🚀 NAS – P12 How to Set Up VPN Server on Synology NAS

Secure Remote Access with OpenVPN, L2TP/IPsec & PPTP

Setting up a VPN Server on Synology NAS is one of the most powerful ways to create secure remote access to your internal network.

Instead of relying on third-party VPN providers, you can host your own private VPN directly on your NAS infrastructure.

This guide walks you through installing and configuring Synology VPN Server, covering:

• PPTP

• L2TP/IPsec

• OpenVPN

With proper configuration, you can achieve enterprise-level VPN security at minimal cost.

This deployment is ideal for:

• 🏠 Home users

• 🏢 Small & Medium Businesses

• 🖥️ IT administrators

• 🔐 Remote secure access environments

By the end of this tutorial, your Synology NAS will function as a stable and secure VPN gateway.

📦 Step 0 – Install VPN Server Package

Before configuration:

1️⃣ Go to Package Center
2️⃣ Search for VPN Server
3️⃣ Click Install

After installation, open VPN Server to begin configuration.

🔹 1. PPTP Configuration

⚠️ Note: PPTP is older and less secure but easy to deploy.

Step 1: NAT Port Configuration

On your router/firewall:

NAT Port 1723

Step 2: Enable PPTP

Open:

VPN Server → PPTP → Enable PPTP VPN Server

Configure basic settings as needed.

Step 3: Add VPN Connection on Windows

On Windows:

• Add new VPN connection

• Select PPTP protocol

• Enter WAN IP

Check WAN IP:

27.64.16.182

Connect and verify.

🔹 2. L2TP/IPsec Configuration (Real NAS Deployment)

More secure and recommended over PPTP.

Step 1: NAT Port Configuration

Forward the following ports:

Create preshare-key.

Step 2: Enable L2TP/IPsec

Go to:

VPN Server → L2TP/IPsec → Enable

Enter the preshared key created earlier.

Step 3: Add VPN Connection on Windows

• Add new VPN

• Select L2TP/IPsec

• Enter WAN IP

• Enter preshared key

Connect and verify secure access.

🔹 3. OpenVPN Configuration (Recommended)

OpenVPN provides the best balance between security and flexibility.

Step 1: NAT Port

Forward OpenVPN port (default):

Step 2: Configure OpenVPN in VPN Server (Synology)

Go to:

Package Center → VPN Server → OpenVPN

🔐 Authentication

• Authentication: SHA256
👉 Standard, robust, compatible with OpenVPN GUI on Windows

• Client verification: Enable

• Verify TLS auth key: ✅ Enable
👉 Helps prevent scan/bruteforce attacks

📌 No complicated changes needed. Synology’s default OpenVPN configuration is already well optimized.

🔒 Encryption

• Encryption: AES-256-CBC
👉 Most common and fully supported by OpenVPN GUI

📌 If NAS and client are newer, AES-256-GCM is also acceptable.

📦 MTU

• MTU: 1500 (default)
👉 Works well on most Vietnamese networks

If you encounter issues:

• Connects but cannot access web

• Slow browsing

→ Reduce MTU to 1450 or 1400

Additional Options

✅ Allow clients to access the server’s LAN (enable if accessing internal network)

❌ Enable compression on the VPN link → DO NOT tick

✅ Dynamic IP address → Should be enabled

Step 3: Create VPN Users

Go to:

Control Panel → Users

Then:

VPN Server → Privilege → Tick OpenVPN

Select which users are allowed VPN access.

Step 4: Download the VPN Configuration File

Inside:

VPN Server → OpenVPN

Click:

👉 Export configuration

This downloads:

Extract the file. You will see:

📌 The file to import is:

🔧 Edit Server Address

Open VPNConfig.ovpn with Notepad++.

Find:

Change to:

Or replace with your real WAN IP.

Save the file.

Step 5: Download OpenVPN GUI

Download and install:

OpenVPN GUI for Windows

Step 6: Import and Connect

Do the following:

• Install OpenVPN GUI
• Import the .ovpn file
• Right-click OpenVPN icon → Run as Administrator
• Connect

📌 Synology exports a standard OpenVPN file — no heavy modification required.

🔐 Security Best Practices

To harden your VPN deployment:

✔ Disable default admin account
✔ Use strong passwords
✔ Enable 2FA
✔ Use domain + DDNS instead of static IP
✔ Keep DSM updated
✔ Restrict VPN user privileges

A VPN increases accessibility — but security must remain priority.

🎯 Final Thoughts

Deploying a VPN Server on Synology NAS gives you:

• Secure remote access

• Encrypted traffic

• Full control over your infrastructure

• Reduced reliance on third-party VPN providers

For home labs and SMB environments, OpenVPN is strongly recommended due to its security and flexibility.

With proper configuration, your Synology NAS becomes a powerful private VPN gateway — secure, stable, and cost-effective.