VPN networks are increasingly taking a leading role not only in the business sphere but also in the domestic sphere. Thanks to them, an additional level of security is implemented both for Internet access and for remote connections to our home or company if we use teleworking. So today we are going to learn how to create a VPN with QNAP NAS using QVPN Service 2.
NAS is equipment for personal cloud storage, equipped with a large storage capacity. But their great versatility and current power make them valid for practically any task related to networks: web servers, mail, virtualization, backups, multimedia services such as Plex, etc. And one of them will be the ability to create a VPN and shield our network both from where and from outside.
What is a VPN
Although many of you will already know what a VPN is by now, it is worth remembering. A VPN or Virtual Private Network is a network that allows private browsing through the programs and devices connected to it. This is done by means of an extension of a local LAN network over the public network itself without being physically linked to it. In this way, we can be connected, for example, from our home to work in a private LAN with encrypted data through virtual tunnels outside the data flow of the WAN network.
It is one of the best ways we have to surf the internet privately, which means that the data channels will be much more difficult to intercept than in a normal process. For this reason, it is commonly used for teleworking, since being an extended LAN, it will be easier to manage as far as access to internal resources is concerned. But another of the most common uses is to access content blocked in our country or another region. In a VPN we connect to the server that provides us with the IP, this being the virtual location of our equipment. If, for example, we go to China and connect to our VPN in Spain, we will be able to access existing services in our country.
What do we need to mount it on a NAS?
Setting up a VPN with QNAP NAS is going to be quite a simple task, as the requirements are very easy to meet. On the one hand, we need the NAS device to create the VPN, which in this case will be a QNAP TS-431K with a 4-core CPU and 1 GB of RAM. We will be able to use absolutely any NAS from the manufacturer, since for normal use of our own, high-powered hardware is not required.
This makes the job much easier, since just by having a NAS, it will be the operating system that provides all the necessary resources to create it. With a single network interface, it would be enough, although having several interfaces allows you to separate the transmission of data from the VPN and the WAN, for example.
It is also recommended to have a router compatible with UPnP, although it is not mandatory, it makes it much easier to open ports for external access to the network. And finally, it will be highly recommended to create an account in the myQNAPcloud portal, since it provides us with a DNS for our NAS without the need for other payment services such as DynDNS or similar.
Create a VPN with QNAP NAS step by step
Without further ado, we are going to proceed to see in detail how we would set up VPN with QNAP NAS accessible from the outside. With the port opening, user creation, and connecting from a Windows environment.
QVPN Service 2 Installation and NAS Configuration
The QVPN Service 2 app will be available on the QNAP store for free access to any owner of a QNAP NAS. So all you have to do is search for it and install it to activate the service.
Of course, we must first have the NAS correctly configured. We mean having created a set and storage space and the updated operating system. We must have it connected to the local network, either through a switch or directly to the router. It will not be necessary to create users within the NAS system since it will be in the QVPN Service itself where we will create them.
Activation of VPN server on QNAP NAS
This application will allow us to implement the VPN service with up to 4 protocols, which we will choose depending on the needs of each user:
QBelt
This protocol will be self-implemented by QNAP and can be used by all types of clients as QVPN applications are available for PCs and mobiles. It is a protocol that is based on DTLS and uses UDP to establish faster logins. Said start is done through SSL and the traffic will be encrypted with AES 256 bits. Its security is high, and since the app is available for all platforms, it will be recommended for use.
PPTP
Or Point-to-Point Tunneling Protocol is a protocol developed by Microsoft that encrypts and encapsulates packets with the IP protocol in a simple way. It will be one of the fastest protocols, although the encryption is quite fragile. It is currently deprecated, as its security has been broken by the ASLEAP program, so we do not recommend its use at all.
L2TP/IPsec
Layer 2 Tunneling Protocol is a protocol for encapsulating data that will in turn use IPSec for encryption and routing over the network. The packet header has enough information for the VPN server to identify the user who is sending it, just like the IP protocol. It will be best recommended for use on Windows-based clients, as it is natively supported.
OpenVPN
It will be one of the most used, since in addition to being a client and server software to connect to a VPN, it is also a point-to-point network protocol. It is open source and allows you to establish a tunnel between the client-server using OpenSSL for encryption. In addition, it is capable of using the transport protocols TCP or UDP for data transmission. To connect the clients we must install OpenVPN Client on the computers and download the certificate and configuration file generated by the server.
We are going to choose the L2TP method because it is one implemented in Windows, the platform with which we are going to connect. Activating the VPN server will be as easy as clicking the “ Enable VPN server ” tab and then apply the settings. With this, we would already have the service operational, although first we must see some important parameters that are repeated in all the methods:
- IP Address Range – This is easy, just determine the range of IP addresses to be given to connecting clients.
- Pre-shared key: this key will be the one that authenticates the client to the VPN server to establish the tunnel. It will be very important.
- Authentication: in the authentication method we must choose MS-CHAPv2, which is the most secure option available.
- Network interface and DNS: it will take us to the first section to assign the network interface or interfaces through which the connection to the server will be made. In our case, we will leave it by default since we only use one of the NAS ports. The DNS will also be kept by default.
For now, this is the only thing we have to do in this application, we will come back to it later. Now it’s time to configure MyQNAP Cloud and open ports for remote access.
Verify that our router is UPnP and the service is active
Universal Plug and Play (UPnP) consists of a set of protocols that allow network peripherals to communicate transparently with equipment such as PCs, Wi-FI repeaters, NAS, etc. In this way, different network services can be established between the devices, a clear example being the opening of ports to mount our VPN with QNAP NAS.
Most routers are compatible with this system, and to verify it we must access its firmware. In our example, we use an Asus router, and the UPnP option will appear in the WAN -> Basic Configuration section.
It may not be activated by default, since this method slightly increases vulnerability to attacks. In addition to activating it, we can also assign the range of allowed ports that the protocol can handle. It is recommended that in the internal range, they be omitted from 1024 downwards as they are reserved ports. We are assigned the full range for other reasons.
Configure UPnP ports and MyQNAPcloud
We are now in a position to open ports to create our VPN with QNAP NAS and connect from the outside. But now we would need a DNS service to avoid having to use our IP for the connection continuously. For this, we will use the myQNAPcloud account, available with the purchase of a QNAP NAS.
MyQNAPcloud will be another application that we must install on the NAS from the store, being free and it may already be pre-installed.
In the first instance, we will go to the first section of “ Overview ” and we will start the user account creation and connection wizard. To do this, we only click on the “ Start ” button.
In case of not yet have the account created, we must access the proposed link, and after a brief process, we will return to this application to continue the configuration.
Next, we will be asked to register the name of the NAS in the account. This will be the one that determines the DNS name that the account creates for our NAS. From the configuration options, we can place the name that we deem appropriate.
Then we only have to enable the relevant services so that they are integrated into the account that we have created. The ones that must be checked will be the automatic configuration of the router, DDNS, and myQNAPcloud Link
Next, we will go to the router’s automatic configuration section, and we will activate in the first instance the option “ Enable UPnP port authentication ”. We will click on apply, and if the router is compatible it will appear in this window.
An essential step will be to open the relevant ports to give you remote access to the VPN service with QNAP NAS. In this same section, we will have a table with the main services supported by the NAS, with their associated ports. As more applications are installed on the NAS, more associated ports will be added to the list.
It will be as simple as activating the option related to QVPN associated with the protocol that we are going to use, in our case L2TP. So the router UDP ports 500, 4500, and 1701 will be opened automatically. The good thing about the UPnP system is that we will not need to access the router itself to open it, since the program will directly communicate with it and proceed to open it.
Additionally, we will also open ports 8080 and 443 to enable remote management of the NAS through myQNAPcloud.
Finally, we will apply the changes so that they take effect. It is possible that in the first moments, the status of the ports is not marked as “OK”, we just have to wait a few moments until the information is updated properly.
Now we will go to the myQNAPcloud Link section to enable the service if it has not already been done. Below we will be provided with a URL that will give us direct access to the NAS for remote management.
The URL will not be the DNS address that we must use to authenticate ourselves in the VPN, we must locate it in the web portal, section “Device details”.
Configuring VPN users with QNAP NAS
With all of the above done, all that remains is to look at the different configuration options that QVPN Service offers us. The most important will undoubtedly be the creation of users for access to the network.
To add users to the VPN network with QNAP NAS we will go to the “ Privilege settings ” section. From there we can add local users previously created on the NAS or users that belong to a domain such as LDAP or Active Directory. In our case, we will use local users, so they must be previously created in the QTS system.
We can give each user access to a certain service in case of having several VPN protocols in use simultaneously. By default, the administrator user will have access permission for all of them.
The following two sections will show us in real time the users that are connected to the VPN network and the log of registered access attempts. As you can see, they will record both failed and established accesses, in order to verify that there are no phishing attempts.
Configure VPN client
We have already created the VPN with QNAP NAS, so now it’s time to see how to connect to the server. For this, we will give some examples of a Windows system.
Since L2TP is natively supported by Windows, we will use the system’s own VPN configuration. This is found in the Settings app > Network & Internet > VPN. We will choose the option “ Add a VPN connection ”
A form-type window will open, and we must proceed to fill it out properly. In this first example, we will carry out a connection within the local network, so we can directly enter the internal IP of the NAS. We will choose the pre-shared key option, which is the one chosen in the service. It will be necessary to place our username and password for said access.
The client should then be able to connect without problems. The status will appear in the taskbar, with the connection established.
Now we will do the same but on a computer located outside the LAN. The only thing we need to change in the client connection configuration is the server name. This time we will use the DNS provided by myQNAPcloud. It will always be the name of the NAS followed by “.myQNAPcloud.com” all in lowercase, it is lossless.
Final thoughts on creating VPN with QNAP NAS
Having a NAS ensures us great possibilities in everything that has to do with network-oriented applications and servers. Without a doubt, having storage services is just the tip of the iceberg of what these devices are capable of doing.
A system like QTS will give us tools of all kinds aimed at normal users, network administrators, SMEs, and even large companies. The VPN service that we have configured can be carried out simultaneously with various protocols and network interfaces, with NAS having up to 4 ports or more available. The management and configuration are very simple, much more than the OpenVPN tool for example.
In addition, the myQNAPcloud cloud service provides the necessary tools for remote management and access to the NAS, as well as a DNS address that can be used for remote connections. Added to this is compatibility with UPnP routers to make work even easier.
We also leave you a video that he has on his QNAP YouTube channel very well explained.
We hope you have found it useful to get more out of your NAS. And we thank QNAP for trusting us by giving us the QNAP TS-431K NAS to carry out the tutorial.