Tailscale on a Synology NAS - Secure Remote Connection without Port Forwarding or Firewall Rules

preview_player
Показать описание


Access Synology NAS from anywhere
Tailscale makes it easy to securely connect to your Synology NAS devices over WireGuard®.

Tailscale is free for most personal uses, including accessing your NAS.

Installation steps
Visit the Synology Package Center (tutorial).

Search for and install the Tailscale app.

Once the app is installed, follow the instructions to Log in using your preferred identity provider. If you don’t already have a Tailscale account, a free account will be created automatically.

Now your Synology NAS is available on your tailnet. Connect to it from your PC, laptop, phone, or tablet by installing Tailscale on another device.

That’s it!

Features
When used with Synology, Tailscale supports these features:

Web-based login to any supported identity provider.
Access your Synology NAS from anywhere, without opening firewall ports.
Share your NAS with designated Tailscale users, using node sharing.
Restrict access to your NAS using ACLs.
Use your NAS as a subnet router to provide external access to your LAN. (Currently requires command-line steps.)
Use your NAS as an exit node for secure Internet access from anywhere. (Currently requires command-line steps.)
Limitations & known issues
Some things to be aware of:

If you upgrade Synology from DSM6 to DSM7, you will need to uninstall and then reinstall the Tailscale app. Do not perform the Synology DSM7 upgrade over Tailscale or you may lose your connection during the upgrade.

Tailscale uses hybrid networking mode on Synology, which means that if you share subnets, they will be reachable over UDP and TCP, but not necessarily pingable.

Other Synology packages cannot make outgoing connections to your other Tailscale nodes by default on DSM7. See instructions below to enable.

Tailscale on Synology currently can do --advertise-routes but not --accept-routes. This means that if you have other subnet routers, devices on those other subnets will not yet be able to reach your NAS or devices on its local subnet.

Advertising subnet routes can only be configured from the command line, not the web GUI.

Tailscale SSH does not run on Synology.

Some of those limitations are imposed on Tailscale by the DSM7 sandbox. Others we intend to fix in future releases of Tailscale.

See our Synology tracking issue on GitHub for the latest status on the above issues.

Manual installation steps
An alternative to the recommended approach of installing Tailscale from the Synology Package Center is to install Tailscale using a downloadable Synology package (SPK). A reason you might want to install from an SPK is to access new Tailscale features that are not yet released in the Tailscale version that is available from the Synology Package Center.

To manually install Tailscale:

Download the SPK for your Synology device from the Tailscale Packages server. Synology SPKs are available from both stable and unstable release tracks. To determine which download is appropriate for your Synology device, visit the Synology and SynoCommunity Package Architectures page and look up your architecture by Synology model. Then, find the SPK download at Tailscale Packages that corresponds to your model.

In the Synology DSM web admin UI, go to Main menu - Package Center.

Click Manual Install, click Browse, select the SPK (.spk) file that you downloaded, and then click Next.

Follow the remaining prompts to confirm settings and complete installation.

At this point tailscaled should be up and running on your Synology device and you can configure it either using the Tailscale package’s Synology web UI or the CLI over SSH.

Video Chapters
00:00 - The Start
00:38 - When did I start using Tailscale on my Synology NAS?
01:14 - What is Tailscale?
01:49 - Why is remote accessing your NAS so dangerous and how is it done?
02:38 - What is Port Forwarding and How does it work?
03:37 - What About a VPN to Conenct to your NAS Remotely?
04:33 - Tailscale vs Port Forwarding vs Synology Quick Connect vs VPNs
06:33 - How to Install Tailscale on your Synology NAS
06:57 - How to Setup Tailscale on your Synology NAS
07:50 - How to Install, Setup and Connect to the NAS over TAILSCALE with your Windows. Mac, Android or iOS system
09:32 - Tailscale to Synology NAS Connection remote connect demonstration
11:28 - Using Tailscale DOES NOT mean you shouldn't be aware of your Synology NAS Security!!!!
  1. NASCompares
  2. NAS Server
  3. NAS Drive
  4. NAS Guide
  5. Synology Tailscale
  6. synology tailscale setup guide
Рекомендации по теме
How To Install 0:05:40

How To Install And Configure Tailscale On Your Synology Nas

Is Tailscale the 0:11:51

Is Tailscale the BEST way to Access a Synology NAS Remotely? (Setup Tutorial)

Tailscale on a 0:13:14

Tailscale on a Synology NAS - Secure Remote Connection without Port Forwarding or Firewall Rules

Tailscale vs OpenVPN: 0:26:19

Tailscale vs OpenVPN: What is the BEST was to secure your NAS?

Tailscale VPN Setup 0:09:02

Tailscale VPN Setup - WireGuard on a Synology NAS? Kind of...

The Complete Guide 0:32:17

The Complete Guide to Remotely Access Synology NAS - All 5 Options Explained

Setup Your Synology 0:06:26

Setup Your Synology NAS As A Tailscale Subnet Router To Allow LAN Access

Setup Your Synology 0:05:49

Setup Your Synology NAS As A Tailscale Exit Node

How to get 0:09:33

How to get started with Tailscale in under 10 minutes

How to Backup 0:12:17

How to Backup one Synology NAS to Another Synology for an Offsite backup using Tailscale

Remote Access of 0:13:19

Remote Access of your NAS and Network using tailscale

Tailscale is the 0:21:39

Tailscale is the Easiest Personal VPN Solution - Securely connect to your home devices remotely !

Instalar tailscale en 0:04:08

Instalar tailscale en nuestro nas

TailScale - Your 0:16:43

TailScale - Your Own Virtual Private Network

Setup A WireGuard 0:07:10

Setup A WireGuard Based Connection To Your Synology NAS With Tailscale

Ultimate Guide to 0:14:43

Ultimate Guide to Synology Remote Access: 5 Methods Explored

Tailscale VPN - 0:15:41

Tailscale VPN - WireGuard was never so easy!

Simple DIY Offsite 0:21:31

Simple DIY Offsite Backup NAS using Tailscale

Tailscale Exit Node 0:07:22

Tailscale Exit Node - Setup and Configuration

The BEST ways 0:08:12

The BEST ways to use a Synology NAS (17+ Projects)

How to Twingate 0:14:20

How to Twingate Remote Access to Synology (no port forwarding)

Setup Tailscale Outbound 0:07:34

Setup Tailscale Outbound Connections On Your Synology NAS Running DSM7 For Remote Backups

Split DNS Magic 0:23:04

Split DNS Magic with Tailscale - Access remote services from anywhere!

Backup Your Data 0:06:37

Backup Your Data To A Remote Synology NAS Using Hyper Backup And Tailscale

Комментарии
Автор

Every time I go looking for info online regarding using my NAS it's always NASCompares that I end up at as a destination. Haha. Keep up the good work!

j_holtslander
Автор

How the hell did you know I was looking to research this today???

ZajaxFilms
Автор

You mention security at the end - where can I find instructions for adding such security - e.g. you mentioned Lets Encrypt?

Jonkelly-qj
Автор

Nice one! Been using it on my Asustor NAS a while. Great piece of software! No port forward means less chance of being hacked.

vladiesc
Автор

If I understand it correctly you don't need to create an quickconnect ID. But how would you connect the Synology photo&file apps on your mobile then? Or do you still create that ID and still keep the ports closed?

sandervanbergem
Автор

great guide! do you know how we can use Tailscale in conjunction with hyperbackup/vault to do secure connections to other Synology NAS's?

Tetra
Автор

What about the firewall? Should we just allow tailscale from the ip-range they give, or also other services we might need to use (photos for example)?

NikolaBulj
Автор

Thanks again for yet another great video. I have been using Tailscale for several months now. Yes it was easy to setup, but I would have mentioned their recommendation to add a single line to your NAS Task Scheduler to ensure connection on reboot. That said, my use case was to connect two Synology’s, one onsite and the other offsite to use Hyper Backup supporting my 321 backup strategy. Worked great for about 7 backups, then disconnected and I was never able to reconnect or login through Hyper Backup to Hyper Vault. 😣

Tried asking everywhere, Synology and Tailscale subReddits, Synology and Tailscale themselves. No one has a solution recommendation. Would be great to see if you could get it working and share another video.

tonyvalenti
Автор

Could I request some content? The title would be "break your cloud provider reliance".

Overall the review/video would provide a guide to using local NAS resources to replace Google/Amazon/Apple/MS cloud services for:

1. Automatic mobile device photograph/video backup #most important I believe
2. Document sharing/editing
3. Sharing of content via common social media, messaging platforms

What with costs of these services constantly increasing, and the helpless feeling of being tied, powerless to their control. How easy is it to use Synology/QNap s/w to truly replicate that 'memories happily backed-up' feeling.

revlioquick
Автор

I only have a QNAP TS-231P3, so there is no native support for Tailscale.
However, I was able to set up a Tailscale VPN thanks to an extra help from another Youtube video about how to setup Tailscale via docker containers (for QNAP there's "ContainerStation")

I'm loving Tailscale so far!! It's so easy!!

haydenlee
Автор

He didn’t mention but you also need to install Tailscale on your other devices and have the service running in order to connect to the Tailscale ip of your NAS

ekowlloyd
Автор

Great video- subscribed! What I really need now is to figure out how to make a Tailscale certificate and make reverse proxies for my Docker services (Vaultwarden, Jellyfin, Audiobookshelf, etc)). Or whichever is the best way to access them via Tailscale if that isn't it.

vimanaboy
Автор

Good video. How do you add Tailscale to your NAS certificate to secure the connection? : )

BUBearsFan
Автор

Great video. I am trying to figure out how to use Tailscale to allow 2 Synology NASs on 2 different external networks to each other. My goal is to map remote drives between the two so that I can drop a file in a directory on one NAS into a folder on that device and have it copy to the other...but not "sync." In other words, I want that file to automatically copy to a folder on the other NAS and then be able to delete it from the origin NAS and have it remain on the destination.

rb
Автор

How does Tailscale compare with Cloudflare Zero Trust Tunnel and/or Twingate??

PaulMarriott-pv
Автор

One of the best ways to connect remotely to a NAS.

pbrigham
Автор

how can I map the NAS in the file explorer? I can't see it when the devices are discovered.

petermarin
Автор

Is there a use case for Tailscale if NAS is behind CGNAT? Just went fullfibre with Befibre and now Plex remote access port forwarding is screwed unless i pay for a static ip fix

drpepa
Автор

how would synology photos, video or music etc services work if used with openvpn?

cesiumion
Автор

I'm using TailScale for a while now, but what i have discovered is that especially on my Android device, many other apps (including the web browser) are not working when i'm connected to the Tailnet. Would be great to find an option to just enable it for certain use cases or apps.

cdelama