Can I browse files on my remote NAS using a VPN (and what is a VPN)?
October 26, 2014 8:57 PM Subscribe
If I am at home, I would like to be able to easily work with files locally that are on the remote NAS at work. I have never used a VPN before and I run my own biz, so I am not certain if I am even thinking about this correctly.
Basically, at my place of business I have a Synology NAS and several computers there that connect to that NAS to access files there. Currently, I can remotely connect via web-based services like LogMeIn or some of the web-based services that the Synology has, but it seems really slow and clunky so I thought this might be a better approach. I have been trying to get a grasp on how VPNs work, but most of the questions I have read on here seem to be from people that are using their works already functioning VPN.
Would a VPN allow me to map a folder locally on a Windows machine or connect directly to browse files in a Mac's finder? In other words, if I wanted to edit a jpeg, could I set it up so I could open it through Photoshop instead of the current method of downloading through some web interface and then edit it and re-upload it?
Synology has a package you can install called "VPN Server". If I install that, is that all I need? But then it has options for PPTP, OpenVPN and L2TP/IPSec. What are those? Are those the VPN? Is that a separate thing I need to buy? Can I do this all internally myself, or do I need to use an outside service like LogMeIn? One complicating factor is that I don't have access to the gateway router (sort of a large coworking-type space) and so I don't really have a permanent IP for port-forwarding type things.
Basically, at my place of business I have a Synology NAS and several computers there that connect to that NAS to access files there. Currently, I can remotely connect via web-based services like LogMeIn or some of the web-based services that the Synology has, but it seems really slow and clunky so I thought this might be a better approach. I have been trying to get a grasp on how VPNs work, but most of the questions I have read on here seem to be from people that are using their works already functioning VPN.
Would a VPN allow me to map a folder locally on a Windows machine or connect directly to browse files in a Mac's finder? In other words, if I wanted to edit a jpeg, could I set it up so I could open it through Photoshop instead of the current method of downloading through some web interface and then edit it and re-upload it?
Synology has a package you can install called "VPN Server". If I install that, is that all I need? But then it has options for PPTP, OpenVPN and L2TP/IPSec. What are those? Are those the VPN? Is that a separate thing I need to buy? Can I do this all internally myself, or do I need to use an outside service like LogMeIn? One complicating factor is that I don't have access to the gateway router (sort of a large coworking-type space) and so I don't really have a permanent IP for port-forwarding type things.
Response by poster: Thanks Rainyjay -- maybe I wasn't clear. I run my own business, so there is no IT or anything -- it's just me. So, I have my own server and computers that I use at my office, and I would be setting up the VPN myself. I'm just not sure what that entails.
posted by This_Will_Be_Good at 10:36 PM on October 26, 2014
posted by This_Will_Be_Good at 10:36 PM on October 26, 2014
Yes, you can do this over a VPN.
A VPN is a tunnel. It encapsulates packets within an outer wrapper so that the packets inside don't know they're being tunneled. OpenVPN, PPTP, and L2TP/IPSec are different types of wrappers.
You can set this up. Look up something like "OpenVPN site-to-site" or "PPTP server." If you don't mind trusting an outside source, look into something like LogMeIn Hamachi.
posted by fireoyster at 11:19 PM on October 26, 2014
A VPN is a tunnel. It encapsulates packets within an outer wrapper so that the packets inside don't know they're being tunneled. OpenVPN, PPTP, and L2TP/IPSec are different types of wrappers.
You can set this up. Look up something like "OpenVPN site-to-site" or "PPTP server." If you don't mind trusting an outside source, look into something like LogMeIn Hamachi.
posted by fireoyster at 11:19 PM on October 26, 2014
Correct me if I'm wrong but it kind of sounds like you don't know what the hell you're doing? I say that because I have a Synology and sometimes I am in the same situation. You absolutely should be using "file services" instead of retrieving files via the web browser. On a Mac for example, your shared folders would appear as mounted drives on the Desktop.
That stuff can be enabled by logging into the Synology, not the gateway router. You can assign users to only have access to certain areas as well. I may be slightly wrong here, but you don't need a VPN if your computers are in the local network. Just activate File Services and you're good to go.
As for things being clunky, network speed can depend on a lot of things, including how your RAID and/or connections are set up.
posted by phaedon at 11:24 PM on October 26, 2014 [1 favorite]
That stuff can be enabled by logging into the Synology, not the gateway router. You can assign users to only have access to certain areas as well. I may be slightly wrong here, but you don't need a VPN if your computers are in the local network. Just activate File Services and you're good to go.
As for things being clunky, network speed can depend on a lot of things, including how your RAID and/or connections are set up.
posted by phaedon at 11:24 PM on October 26, 2014 [1 favorite]
PPTP, OpenVPN, and L2TP/IPSec are VPN protocols. VPN, in principle, is a private connection (usually called a tunnel) through a public network such as the Internet. As far as the computers at either end of the private connection are concerned, they are on the same private network. As far as the internet is concerned, two separate networks are exchanging encrypted information.
PPTP, OpenVPN, and L2TP/IPSec vary in how secure they are, how they authenticate users and encrypt the information. My understanding is that PPTP is the easiest to use, and unfortunately it has been compromised-- there is a form of attack on PPTP connections which and break the encryption key with brute force using a moderate amount of computing power. (It hinges on 56-bit encryption, which is not trivial, which won't stop a dedicated attacker, but will stop a casual-- but as PCs get more powerful, so do casuals). IPSec is probably the way to go, but I don't know what it takes to set up; I'm right now learning that for my own work place, but just started looking at it last week.
Connecting from how to work via VPN is probably the most common reason people VPN: it's a secured method for them to get on the work network from home.
> Would a VPN allow me to map a folder locally on a Windows machine or connect directly to browse files in a Mac's finder?
Yes, though the mapped drives/folders would be disconnected with the VPN connection is broken. Not sure how OSX shows you VPN connections, but on windows, you the VPN connection will look like an additional network connection. You turn the VPN connection on as needed, and turn off as needed (because if you can access it, it can access you-- nothing to be afraid of most likely, but it's always best to fail safe).
On the work end, the VPN service in your NAS will act as a server to allow the connecting and encryption/decryption of the connection. It will need an address or a subdomain, so you can tell your VPN client (in Windows/Mac) to connect to, say, vpn.workplace.com (or it may still be NAS.workplace.com, whatever address you have for it already).
posted by Sunburnt at 11:25 PM on October 26, 2014
PPTP, OpenVPN, and L2TP/IPSec vary in how secure they are, how they authenticate users and encrypt the information. My understanding is that PPTP is the easiest to use, and unfortunately it has been compromised-- there is a form of attack on PPTP connections which and break the encryption key with brute force using a moderate amount of computing power. (It hinges on 56-bit encryption, which is not trivial, which won't stop a dedicated attacker, but will stop a casual-- but as PCs get more powerful, so do casuals). IPSec is probably the way to go, but I don't know what it takes to set up; I'm right now learning that for my own work place, but just started looking at it last week.
Connecting from how to work via VPN is probably the most common reason people VPN: it's a secured method for them to get on the work network from home.
> Would a VPN allow me to map a folder locally on a Windows machine or connect directly to browse files in a Mac's finder?
Yes, though the mapped drives/folders would be disconnected with the VPN connection is broken. Not sure how OSX shows you VPN connections, but on windows, you the VPN connection will look like an additional network connection. You turn the VPN connection on as needed, and turn off as needed (because if you can access it, it can access you-- nothing to be afraid of most likely, but it's always best to fail safe).
On the work end, the VPN service in your NAS will act as a server to allow the connecting and encryption/decryption of the connection. It will need an address or a subdomain, so you can tell your VPN client (in Windows/Mac) to connect to, say, vpn.workplace.com (or it may still be NAS.workplace.com, whatever address you have for it already).
posted by Sunburnt at 11:25 PM on October 26, 2014
If the suggestions above are too complicated to be practical for you, let me offer one other solution. When I was running a small non-profit I simply synced ALL my work files via drop-box. It worked flawlessly for me.
posted by HuronBob at 3:32 AM on October 27, 2014 [1 favorite]
posted by HuronBob at 3:32 AM on October 27, 2014 [1 favorite]
Response by poster: Phaedon -- Ha, yeah, as far as the VPN goes, I don't what the hell I'm doing. However, when I am at the office, I use file services and I'm not using the web browser. The shared folders are mounted on my Mac and Windows machines. That is what I am trying to replicate remotely while I am away from the office.
Sunburnt & Fireoyster -- I think that is where I am stuck. I installed the "VPN Server" package on the Synology, but then it asks me about PPTP, OpenVPN and L2TP. Am I just supposed to pick one of those? In other words, the VPN Server app is just like a machine that is running one of those protocols that I pick based on criteria such as security.
When I open the VPN Server app and click on an option like OpenVPN it says to pick a "Dynamic IP Address". My synology and computers have their local IP addresses (e.g. 192.168.x.x). This is suggesting something like 10.0.X.X). Am I just making that up? But I am guessing that when I am remote, that isn't the IP address I am going to try and connect to, right? I would be trying to connect to something like Sunburnt said (e.g., NAS.workplace.com, etc).
I have been trying to use the Synology documentation on setting up a VPN, but they just seem to gloss over things. For example, I first thought I had to set up each of those protocols. Or they just say pick a dynamic IP address, but don't really explain why or what that means.
posted by This_Will_Be_Good at 10:10 AM on October 27, 2014
Sunburnt & Fireoyster -- I think that is where I am stuck. I installed the "VPN Server" package on the Synology, but then it asks me about PPTP, OpenVPN and L2TP. Am I just supposed to pick one of those? In other words, the VPN Server app is just like a machine that is running one of those protocols that I pick based on criteria such as security.
When I open the VPN Server app and click on an option like OpenVPN it says to pick a "Dynamic IP Address". My synology and computers have their local IP addresses (e.g. 192.168.x.x). This is suggesting something like 10.0.X.X). Am I just making that up? But I am guessing that when I am remote, that isn't the IP address I am going to try and connect to, right? I would be trying to connect to something like Sunburnt said (e.g., NAS.workplace.com, etc).
I have been trying to use the Synology documentation on setting up a VPN, but they just seem to gloss over things. For example, I first thought I had to set up each of those protocols. Or they just say pick a dynamic IP address, but don't really explain why or what that means.
posted by This_Will_Be_Good at 10:10 AM on October 27, 2014
Best answer: Yes, pick one of those items, PPTP, OpenVPN, or L2TP/IPSec. PPTP is by far the easiest; whether that's worth the vulnerable security is up to you. PPTP has some security, but not enough to bank on. PPTP VPN Client is natively found by Windows and probably Mac.
> In other words, the VPN Server app is just like a machine that is running one of those protocols that I pick based on criteria such as security.
Yes. In general we're very commonly accustomed to the idea that a server is a specific sort of machine, but in fact any machine can be many servers (depending on available resources), including your NAS. Your NAS is already a webserver because it hosts the web access. Now you are making it a VPN server as well.
From the documentation:
> Dynamic IP address: Enter a network address here. VPN Server will assign virtual IP addresses to VPN clients according to the value entered. For example, if you enter "10.0.0.0," the virtual IP address assigned to VPN clients will range from "10.0.0.1" to "10.0.0.[Maximum connection number]" for PPTP.
When you connect from home to your work network through the VPN, your home machine will need an address on your work network. Normally the job of assigning IPs to newly-connected machines is handled by another server/service called DHCP, but that can't apply here for... reasons.
192.168.x.x and 10.x.x.x are the two most commonly used private address schemes; they just happened to pick the one you don't use. Put in 192.168.x.0 (you fill in the x) and it will find an available address and assign it to your incoming home computer, for the duration of the VPN session.
posted by Sunburnt at 11:24 AM on October 27, 2014
> In other words, the VPN Server app is just like a machine that is running one of those protocols that I pick based on criteria such as security.
Yes. In general we're very commonly accustomed to the idea that a server is a specific sort of machine, but in fact any machine can be many servers (depending on available resources), including your NAS. Your NAS is already a webserver because it hosts the web access. Now you are making it a VPN server as well.
From the documentation:
> Dynamic IP address: Enter a network address here. VPN Server will assign virtual IP addresses to VPN clients according to the value entered. For example, if you enter "10.0.0.0," the virtual IP address assigned to VPN clients will range from "10.0.0.1" to "10.0.0.[Maximum connection number]" for PPTP.
When you connect from home to your work network through the VPN, your home machine will need an address on your work network. Normally the job of assigning IPs to newly-connected machines is handled by another server/service called DHCP, but that can't apply here for... reasons.
192.168.x.x and 10.x.x.x are the two most commonly used private address schemes; they just happened to pick the one you don't use. Put in 192.168.x.0 (you fill in the x) and it will find an available address and assign it to your incoming home computer, for the duration of the VPN session.
posted by Sunburnt at 11:24 AM on October 27, 2014
Response by poster: Ok, this has all been super helpful.
I just tested this all out and was able to set up the VPN Server, set up one of the VPN protocols and then use the the VPN as my network interface here while in the office to test it out.
However, while that means that I have everything mostly working, I haven't figured out how to access this remotely when I can't just enter the local IP address of the server. The synology has a feature called "QuickConnect" that lets you access the NAS on the web by using a custom URL. Since I don't have access to the gateway router here to fiddle with things, I thought that would work since I can't use the outward facing IP (not sure if that is a real term) in the same way LogMeIn or similar services manage to find the computer inside a network.
Perhaps that last bit isn't possible, but when I set up a new location in the network preferences on my Mac and deleted everything but the VPN and could still connect to things I now think I understand all of this a bit better. So, now I just need to figure out if there is a way to do this without setting up port forwarding from the building's router (just trying to avoid any fees/charges since this place has a tendency to charge for everything).
posted by This_Will_Be_Good at 12:54 PM on October 27, 2014
I just tested this all out and was able to set up the VPN Server, set up one of the VPN protocols and then use the the VPN as my network interface here while in the office to test it out.
However, while that means that I have everything mostly working, I haven't figured out how to access this remotely when I can't just enter the local IP address of the server. The synology has a feature called "QuickConnect" that lets you access the NAS on the web by using a custom URL. Since I don't have access to the gateway router here to fiddle with things, I thought that would work since I can't use the outward facing IP (not sure if that is a real term) in the same way LogMeIn or similar services manage to find the computer inside a network.
Perhaps that last bit isn't possible, but when I set up a new location in the network preferences on my Mac and deleted everything but the VPN and could still connect to things I now think I understand all of this a bit better. So, now I just need to figure out if there is a way to do this without setting up port forwarding from the building's router (just trying to avoid any fees/charges since this place has a tendency to charge for everything).
posted by This_Will_Be_Good at 12:54 PM on October 27, 2014
This thread is closed to new comments.
posted by RainyJay at 10:11 PM on October 26, 2014