Is Tailscale the BEST way to Access a Synology NAS Remotely? (Setup Tutorial)
ฝัง
- เผยแพร่เมื่อ 12 มิ.ย. 2024
- If you're using Synology QuickConnect or OpenVPN to access your Synology NAS remotely, check out Tailscale.
🎯 Tutorials, comparisons, reviews: www.wundertech.net
✅ Written Instructions: www.wundertech.net/how-to-set...
✅ Tailscale Document: tailscale.com/kb/1131/synology
🚀 Hire Me: www.wundertech.net/wundertech...
⚡Best Synology NAS Devices: www.wundertech.net/which-syno...
⚡Product Recommendations: link.wundertech.net/rmYt
🔔 Subscribe for more tech-related tutorials and overviews: link.wundertech.net/ssYt
DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.
0:00 Intro
0:29 What is Tailscale?
1:01 Setting Up Tailscale & Testing Connection
3:04 Configuring Local Subnet Access
6:16 Using a Tailscale Exit Node
8:00 Outbound Traffic
10:04 Tailscale better than QuickConnect/OpenVPN & Disclaimers
11:35 Final Thoughts - วิทยาศาสตร์และเทคโนโลยี
One thing I wish I was a little clearer on. When I was speaking on security and performance, I was comparing QuickConnect and Tailscale. If you're using OpenVPN and you're happy with it, it's a great tool and there's no major reason to switch. However, if you want easier management with less potential issues, Tailscale is a great option. After downloading and connecting to the app on whatever device you're using, you'll have access to all of your devices/subnets.
Tailscale is great. I personally have been happy using wireguard on my router, which also allows my sister to use my network television tuner and streaming services. The only way she can get OTA television is to install a 20 foot mast for an antenna, and at 70 years old, that isn't happening. Fortunately it has worked well so far. I always worry how long something will last when it depends on using hardware and internet for free, so I tend to stick to my own resources.
Been using Tailscale for well over a year now and it just works and implementation is a breeze. For me the goal was to setup a 3-2-1 backup strategy. I have two local NAS’s and one remote. I backup my computers locally, then backup my NAS to NAS locally, the I backup my local NAS to my remote NAS. Computer backups with ABB and NAS backups with Hyper Backup.
As an aside, my remote NAS has two storage pools, the one I backup to and the other I let my daughter use for data and computer backups. Then o thought why not backup her storage pool to my NAS returning that favor too.
Tailscale handles this two way local NAS to remote NAS backup perfectly.
Lastly, being able to remote access any of my NAS’s from anywhere on any mobile device is a great benefit too.
I definitely recommend Tailscale. BTW, I was using OpenVPN just to access my NAS remotely, and though it was reliable and secure, like you said, certificates were a pain and managing a free DDNS was a pain too.
One reason I’ve chosen OpenVPN over Tailscale, I don’t want to be reliant on them if they decide to start charging single users at some point.
Does Synology not have a Wireguard client? Much faster than OpenVPN
@@NhatLinhNguyen-ru5lfNot sure. FWIW, OpenVPN is faster than Tailscale for me, which I didn’t expect considering it’s not based on Wireguard.
Then take a look at Netbird :)
Netbird is basically Tailscale in open source and fully self hosted.
@@NhatLinhNguyen-ru5lf no their linux kernel is too old for wireguard
You can self-host tailscale if need be.
Then again, I'm running both tailscale and zerotier in parallel on my nas just in case. The only problem is that Android zerotier client is not very reliable iirc
Excellent video Frank. Been using Tailscale to backup my local NAS to a remote NAS for a while now. Works perfectly!
Thanks, Tony! Appreciate you watching!
I was in SE Asia for 5 months, last year and this year. I used Tailscale to access my Synology NAS's and was able to store everything that I accumulated there to one or another of the NAS's and it was there waiting for me when I got home. It wasn't lightning fast, but it worked very well. Thanks for explaining about Exit Nodes, which I didn't use, but will in future.
Simple, clear, concise - as always! Thanks :D
Yes !!!! So simple and the package is available in the Synology App Store.
Excellent video. I was wondering whether my openvpn solution was outdated, and now I conclude that no, openvpn is just fine for me 😊
Tailscale DSM client + Headscale mgmt server on a VPS for me. Disabled using Tailscale's DERP relay servers as well. TS' technology is awesome but I like total control and not share my traffic to anyone as much as possible. Been accessing my NAS this way for quite some time. Very handy.
Did you look at Netbird then?
It's an alternative, I implemented for myself :D
How did I not know this lol...Thanks Wunder
Tailscale is awesome! I’ve been using it for couple of months for my synology setup. Only part I’m still struggling is on how to setup certificate when using my own domain name over tailnet. Would be great if you could create a tutorial for that.
Yeah, that's an interesting topic
A good and helpful video
Great video, had no idea this service exists.
PS. I am on holiday, won't let me set it up using quickconnect, have to do it in person.
I think I discovered Tailscale from this channel and it is amazing. If I did not have it I wouldn't been able to use my NAS when I am away
You would've, but it wouldn't be as easy to set up
@BoraHorzaGobuchul I did not want to open ports on my router. Tailscale is perfect for me. Just login and connect behind the router with a firewall and secure
Good stuff I use both Tailscale and a dedicated wg vpn
Can you make a video to host a headscale server locally?
Hey Frank, great video! I have been using a reverse proxy service to access my synology and other third party apps remotely by forwarding port 443 to the reverse proxy service running on my nas. This has been working fine for me. Any reason that Tailscale might be a better choice?
Thanks! It's a more secure option. With a reverse proxy, you're allowing access from anyone external (if you don't use firewall rules / access lists) and with a VPN, you're connecting to the VPN first, then the NAS so there's an additional layer.
This is my setup too, because I sometimes need access from my works pc and I cannot install unauthorised software such as Tailscale. Plus we have a vpn service we need to connect to corp network.
Why is your audio vol always lower then other channel like gamer nexus or ltt. I always have to turn my vol up when watching your vid, and turn it back down to watch other vid.
That aside... Thank you for all the knowledge, I always learn something watching your videos.
Keep up the good work!
Good question, hah! I am horrible with the audio/video stuff but I'll look into it for the next video and try and adjust it. Thanks for watching and thanks for the kind words!
@@WunderTechTutorials Np, you're doing a good job.
Running a YT channel is not a easy job, and A/V stuff can get tricky. The quality of your content is what matter most, and you sir excel at that.
Not a big deal, just wanted to make you aware.
My Unifi router has a WireGuard VPN setup using DDNS. This works very good. What would the benefit be by adding an additional party like Tailscale other than no need for DDNS? I prefer my direct WireGuard VPN over adding an additional VPN broker which also requires an extra trust level.
I wouldn't use Tailscale if you're using WG. This is more aimed at the people running QuickConnect (and potentially OpenVPN) on the NAS where WG isn't supported.
The thing preventing me from using Tailscale is that you need the Tailscale software installed to connect.
I cannot do that on my corporate provided device so I am using custom domain with reverse proxys to access my Synology and subs such as Docker containers etc.
With Quickconnect disabled, default Admin disabled, ports changed and block lists this is the best way I can currently handle this but would be interested if you have any thoughts or ways to improve this setup.
Thanj you!
The answer is very simple, Yes. Tailscale, fast, easy and secure!
Tailscale is really easy, but, watch out if you're using things like Plex. You might need to adapt your configuration.
Hi! This video is great and very clear! I followed it step by step and everything works as long as I just want to access my NAS via browser without having to change http address! However, I hoped to be able to use TimeMachine remotely but it seems I can't access SMB remotely (I can with Tailscale IP thought)... Am I missing something?
Thanks! Did you set up the local subnet?
I sure did! Can it be a problem related to 2FA?
UPDATE: I revoked the 2FA momentarily and now I can SMB, but still no TimeMachine for some reason...
I honestly have no idea how 2FA impacted SMB. When you say 2FA, do you mean 2FA on Tailscale or 2FA on the NAS?
@@WunderTechTutorials I mean 2FA on the NAS. I was thinking about this because when I SMB on the Mac it doesn't ask me for the OTP but it just gives me a login timeout error. But now I have another issue: since I ran Tailscale I keep receiving warnings from ActiveInsight that there have been multiple logins attempts from China and that the IP that was trying to login has been blocked.
Is it possible to make the entry and exit node of tailscale use a vpn like Nord so it can be encrypted at all times and hidden from my isp even when I remote in to use my arr stack from outside my local network is this possible with tailscale because if I remember it doesn’t hide your data in there tunnel I thought
Not that I know of, only for personal use.
i use tailscale to connect to a raspberry pi for a flightradar feeder. works really great and easy to setup. what i kinda dislike is when i'm connected to tailscale i don't have public internet access which kinda sucks.
Are you using the Synology as an exit node? If not, it should only run as split tunnel and it shouldn't impact internet access.
@@WunderTechTutorials thanks for the feedback, I'll look it up
Can you use it for backing up a laptop while on the road to your home NAS? Using ABB?
Yes, you have to do the subnet setup but if you connect while remote, it'll be able to access the NAS.
You may just be able to right click on the ABB icon in the Task Bar and select Edit Connection. Change the IP address to the one that Tailscale assigns. I have not tried this so it will be a bit of an experiment. I don't have much to backup while I'm travelling so I just sync with Syncthing.
@@WunderTechTutorials Thanks Frank, I'll tinker with this and let you know.
@@DavidM2002 Thanks David, I'll try this as well.
@@WunderTechTutorials Got the subnet and exit node set up. Was trying to connect at home via my iPhone, as a different network. I may try going to a coffee shop and jumping on their free wifi to check it out. I don't know why I couldn't connect via the iphone.
When I try to expose a route I get a message saying the IP address 'has non-address bits set...' What does this mean
I'd guess it's the format of how you wrote the IP, but that's just a guess. Never saw that before.
Does this work out of the box if you're behind a CGNAT?
Yes!
Works perfectly for me. I live in Mordor, and common vpn services and protocols like openvpn someone's assist to be blocked/impeded by since providers at least some of the time. It's somewhat better at the moment but there's been days when I couldn't use nordvpn on my cell phone because of that. Having TS running on my relative's NAS abroad allowed me to securely connect without any problems. Speed depends on the channels in between obviously, for me it was good enough to watch TH-cam through it at full hd.
Is it possible to use this on iphone to remotely access cameras through surveillance station?
I don't know about SS, but I do use Tailscale to view my cameras live on Home Assistant which I run on my QNAP. Home Assistant can be run on your Synology so I'm sure that it can all be pieced together fairly easily as well. No subscription costs is a huge bonus.
Yes, if they're accessed through a local IP and you configure the subnet.
I’m just using a forwarded port and a reverse proxy (about to switch to Traefik when the RAM and SSDs for my Minisforum MS-01 get here). Firewall rules would probably be good enough elsewise.
The main reason I don’t want to use something like Tailscale is that I have Nextcloud running I. The background to auto upload etc., and I don’t want to be on a VPN all the time. I’ve also heard Tailscale’s ACLs are pretty shit.
I may look into Tailscale / Wireguard on the MS-01 though. The research I did said getting a wireguard container set up on the DS918+ would be a pain.
Not sure if I'm getting you right, but you can still access your nas via local ip if you're on the network, so operation of other apps/packages should not be impacted in any way
@@BoraHorzaGobuchul I know that, but if I'm outside my house I don't want to have to choose between being connected to a VPN all the time or my background tasks on my phone failing.
@@praetorxyn connecting to a tailnet is not like a common vpn; your other tailnet devices become available to you, while you can still access other ips without the traffic being redirected through the vpn, unless you're using an exit node
@@BoraHorzaGobuchul If I can only have certain apps sent through it and it doesn’t affect battery much, that would be reason to consider it.
@@praetorxyn when I run it on my phone/computer, unless I chose to use another node as an exit node, tailscale client only enables connectivity with remote machines via their tailscale IPs. It does not route all traffic via the exit node by default.
what about Funnel !!!
just don't use exit node or subnet route. they just discoverd a cve that let's ppl connect to host behind the connector. who know from how many time it was there,
Why not just use QuickConnect?
you can not do smb over QC.
It's often slow for one thing
Tailscale in a very limited environment (home lab home office) is great. Its default any/any rule makes it easy.
The very moment you want to do ACLs Tailscale is straight up trash. Go ahead and write those JSON rules to limit access….documentation on those ACLs is difficult to follow but not impossible.
Honestly, it’s ok for straightforward vpn. Wouldn’t use it in any other environment
Totally agree with that - their ACL process is a nightmare and something I keep thinking will get better, but it hasn't yet. Like you said, not impossible, but not nearly as user-friendly as you'd hope.
Zerotier is better in this regard iirc
Please check out and make a video about Headscale.
and/or compare Headscale with Netbird, which has supported selfhosted option :)
The best solution is cloud flare tunnel
Cloudflare Tunnel only allows certain kinds of traffic / amounts of bandwidth. If you start looking at photo galleries, videos, etc. over that, they won’t take it well.
Also, in that case data goes through CF. With tailscale, data does not go through their servers, they're for coordination only
No it's not