? The certificate name only work within my local network.

  • @LaplantFilm
    @LaplantFilm ปีที่แล้ว

    Is this possible on a Qnap aswell?

  • @aryo7781
    @aryo7781 ปีที่แล้ว

    does it need to be the same google account to access the NAS? or can other person using other google account access my NAS as long as they know my NAS' IP?

  • @unklesalty3732
    @unklesalty3732 ปีที่แล้ว +1

    Could this work for Hyper Backup?

    • @tonyvalenti6614
      @tonyvalenti6614 ปีที่แล้ว

      Worked for a while for me. Then disconnected and never was able to connect to the Vault again. 😞

  • @IYIySTiiKv1
    @IYIySTiiKv1 ปีที่แล้ว

    I just set this up! It works great but I was having trouble with ssl certificates while using the synology photos mobile app

  • @rishipareek4522
    @rishipareek4522 ปีที่แล้ว

    can we remote ssh with it ?

  • @c0delama
    @c0delama ปีที่แล้ว +1

    I'm using TailScale for a while now, but what i have discovered is that especially on my Android device, many other apps (including the web browser) are not working when i'm connected to the Tailnet. Would be great to find an option to just enable it for certain use cases or apps.

    • @percipioergowhat
      @percipioergowhat ปีที่แล้ว +1

      that sounds like a dns issue and might be solvable

  • @PSP_vip
    @PSP_vip ปีที่แล้ว

    when i enter the ip , just nothing loading

  • @ernestodiv
    @ernestodiv ปีที่แล้ว

    I'm using cloudflare to access my synology, what do you think about cloudflare?

  • @chrismclean2989
    @chrismclean2989 ปีที่แล้ว

    Surprisingly straight forward 👍

  • @MarkDart
    @MarkDart ปีที่แล้ว

    Thanks for the video I was starting to research solutiosn for my upcoming starlink connection. I have synology NAS which I am currently running open vpn and doing some port forwarding to my Virtual machines hosted on Synology NAS. The virtual machines are server 2003 and also investigating using XP 32 bit due to an old 32bit program I need to run. The issue with this is trying to get Tailscale installed on these machines. Is there a solution that you can think of that I can run on NAS that will give access to all my internal network when connected

    • @MarkDart
      @MarkDart ปีที่แล้ว

      I found the option to have one machine advertise the subnet route which fixed my issue

  • @q81tech
    @q81tech 9 หลายเดือนก่อน

    so better not use ?

  • @praetorxyn
    @praetorxyn ปีที่แล้ว

    The only ports I have opened up are 80 and 443, and those are forward to the LSIO swag container, which autoredirects http to https (I only have 80 opened up because I can't be arsed to type before my URLs if I don't), and takes care of reverse proxying requests from all my subdomains to the appropriate Docker containers. I am not sure how secure this is compared to say a Cloudflare tunnel, but I have not had any issues thus far.
    Either way, I think I'd need the reverse proxy setup even with a Cloudflare tunnel, because I have my network configured so that requests to my domain don't go out over the internet from inside my network, so I'd need the reverse proxy to handle the local side and I could set up Cloudflare tunnels to handle the remote side without having to open any ports.

  • @sourabhthorwat
    @sourabhthorwat ปีที่แล้ว

    I installed and configured it on my NAS, iPhone nad Laptop.
    I can access my NAS on iPhone using Tailscale IP or hostname in public network. No issue al all.
    But I am not able to use it for Synology Photos or any other app. It just gives security warning and donesn't work.

  • @arielgrassm.dan.rapmfellow4795
    @arielgrassm.dan.rapmfellow4795 ปีที่แล้ว

    If you limit the access to the port-forwarded portas to your mobile devices public IP address alone, why would it be risky to open ports this way, blocking all other IP addresses??

    • @dummyload7803
      @dummyload7803 ปีที่แล้ว

      public IPs always change. How would you setup something like this ? I guess when it comes to having restrictions on who is allowed and not most if not all smartphones are checkmate

  • @samir1612
    @samir1612 ปีที่แล้ว +1

    I have Tailscale app on my phone running.
    Somehow my Synology-one-drive and Synology-photo-app does not work when I am outside the network.
    I can open browser and login to my Synology web interface.
    Anything I am missing?
    I tried to put correct addresses in both apps as per tailscale.

  • @jasonluong3862
    @jasonluong3862 ปีที่แล้ว

    Within a few years, opening a port and port-forwarding for any outside access to your internal network is synonymous with using fax machines and having your password "password".

  • @jasonluong3862
    @jasonluong3862 ปีที่แล้ว

    Does Tailscale run on all Synology NAses or just the higher end models with the x86 CPU?

    • @NikolaBulj
      @NikolaBulj 4 หลายเดือนก่อน

      it runs on 223j, I guess it runs on almost all if not all.

  • @barkdongston5814
    @barkdongston5814 ปีที่แล้ว

    I was troubleshooting a port forwarding issue with my NAS until 1 AM yesterday lmao

  • @djplasma02
    @djplasma02 ปีที่แล้ว +2

    Cloudflare zero trust tunnels, also good for remote access.

    • @g.o.9513
      @g.o.9513 ปีที่แล้ว

      Is this service free?

  • @Teilzeitotaku
    @Teilzeitotaku ปีที่แล้ว

    for those who want to use thier synology NAS not just for themselve but to make the world a better place:
    Snowflake
    This tool makes your hardware into a TOR-Entry node...which helps other people around the world.
    Docker container is available...so it can be run on a synology NAS as such.

  • @MrTwixraider
    @MrTwixraider ปีที่แล้ว +1

    great, but if you like to share pictures with non users, I think then this isn't gonna work. So you will have to sacrify something

  • @anwar.shamim
    @anwar.shamim 10 หลายเดือนก่อน

    very important

  • @Hecheva64
    @Hecheva64 ปีที่แล้ว +1

    From your other videos I had the idea that a NAS could be a substitute for Google Photos and Drive. But yesterday I found a Reddit post with all the security warnings and saying that your NAS shouldn't be exposed to the internet. My idea was to share storage space and photos with family in different countries. And now, I find that this is a big risk not only for the NAS but for all the devices on your network. I feel frustrated and disappointed. If all this is not possible, a NAS is not for me; I prefer Google in that case. Your videos are great but I got the wrong impression from them and I think you should emphasise the problems of exposing the NAS much more. Sorry if I got the wrong ideas and I would love you to correct me and tell me that I am wrong so I can have a bit hope. Thanks for your videos

    • @dummyload7803
      @dummyload7803 ปีที่แล้ว

      if i may. A NAS can be a substitute for Google, however i would only use it via VPN. But i have to admit ... since i dont have a smartphone ... i would not know how to configure that. Using a puplic Cloudservice ... for me ... is a big nono.
      Another problem is the human being itself and its knowledge of computerstuff.
      If your family does not want to invest some time into learning a few things about computerstuff then offering space for them is ... in my eyes ... useless.

  • @oroville12345
    @oroville12345 ปีที่แล้ว

    Bro zerotier is better it works with wol and adding routes is so easy... 🔥

  • @uenmedia4528
    @uenmedia4528 ปีที่แล้ว

    Are you serious really?? What did you talk all those time? None sense really and explanation was really worse on here seen!!!!

  • @MacGyver0
    @MacGyver0 ปีที่แล้ว

    @NasCompares
    If blog/how-tailscale-works not lies, Tailscale node connections are end-to-end encrypted (a concept called “zero trust networking”).

    • @dean3184
      @dean3184 ปีที่แล้ว

      please interpret your comment for me. I'm kinda dumb when it comes to this

    • @MacGyver0
      @MacGyver0 ปีที่แล้ว

      ​@@dean3184 This means that all traffic between devices is already encrypted and cannot be inspected by someone in the middle. Thus, the tail scale provides almost the same security as a local network. I would not put additional certificates on top for each web UI within trusted local network.

    • @ltngnx
      @ltngnx ปีที่แล้ว

      @@MacGyver0 In other words, certificates are not really needed?
      Ben loking online for days how to install certificates and it seems like there's no videosshowing how-to. Maybe it is because, at the end, is not reallt that needed?