One thing I wish I was a little clearer on. When I was speaking on security and performance, I was comparing QuickConnect and Tailscale. If you're using OpenVPN and you're happy with it, it's a great tool and there's no major reason to switch. However, if you want easier management with less potential issues, Tailscale is a great option. After downloading and connecting to the app on whatever device you're using, you'll have access to all of your devices/subnets.
Tailscale is great. I personally have been happy using wireguard on my router, which also allows my sister to use my network television tuner and streaming services. The only way she can get OTA television is to install a 20 foot mast for an antenna, and at 70 years old, that isn't happening. Fortunately it has worked well so far. I always worry how long something will last when it depends on using hardware and internet for free, so I tend to stick to my own resources.
Been using Tailscale for well over a year now and it just works and implementation is a breeze. For me the goal was to setup a 3-2-1 backup strategy. I have two local NAS’s and one remote. I backup my computers locally, then backup my NAS to NAS locally, the I backup my local NAS to my remote NAS. Computer backups with ABB and NAS backups with Hyper Backup. As an aside, my remote NAS has two storage pools, the one I backup to and the other I let my daughter use for data and computer backups. Then o thought why not backup her storage pool to my NAS returning that favor too. Tailscale handles this two way local NAS to remote NAS backup perfectly. Lastly, being able to remote access any of my NAS’s from anywhere on any mobile device is a great benefit too. I definitely recommend Tailscale. BTW, I was using OpenVPN just to access my NAS remotely, and though it was reliable and secure, like you said, certificates were a pain and managing a free DDNS was a pain too.
This is definitely the way. Currently using C2 but as soon as I have a viable location for a second NAS will do the same as you! One thing that still confuses me, using Tailscale in the way you've described, over say QuickConnect, isn't this still 'exposing your NAS to the internet' as people warn about? In that, there's a potential opening by using that? Or is it so secure that is neglible?
hanks for this extremely clear explanation of how ro install Tailscale to connect remotely to a local subnet, thus maintaining the ability to use DNS packages!
I was in SE Asia for 5 months, last year and this year. I used Tailscale to access my Synology NAS's and was able to store everything that I accumulated there to one or another of the NAS's and it was there waiting for me when I got home. It wasn't lightning fast, but it worked very well. Thanks for explaining about Exit Nodes, which I didn't use, but will in future.
this is exactly the anecdotal use-case i was looking for. As a travel videographer, I was hoping I'd be able to send footage back home. How long does it take to upload and I'm assuming its at the behest of your local internet while abroad?
You can self-host tailscale if need be. Then again, I'm running both tailscale and zerotier in parallel on my nas just in case. The only problem is that Android zerotier client is not very reliable iirc
Tailscale is awesome! I’ve been using it for couple of months for my synology setup. Only part I’m still struggling is on how to setup certificate when using my own domain name over tailnet. Would be great if you could create a tutorial for that.
Well explained and easily applicable. With an ipv6 access very limited by my ISP (i guess it is dual stack lite) i have only ipv6 host exposure available, no port forwarding. So OpenVPN i did not ma age to run and tailscale is very welcome as a solution between QC and OpenVPN. I read about TailScale before but yoour video finally encouraged me to install and give it a try. Mission accomplished.
@BoraHorzaGobuchul I did not want to open ports on my router. Tailscale is perfect for me. Just login and connect behind the router with a firewall and secure
Can you please make a video on how To set up Talescale with Synology Photos and Plex, steps to share with family and friends thank you so much great work !!!
Hey Frank, great video! I have been using a reverse proxy service to access my synology and other third party apps remotely by forwarding port 443 to the reverse proxy service running on my nas. This has been working fine for me. Any reason that Tailscale might be a better choice?
Thanks! It's a more secure option. With a reverse proxy, you're allowing access from anyone external (if you don't use firewall rules / access lists) and with a VPN, you're connecting to the VPN first, then the NAS so there's an additional layer.
This is my setup too, because I sometimes need access from my works pc and I cannot install unauthorised software such as Tailscale. Plus we have a vpn service we need to connect to corp network.
Hey @WunderTechTutorials ! Thx for the super fast reply! Actually it does. At 1:12 your refer to it yourself. But I quess the important this is to not open ports on my router for security. Again. Noob asking.. :)
Despite tailscale is awesome option, still have problems with getting into some containers gui while using it. Some of containers are accessible which means that local access is working, but some are not...
Been using TS, for Drive Syncshare and Hyper Backup. Totally love it! I have a use case where I have two Synology NAS at different locations and both acting as subnet routers. There are four IP Cameras at one location that I’d like to record to the NAS at a remote location. Is this at all possible?
@@WunderTechTutorials I have done this and I can access them from a Windows PC on the tailnet. However, Synology surveillance not seeing them to add the cameras to the remote NAS.
My Unifi router has a WireGuard VPN setup using DDNS. This works very good. What would the benefit be by adding an additional party like Tailscale other than no need for DDNS? I prefer my direct WireGuard VPN over adding an additional VPN broker which also requires an extra trust level.
I wouldn't use Tailscale if you're using WG. This is more aimed at the people running QuickConnect (and potentially OpenVPN) on the NAS where WG isn't supported.
I have Tailscale configured with Subnet routes and Exit node to my home 192.168.1.0/24 network. Works fine (I can access devices on my home network) UNLESS I am at a coffee shop that has the same subnet, 192.168.1.0/24. From the coffee shop when I try and access my home router 192.168.1.1 I get the coffee shop router not my home router. I can reach other Subnets (10.0.1.0/24) that I have configured at other locations always. What am I missing? Do I need to change my home subnet? Thanks for all the GREAT content!
You would have to change your subnet, BUT try and use the exit node first. It might work as it'll be full tunnel which should route all traffic over the VPN. I know that's how it works with self hosted options, but not sure about tailscale.
Hi Frank, thank you very much, now I can make a backup with the Hyper Backup app, what I can't connect is the Snapshots Replication app, will it be with a script too, any ideas? THX
The thing preventing me from using Tailscale is that you need the Tailscale software installed to connect. I cannot do that on my corporate provided device so I am using custom domain with reverse proxys to access my Synology and subs such as Docker containers etc. With Quickconnect disabled, default Admin disabled, ports changed and block lists this is the best way I can currently handle this but would be interested if you have any thoughts or ways to improve this setup.
i use tailscale to connect to a raspberry pi for a flightradar feeder. works really great and easy to setup. what i kinda dislike is when i'm connected to tailscale i don't have public internet access which kinda sucks.
Hello. I've got two questions: 1) when I've setup TS, I'm getting a warning: connection isn't secure (no https) on my laptop. On my phone the connection is secure. How come? Isn't that risky? 2) I'm getting a warning from dsm secrity advisor: ssh with standard configuration isn't secure. What do I need to change to make it secure?
If you were using QuickConnect for the certificate, the error is due to the self-signed certificate. You can disable SSH when done setting everything up.
Hi. On a Mac, while in terminal, I get to the point where I've typed in the initial command and been asked for the password, but when I enter it, I get an error saying permission denied. Any suggestions?
I’m just using a forwarded port and a reverse proxy (about to switch to Traefik when the RAM and SSDs for my Minisforum MS-01 get here). Firewall rules would probably be good enough elsewise. The main reason I don’t want to use something like Tailscale is that I have Nextcloud running I. The background to auto upload etc., and I don’t want to be on a VPN all the time. I’ve also heard Tailscale’s ACLs are pretty shit. I may look into Tailscale / Wireguard on the MS-01 though. The research I did said getting a wireguard container set up on the DS918+ would be a pain.
Not sure if I'm getting you right, but you can still access your nas via local ip if you're on the network, so operation of other apps/packages should not be impacted in any way
@@BoraHorzaGobuchul I know that, but if I'm outside my house I don't want to have to choose between being connected to a VPN all the time or my background tasks on my phone failing.
@@praetorxyn connecting to a tailnet is not like a common vpn; your other tailnet devices become available to you, while you can still access other ips without the traffic being redirected through the vpn, unless you're using an exit node
@@praetorxyn when I run it on my phone/computer, unless I chose to use another node as an exit node, tailscale client only enables connectivity with remote machines via their tailscale IPs. It does not route all traffic via the exit node by default.
How do you revert back to not advertising the route and exit node? What wpuld be the PowerShell command for that? Thank you for a great tutorial. Its working perfectly but Id loke to know the process on how to revert back to before I sent the PowerShell command.
Good question - off the top of my head, you can disable it in the Web Console, but if you want to remove it from the NAS, it's most likely a command. I'll see if I can find it when I'm in front of a computer.
180 days later I got disconnected because of key expiry. Any advice? I can reset my local devices. The remote servers seem to require an on-site visit and sign in. Any advice?
Why is your audio vol always lower then other channel like gamer nexus or ltt. I always have to turn my vol up when watching your vid, and turn it back down to watch other vid. That aside... Thank you for all the knowledge, I always learn something watching your videos. Keep up the good work!
Good question, hah! I am horrible with the audio/video stuff but I'll look into it for the next video and try and adjust it. Thanks for watching and thanks for the kind words!
@@WunderTechTutorials Np, you're doing a good job. Running a YT channel is not a easy job, and A/V stuff can get tricky. The quality of your content is what matter most, and you sir excel at that. Not a big deal, just wanted to make you aware.
Hi! This video is great and very clear! I followed it step by step and everything works as long as I just want to access my NAS via browser without having to change http address! However, I hoped to be able to use TimeMachine remotely but it seems I can't access SMB remotely (I can with Tailscale IP thought)... Am I missing something?
@@WunderTechTutorials I mean 2FA on the NAS. I was thinking about this because when I SMB on the Mac it doesn't ask me for the OTP but it just gives me a login timeout error. But now I have another issue: since I ran Tailscale I keep receiving warnings from ActiveInsight that there have been multiple logins attempts from China and that the IP that was trying to login has been blocked.
You may just be able to right click on the ABB icon in the Task Bar and select Edit Connection. Change the IP address to the one that Tailscale assigns. I have not tried this so it will be a bit of an experiment. I don't have much to backup while I'm travelling so I just sync with Syncthing.
@@WunderTechTutorials Got the subnet and exit node set up. Was trying to connect at home via my iPhone, as a different network. I may try going to a coffee shop and jumping on their free wifi to check it out. I don't know why I couldn't connect via the iphone.
Is it possible to make the entry and exit node of tailscale use a vpn like Nord so it can be encrypted at all times and hidden from my isp even when I remote in to use my arr stack from outside my local network is this possible with tailscale because if I remember it doesn’t hide your data in there tunnel I thought
I don't know about SS, but I do use Tailscale to view my cameras live on Home Assistant which I run on my QNAP. Home Assistant can be run on your Synology so I'm sure that it can all be pieced together fairly easily as well. No subscription costs is a huge bonus.
not working, when i install it on synology and on a windows system because the need of a second system? well both online, but de synology nas isnt reachable outside the local network, when tailscale is turned off. its back reacable.. so u have a fix? or u can help my with get it reachable from outside the internal network, and yes, all ports are open because without tailscale it works 100% on everyone's internet connection
It works because you're using port forwarding which keeps everything open, but is a security concern. I'd turn off all port forwarding and attempt to get Tailscale working. Hard to say what it is but that would be my first step.
I have followed you guide to a T but can’t access things on my home network via the subnet IP. My router uses 192.168.1.1, so I used 192.168.1.0/24 in the ssh command. I input the password and then the subnet and exit node showed up in Tailscale settings. But when I try to access my synology or router (when connected to Tailscale), it won’t connect. Not sure where to trouble shoot next?
@@WunderTechTutorials it was enabled. I think I might have found the issue. My LAN IP from my router I'd 192.168.1.1. The subnet ends in .252.0 instead of .255.0. I can change that. But still unsure what route to advertise if my lan ip is 192.168.1.1 but it assigns 192.168.0.xx
A quick update for you. That worked. I changed the last three digits of my subnet to.255 and it worked. I should also note that on your webpage with tutorial, I think the = is missing before the IP address. But you are a superstar for all your help with this.
Hi i have a DS923+ , my goal is to watch some short videos from my NAS through my 4G mobile phone (so over the internet) , currently from inside my Local wifi network / LAN Synology, i am getting 200mb/s , when i disable wifi i get 1.5MB/s , all this from DS file and apparently quickconnect. , on my plan B i just made this tailscale approach , so both android and DS923 are inside the tailgate , NAS has Subnet router just fine , But again , unfortunetelly i get max 2.4mb , i need HELP!!! EDIT , speed of my router : i get 200MB/Upload and 200mb/Downoload , from my 4G mobile i get 50mb/U and 20mb/
Works perfectly for me. I live in Mordor, and common vpn services and protocols like openvpn someone's assist to be blocked/impeded by since providers at least some of the time. It's somewhat better at the moment but there's been days when I couldn't use nordvpn on my cell phone because of that. Having TS running on my relative's NAS abroad allowed me to securely connect without any problems. Speed depends on the channels in between obviously, for me it was good enough to watch TH-cam through it at full hd.
Tailscale DSM client + Headscale mgmt server on a VPS for me. Disabled using Tailscale's DERP relay servers as well. TS' technology is awesome but I like total control and not share my traffic to anyone as much as possible. Been accessing my NAS this way for quite some time. Very handy.
I followed your steps carefully, but unfortunately, I got stuck on getting into my NAS even though am signed in to Tailscale website. what to do, I can't access my NAS
@ thank you for your reply. I’m trying to install tailscale on my ds220+ from a package within the synology applications package, running dsm 7.1. I’m reading of several people having trouble and from what I can see synology seems to be making this difficult. I’ve been able open and run the package, create an account and sign in, but I can’t reach the tailscale admin page to see my nas listed as a connected device.
just don't use exit node or subnet route. they just discoverd a cve that let's ppl connect to host behind the connector. who know from how many time it was there,
You did not cover the Tailscale Taildrop Shared Folder option on your Synology NAS. If you create a Shared Taildrop Folder then go into Permissions for the Taildrop Folder and give the Tailscale User ID Read/Write access then you can use Tailscale on your iPhone/iPad to send files directly to the Taildrop Folder. Just pick a photo or video on your iPhone/iPad and hit the Upload icon on the left. Then scroll the ribbon of Destinations to the right and hit the three period icon for more destinations. Select Tailscale from the list and it will list all your Tailscale machines. Select the one for your specific Synology NAS and the selected file will be copied to the NAS Shared Taildrop Folder. This works the same way for a QNAP NAS running Tailscale. On a ASUSTOR NAS running Tailscale the file will be copied to the Docker/Tailscale Folder.
Tailscale in a very limited environment (home lab home office) is great. Its default any/any rule makes it easy. The very moment you want to do ACLs Tailscale is straight up trash. Go ahead and write those JSON rules to limit access….documentation on those ACLs is difficult to follow but not impossible. Honestly, it’s ok for straightforward vpn. Wouldn’t use it in any other environment
Totally agree with that - their ACL process is a nightmare and something I keep thinking will get better, but it hasn't yet. Like you said, not impossible, but not nearly as user-friendly as you'd hope.
I found this to be too complicated. You did not define the terms you use. You have a great frame of reference for this, but for someone new to VPN, it was a bit much.
Cloudflare Tunnel only allows certain kinds of traffic / amounts of bandwidth. If you start looking at photo galleries, videos, etc. over that, they won’t take it well.
One thing I wish I was a little clearer on. When I was speaking on security and performance, I was comparing QuickConnect and Tailscale. If you're using OpenVPN and you're happy with it, it's a great tool and there's no major reason to switch. However, if you want easier management with less potential issues, Tailscale is a great option. After downloading and connecting to the app on whatever device you're using, you'll have access to all of your devices/subnets.
Tailscale is great. I personally have been happy using wireguard on my router, which also allows my sister to use my network television tuner and streaming services. The only way she can get OTA television is to install a 20 foot mast for an antenna, and at 70 years old, that isn't happening. Fortunately it has worked well so far. I always worry how long something will last when it depends on using hardware and internet for free, so I tend to stick to my own resources.
Been using Tailscale for well over a year now and it just works and implementation is a breeze. For me the goal was to setup a 3-2-1 backup strategy. I have two local NAS’s and one remote. I backup my computers locally, then backup my NAS to NAS locally, the I backup my local NAS to my remote NAS. Computer backups with ABB and NAS backups with Hyper Backup.
As an aside, my remote NAS has two storage pools, the one I backup to and the other I let my daughter use for data and computer backups. Then o thought why not backup her storage pool to my NAS returning that favor too.
Tailscale handles this two way local NAS to remote NAS backup perfectly.
Lastly, being able to remote access any of my NAS’s from anywhere on any mobile device is a great benefit too.
I definitely recommend Tailscale. BTW, I was using OpenVPN just to access my NAS remotely, and though it was reliable and secure, like you said, certificates were a pain and managing a free DDNS was a pain too.
This is definitely the way. Currently using C2 but as soon as I have a viable location for a second NAS will do the same as you!
One thing that still confuses me, using Tailscale in the way you've described, over say QuickConnect, isn't this still 'exposing your NAS to the internet' as people warn about? In that, there's a potential opening by using that? Or is it so secure that is neglible?
Excellent video Frank. Been using Tailscale to backup my local NAS to a remote NAS for a while now. Works perfectly!
Thanks, Tony! Appreciate you watching!
hanks for this extremely clear explanation of how ro install Tailscale to connect remotely to a local subnet, thus maintaining the ability to use DNS packages!
I was in SE Asia for 5 months, last year and this year. I used Tailscale to access my Synology NAS's and was able to store everything that I accumulated there to one or another of the NAS's and it was there waiting for me when I got home. It wasn't lightning fast, but it worked very well. Thanks for explaining about Exit Nodes, which I didn't use, but will in future.
this is exactly the anecdotal use-case i was looking for. As a travel videographer, I was hoping I'd be able to send footage back home. How long does it take to upload and I'm assuming its at the behest of your local internet while abroad?
One reason I’ve chosen OpenVPN over Tailscale, I don’t want to be reliant on them if they decide to start charging single users at some point.
Does Synology not have a Wireguard client? Much faster than OpenVPN
@@crush_overrideNot sure. FWIW, OpenVPN is faster than Tailscale for me, which I didn’t expect considering it’s not based on Wireguard.
Then take a look at Netbird :)
Netbird is basically Tailscale in open source and fully self hosted.
@@crush_override no their linux kernel is too old for wireguard
You can self-host tailscale if need be.
Then again, I'm running both tailscale and zerotier in parallel on my nas just in case. The only problem is that Android zerotier client is not very reliable iirc
Yes !!!! So simple and the package is available in the Synology App Store.
Tailscale is awesome! I’ve been using it for couple of months for my synology setup. Only part I’m still struggling is on how to setup certificate when using my own domain name over tailnet. Would be great if you could create a tutorial for that.
Yeah, that's an interesting topic
Well explained and easily applicable. With an ipv6 access very limited by my ISP (i guess it is dual stack lite) i have only ipv6 host exposure available, no port forwarding. So OpenVPN i did not ma age to run and tailscale is very welcome as a solution between QC and OpenVPN. I read about TailScale before but yoour video finally encouraged me to install and give it a try. Mission accomplished.
for multiple networks as an example: sudo tailscale up --advertise-routes=192.168.2.0/24,192.168.10.0/24 --advertise-exit-node --reset
I think I discovered Tailscale from this channel and it is amazing. If I did not have it I wouldn't been able to use my NAS when I am away
You would've, but it wouldn't be as easy to set up
@BoraHorzaGobuchul I did not want to open ports on my router. Tailscale is perfect for me. Just login and connect behind the router with a firewall and secure
Excellent video. I was wondering whether my openvpn solution was outdated, and now I conclude that no, openvpn is just fine for me 😊
Simple, clear, concise - as always! Thanks :D
Can you please make a video on how To set up Talescale with Synology Photos and Plex, steps to share with family and friends
thank you so much great work !!!
Can you make a video to host a headscale server locally?
Hey Frank, great video! I have been using a reverse proxy service to access my synology and other third party apps remotely by forwarding port 443 to the reverse proxy service running on my nas. This has been working fine for me. Any reason that Tailscale might be a better choice?
Thanks! It's a more secure option. With a reverse proxy, you're allowing access from anyone external (if you don't use firewall rules / access lists) and with a VPN, you're connecting to the VPN first, then the NAS so there's an additional layer.
This is my setup too, because I sometimes need access from my works pc and I cannot install unauthorised software such as Tailscale. Plus we have a vpn service we need to connect to corp network.
@@WunderTechTutorials is this the reason, why opening the port is not a problem?
(noob question)
@@johann3029 Opening the port in what context? Tailscale shouldn't open any ports.
Hey @WunderTechTutorials ! Thx for the super fast reply!
Actually it does.
At 1:12 your refer to it yourself.
But I quess the important this is to not open ports on my router for security.
Again. Noob asking.. :)
Despite tailscale is awesome option, still have problems with getting into some containers gui while using it. Some of containers are accessible which means that local access is working, but some are not...
Been using TS, for Drive Syncshare and Hyper Backup. Totally love it!
I have a use case where I have two Synology NAS at different locations and both acting as subnet routers.
There are four IP Cameras at one location that I’d like to record to the NAS at a remote location. Is this at all possible?
You'll have to advertise a subnet where the cameras are so that you can access them through TS.
@@WunderTechTutorials I have done this and I can access them from a Windows PC on the tailnet.
However, Synology surveillance not seeing them to add the cameras to the remote NAS.
Great video, had no idea this service exists.
PS. I am on holiday, won't let me set it up using quickconnect, have to do it in person.
My Unifi router has a WireGuard VPN setup using DDNS. This works very good. What would the benefit be by adding an additional party like Tailscale other than no need for DDNS? I prefer my direct WireGuard VPN over adding an additional VPN broker which also requires an extra trust level.
I wouldn't use Tailscale if you're using WG. This is more aimed at the people running QuickConnect (and potentially OpenVPN) on the NAS where WG isn't supported.
I would like to see more about Tailscale SSH
I have Tailscale configured with Subnet routes and Exit node to my home 192.168.1.0/24 network. Works fine (I can access devices on my home network) UNLESS I am at a coffee shop that has the same subnet, 192.168.1.0/24. From the coffee shop when I try and access my home router 192.168.1.1 I get the coffee shop router not my home router. I can reach other Subnets (10.0.1.0/24) that I have configured at other locations always. What am I missing? Do I need to change my home subnet? Thanks for all the GREAT content!
You would have to change your subnet, BUT try and use the exit node first. It might work as it'll be full tunnel which should route all traffic over the VPN. I know that's how it works with self hosted options, but not sure about tailscale.
Hi Frank, thank you very much, now I can make a backup with the Hyper Backup app, what I can't connect is the Snapshots Replication app, will it be with a script too, any ideas? THX
Thanks! Did you set up the scheduled task?
@@WunderTechTutorials Yes, I see the other NAS outside my network, I can even authenticate, but when processing the snapshots it throws an error
The thing preventing me from using Tailscale is that you need the Tailscale software installed to connect.
I cannot do that on my corporate provided device so I am using custom domain with reverse proxys to access my Synology and subs such as Docker containers etc.
With Quickconnect disabled, default Admin disabled, ports changed and block lists this is the best way I can currently handle this but would be interested if you have any thoughts or ways to improve this setup.
Tailscale is really easy, but, watch out if you're using things like Plex. You might need to adapt your configuration.
What changes did you need to make in Plex to address issues introduced by Tailscale?
Dear friend
Can you pls tell me how can I remove subnet from my synology ( If I can put a command in ssh to my synology ) ? Thanks in advance .
i use tailscale to connect to a raspberry pi for a flightradar feeder. works really great and easy to setup. what i kinda dislike is when i'm connected to tailscale i don't have public internet access which kinda sucks.
Are you using the Synology as an exit node? If not, it should only run as split tunnel and it shouldn't impact internet access.
@@WunderTechTutorials thanks for the feedback, I'll look it up
Hello. I've got two questions:
1) when I've setup TS, I'm getting a warning: connection isn't secure (no https) on my laptop.
On my phone the connection is secure.
How come? Isn't that risky?
2) I'm getting a warning from dsm secrity advisor: ssh with standard configuration isn't secure. What do I need to change to make it secure?
If you were using QuickConnect for the certificate, the error is due to the self-signed certificate. You can disable SSH when done setting everything up.
Hi. On a Mac, while in terminal, I get to the point where I've typed in the initial command and been asked for the password, but when I enter it, I get an error saying permission denied. Any suggestions?
I’m just using a forwarded port and a reverse proxy (about to switch to Traefik when the RAM and SSDs for my Minisforum MS-01 get here). Firewall rules would probably be good enough elsewise.
The main reason I don’t want to use something like Tailscale is that I have Nextcloud running I. The background to auto upload etc., and I don’t want to be on a VPN all the time. I’ve also heard Tailscale’s ACLs are pretty shit.
I may look into Tailscale / Wireguard on the MS-01 though. The research I did said getting a wireguard container set up on the DS918+ would be a pain.
Not sure if I'm getting you right, but you can still access your nas via local ip if you're on the network, so operation of other apps/packages should not be impacted in any way
@@BoraHorzaGobuchul I know that, but if I'm outside my house I don't want to have to choose between being connected to a VPN all the time or my background tasks on my phone failing.
@@praetorxyn connecting to a tailnet is not like a common vpn; your other tailnet devices become available to you, while you can still access other ips without the traffic being redirected through the vpn, unless you're using an exit node
@@BoraHorzaGobuchul If I can only have certain apps sent through it and it doesn’t affect battery much, that would be reason to consider it.
@@praetorxyn when I run it on my phone/computer, unless I chose to use another node as an exit node, tailscale client only enables connectivity with remote machines via their tailscale IPs. It does not route all traffic via the exit node by default.
How do you revert back to not advertising the route and exit node? What wpuld be the PowerShell command for that? Thank you for a great tutorial. Its working perfectly but Id loke to know the process on how to revert back to before I sent the PowerShell command.
Good question - off the top of my head, you can disable it in the Web Console, but if you want to remove it from the NAS, it's most likely a command. I'll see if I can find it when I'm in front of a computer.
180 days later I got disconnected because of key expiry. Any advice? I can reset my local devices. The remote servers seem to require an on-site visit and sign in. Any advice?
I believe that you're able to disable key expiry if you'd like.
hi i can't set the advertise route on Windows Power Shell, the message i get is:
"ip.address" has non-address bits set; expected "ip.address.here"
Why is your audio vol always lower then other channel like gamer nexus or ltt. I always have to turn my vol up when watching your vid, and turn it back down to watch other vid.
That aside... Thank you for all the knowledge, I always learn something watching your videos.
Keep up the good work!
Good question, hah! I am horrible with the audio/video stuff but I'll look into it for the next video and try and adjust it. Thanks for watching and thanks for the kind words!
@@WunderTechTutorials Np, you're doing a good job.
Running a YT channel is not a easy job, and A/V stuff can get tricky. The quality of your content is what matter most, and you sir excel at that.
Not a big deal, just wanted to make you aware.
Hi! This video is great and very clear! I followed it step by step and everything works as long as I just want to access my NAS via browser without having to change http address! However, I hoped to be able to use TimeMachine remotely but it seems I can't access SMB remotely (I can with Tailscale IP thought)... Am I missing something?
Thanks! Did you set up the local subnet?
I sure did! Can it be a problem related to 2FA?
UPDATE: I revoked the 2FA momentarily and now I can SMB, but still no TimeMachine for some reason...
I honestly have no idea how 2FA impacted SMB. When you say 2FA, do you mean 2FA on Tailscale or 2FA on the NAS?
@@WunderTechTutorials I mean 2FA on the NAS. I was thinking about this because when I SMB on the Mac it doesn't ask me for the OTP but it just gives me a login timeout error. But now I have another issue: since I ran Tailscale I keep receiving warnings from ActiveInsight that there have been multiple logins attempts from China and that the IP that was trying to login has been blocked.
I tried to do this, but I have a very slow file upload speed on the NAS
Can you use it for backing up a laptop while on the road to your home NAS? Using ABB?
Yes, you have to do the subnet setup but if you connect while remote, it'll be able to access the NAS.
You may just be able to right click on the ABB icon in the Task Bar and select Edit Connection. Change the IP address to the one that Tailscale assigns. I have not tried this so it will be a bit of an experiment. I don't have much to backup while I'm travelling so I just sync with Syncthing.
@@WunderTechTutorials Thanks Frank, I'll tinker with this and let you know.
@@DavidM2002 Thanks David, I'll try this as well.
@@WunderTechTutorials Got the subnet and exit node set up. Was trying to connect at home via my iPhone, as a different network. I may try going to a coffee shop and jumping on their free wifi to check it out. I don't know why I couldn't connect via the iphone.
Good stuff I use both Tailscale and a dedicated wg vpn
Is it possible to make the entry and exit node of tailscale use a vpn like Nord so it can be encrypted at all times and hidden from my isp even when I remote in to use my arr stack from outside my local network is this possible with tailscale because if I remember it doesn’t hide your data in there tunnel I thought
Not that I know of, only for personal use.
How did I not know this lol...Thanks Wunder
Is it possible to use this on iphone to remotely access cameras through surveillance station?
I don't know about SS, but I do use Tailscale to view my cameras live on Home Assistant which I run on my QNAP. Home Assistant can be run on your Synology so I'm sure that it can all be pieced together fairly easily as well. No subscription costs is a huge bonus.
Yes, if they're accessed through a local IP and you configure the subnet.
not working, when i install it on synology and on a windows system because the need of a second system?
well both online, but de synology nas isnt reachable outside the local network, when tailscale is turned off. its back reacable..
so u have a fix? or u can help my with get it reachable from outside the internal network, and yes, all ports are open because without tailscale it works 100% on everyone's internet connection
It works because you're using port forwarding which keeps everything open, but is a security concern. I'd turn off all port forwarding and attempt to get Tailscale working. Hard to say what it is but that would be my first step.
I have followed you guide to a T but can’t access things on my home network via the subnet IP. My router uses 192.168.1.1, so I used 192.168.1.0/24 in the ssh command. I input the password and then the subnet and exit node showed up in Tailscale settings. But when I try to access my synology or router (when connected to Tailscale), it won’t connect. Not sure where to trouble shoot next?
Was the subnet enabled in the admin interface? Can you ping any 192 devices when connecting to Tailscale?
@@WunderTechTutorials it was enabled. I think I might have found the issue. My LAN IP from my router I'd 192.168.1.1. The subnet ends in .252.0 instead of .255.0. I can change that. But still unsure what route to advertise if my lan ip is 192.168.1.1 but it assigns 192.168.0.xx
A quick update for you. That worked. I changed the last three digits of my subnet to.255 and it worked. I should also note that on your webpage with tutorial, I think the = is missing before the IP address. But you are a superstar for all your help with this.
Hi i have a DS923+ , my goal is to watch some short videos from my NAS through my 4G mobile phone (so over the internet) , currently from inside my Local wifi network / LAN Synology, i am getting 200mb/s , when i disable wifi i get 1.5MB/s , all this from DS file and apparently quickconnect. , on my plan B i just made this tailscale approach , so both android and DS923 are inside the tailgate , NAS has Subnet router just fine , But again , unfortunetelly i get max 2.4mb , i need HELP!!! EDIT , speed of my router : i get 200MB/Upload and 200mb/Downoload , from my 4G mobile i get 50mb/U and 20mb/
Does this work out of the box if you're behind a CGNAT?
Yes!
Works perfectly for me. I live in Mordor, and common vpn services and protocols like openvpn someone's assist to be blocked/impeded by since providers at least some of the time. It's somewhat better at the moment but there's been days when I couldn't use nordvpn on my cell phone because of that. Having TS running on my relative's NAS abroad allowed me to securely connect without any problems. Speed depends on the channels in between obviously, for me it was good enough to watch TH-cam through it at full hd.
Worked perfectly fine with Starlink, which uses CGNAT.
When I try to expose a route I get a message saying the IP address 'has non-address bits set...' What does this mean
I'd guess it's the format of how you wrote the IP, but that's just a guess. Never saw that before.
Tailscale DSM client + Headscale mgmt server on a VPS for me. Disabled using Tailscale's DERP relay servers as well. TS' technology is awesome but I like total control and not share my traffic to anyone as much as possible. Been accessing my NAS this way for quite some time. Very handy.
Did you look at Netbird then?
It's an alternative, I implemented for myself :D
A good and helpful video
I followed your steps carefully, but unfortunately, I got stuck on getting into my NAS even though am signed in to Tailscale website. what to do, I can't access my NAS
What exactly is the issue/scenario?
what about Funnel !!!
Why not just use QuickConnect?
you can not do smb over QC.
It's often slow for one thing
Tailscale won’t install on my synology nas.
Meaning there's an error, or it's not there? If it's not there, your NAS may not support it.
@ thank you for your reply. I’m trying to install tailscale on my ds220+ from a package within the synology applications package, running dsm 7.1. I’m reading of several people having trouble and from what I can see synology seems to be making this difficult. I’ve been able open and run the package, create an account and sign in, but I can’t reach the tailscale admin page to see my nas listed as a connected device.
just don't use exit node or subnet route. they just discoverd a cve that let's ppl connect to host behind the connector. who know from how many time it was there,
I like Perimeter81.
You did not cover the Tailscale Taildrop Shared Folder option on your Synology NAS.
If you create a Shared Taildrop Folder then go into Permissions for the Taildrop Folder and give the Tailscale User ID Read/Write access then you can use Tailscale on your iPhone/iPad to send files directly to the Taildrop Folder.
Just pick a photo or video on your iPhone/iPad and hit the Upload icon on the left. Then scroll the ribbon of Destinations to the right and hit the three period icon for more destinations. Select Tailscale from the list and it will list all your Tailscale machines. Select the one for your specific Synology NAS and the selected file will be copied to the NAS Shared Taildrop Folder.
This works the same way for a QNAP NAS running Tailscale.
On a ASUSTOR NAS running Tailscale the file will be copied to the Docker/Tailscale Folder.
How to turn off tailscale in a synology nas 7
You can uninstall the package and remove it from the Tailscale web interface.
@@WunderTechTutorials Thank you.
Thanj you!
Tailscale in a very limited environment (home lab home office) is great. Its default any/any rule makes it easy.
The very moment you want to do ACLs Tailscale is straight up trash. Go ahead and write those JSON rules to limit access….documentation on those ACLs is difficult to follow but not impossible.
Honestly, it’s ok for straightforward vpn. Wouldn’t use it in any other environment
Totally agree with that - their ACL process is a nightmare and something I keep thinking will get better, but it hasn't yet. Like you said, not impossible, but not nearly as user-friendly as you'd hope.
Zerotier is better in this regard iirc
Please check out and make a video about Headscale.
and/or compare Headscale with Netbird, which has supported selfhosted option :)
I found this to be too complicated. You did not define the terms you use. You have a great frame of reference for this, but for someone new to VPN, it was a bit much.
Sorry
For a home user who is not tech savvy, Synology just destroyed the purpose of remote backup.
The best solution is cloud flare tunnel
Cloudflare Tunnel only allows certain kinds of traffic / amounts of bandwidth. If you start looking at photo galleries, videos, etc. over that, they won’t take it well.
Also, in that case data goes through CF. With tailscale, data does not go through their servers, they're for coordination only
No it's not