Trying to degoogle, using my NAS more but want to do it in the most convenient but secure way without having to use VPN first.
Thoughts and/or suggestions?
Tailscale easy as it get for VPN. And access webbased applications without VPN use cloudflare zero trust, no port forwarding and public expose your IP required.
No. VPN on my router
If you are going to do this without a VPN make sure your security is hardened. At a minimum use great passwords and use MFA.
yes, I use quickconnect.
An alternate solution is to use a vps. Those are your two options without port forwarding
Router → Built in VPN into Home Network or a separate Nextxloud /VPN Server in my Home Network, which has a nfs share of the nas. Just one Rule of mine: Never expose directly. I just dont trust it. Thats all.
Yes, quickconnect and that’s it.
I would personally recommend Tailscale. Even though it’s a VPN, it’s about as easy as it can possible get for a VPN, especially if you use their subnet routers to expose your local network.
I have everything behind a reverse proxy with a custom domain. That reverse proxy is configured to require authentication for almost everything, and that’s delegated to Auth0.
Yes.
Cloudflare proxy + Cloudflare rule to only let traffic from my country pass through, block everything else. Turn on all security settings on cloudflare eg. Https, hsts, bot mode, min tls etc…
On my router, firewall rule to only accept traffic from cloudflare IP on port 443 (not 80)
Traffic then goes to reverse proxy that serves cloudflare origin cert.
On the Synology, permanent block any 3 failed repeated login. Default admin and guest account disabled. And DSM only enable for necessary account + 2FA.
When used as intended, QuickConnect is a simple, effective choice that is secure enough for most scenarios.
I have my own domain name. Gave the Nas the certificates. And just port fwd from my router. Yes I get attacked. 2 unsuccessful logins from an IP in 60 days gets banned. Require 2fa. Disable admin account.
I’m baffled why people are so scared of using this setup.
No, I don’t like anything exposed from my network externally if I can help it. I used to use a VPN server set up on the Synology but my I recently switched to a new router and it has an easy-to-use VPN built in that I use on that.
Might depend on what service you would want to disclose?
I would not open up dsm gui itself without something in between. In my case either vpn or zerotier. That also is still using 2FA for admin accounts.
For another service, running in docker, I use the synology buildin reverse proxy (wanted also to do something with a certificate and my own domain name, so now the service is using its own subdomain name, going through the reverse proxy).
I was using quick connect until I discovered tail scale. Now I use that instead. Works out awesomely.
Mine is connected through a Cloudflare Tunnel and with an additional authentication using Microsoft365 through Cloudflare Zero Trust. It allows for access from any browser but with the additional layer of security the Cloudflare solutions provide.
I’m new to the vpn world, what would one recommend then if family is accessing plex on my nas for movies? That’s all I have on there though
Ditch the VPN and use a Cloudflare tunnel instead to expose just the services you want.
I’m using Twingate, really interesting service and free! It is similar in functions to a classic VPN but with some differences
Yes because my family uses moments/photos. And synology doesn’t support oidc