Connecting to NAS via VPN , how to ensure user is accessing via their own account?

I’ve set up my NAS using the OpenVPN protocol, and it says on OpenVPN Connect that I am connected as admin. I am trying to set this up for a team member with limited privileges. How can I ensure they are accessing the shared folders they need through their own QNAP user account? How can I communicate the VPN installation to them with this in mind?

As long as the user logs in with their own account it should work. I have an OpenVPN going up on youtube of the 6/2 that might help.

OpenVPN

Set up the user credentials as if they were using the NAS from your location.
Create a vpn user account and get it (the certificate) to the user securely. Get them to download the vpn client to their device and install the certificate.

But how do they log in with their own account? That’s the part I’m stuck on. The way I see it now it seems like:

  1. Download OpenVPN connect
  2. Download ovpn config file
  3. Add config file to client
  4. Have user log in to VPN network (I see no option to choose a different user here. Are they required to use the admin password for this?)
  5. From here, how do they actually access the shared folders? Do they need to log in to the QNAP web interface like I do on the LAN?

Ah, that’s the part I’m having trouble with. How do I create another VPN user account?

You configure users on the main system. Grant access to the specific folder for the user. Then go to the qvpn app, where you can enable those configured users to allow them to connect to the qnap via OpenVPN. So everyone has their own user and password.

5

They should be able to UNC directly to your NAS and the only folders that populate in the window should be the shares you’ve made available. When they UNC, it should ask them for the credentials you created for them. This is how you’ll control which shares and directories that can access.

Agreed. I will make sure to cover that. Thanks

I use Wireguard but similar process for Openvpn…

I’ve done all three of those things. Just wondering how to communicate what they need to do in order to gain access. Do they just download the OpenVPN and will it prompt them for their username and password directly on that client or do they need to do something more?

Pardon my ignorance, but what does UNC mean? And so they do use the same password as I do for the VPN?

Yeah, the app will ask for the credentials and will connect if correct. Then they open the file browser and enter the ip. It will prompt for the credentials again and you are good to go. You can test it out yourself, since the vpn server will most likely assign you a different ip then you main network has. (Depends on you config)

I’m sorry I missed this. Did your question ever get answered? I was traveling before, but I can give you better instructions now. Let me know if you need any help.

Okay, I am still confused about the VPN user account. How do I create a separate VPN user account for my other user? I don’t see any options on OpenVPN Connect and I don’t have a web account on their service that I know of.

You go into your system/control panel from QTS. There you create a user. Does not need to have permissions for a sharing folder if you not want to. You can also restrict the user to do nothing then the VPN. Then you open qvpn and enable this user to have access to the vpn services you configured. This may help you: How to set up and use QVPN? | QNAP

I added the user within QTS and enabled their access via QVPN, but I don’t feel comfortable sharing with just one VPN account and password. Is the OpenVPN Connect password the same for everyone? Is there any way to change it?

Not sure if can follow. You can configure multiple users and enable them all. So you have multiple accounts. Each user get one. Each account has its own password.