Hi r/synology! I am requesting some help as I’m a relative noob when it comes to setting up things on my NAS. If what I want to do (below) just isn’t feasible or possible on my NAS, then please let me know, and I apologize ahead of time for the trouble. I’ve done a bit of Googling and haven’t found anything satisfactorily simple for me to do what I’d like to do.
SETUP
- Synology DS218
- 2X 4GB Seagate Ironwolf hard drives
- Hard wired to my router
What I Want to Do
- Run Express VPN off my NAS so it is always on and I can use it from anywhere - is this as simple as installing the app on the Synology?
- Run a Plex server that is available to a select group of friends as well as myself/my wife while we are away from home
- Set up a photo sharing folder/server so my parents can view (but not delete or otherwise edit) photos/videos of my 6 month old since they’re always asking for new photos and my father has a flip phone. I know Dropbox/Drive are options, but I’d rather go with the NAS
- Be able to access my NAS files from anywhere - would this be taken care of with the VPN or would I need to do something else?
- Is there anything cool or anything else that I should/could be using the device for?
Download the Plex server app from Plex themselves don’t use the one in the store it’s always months out of date.
With 2x 4GB hard drives you’ll run out of space almost immediately. 
Do remote access for you/friends/family with Zeotier, much easier than a VPN
Plex will work as long as you’re not transcoding anything…
There might be some confusion on the VPN question. What would you like the VPN for?
Your NAS can act as:
- a VPN client: you connect it to ExpressVPN using an OpenVPN profile (obtained from ExpressVPN). Any application on the NAS will now be connecting to internet through ExpressVPN.
- a VPN server: you install the VPN Server (not ExpressVPN) application on the NAS and configure your clients (such as your computer or smartphone) with an OpenVPN profile (generated on the NAS) to use that VPN. Any client connected this way will now have access to your local network, including your NAS.
If you do both of those things, then technically all your clients using your NAS’s OpenVPN profile would be indeed implicitly using ExpressVPN when loading anything from internet. But I reckon that’s not what you want to do.
Simply setup the L2TP or PPTP or OpenVPN. It’s in the VPN app. Make sure your home router forwards the ports for the vpn server.
Plex will work as long as no transcoding. Also an app in synology store.
Photo sharing has a dedicated app too. Simply set the permissions for each users on the photo folder.
VPN is the best way for remote access to files via SMB and to the web interface. Don’t open the web interface and make it visible to the internet.
Ha, I’ve still got about 2GB free right now as I haven’t really added any media besides PSD files and some artwork, but I am hoping to back up all of my Google Photos eventually and my wife’s as well since Google Photos is going to ruin one of its best features this year. Looks like I’ll just have to upgrade and grow the NAS!
Maybe I am a little naive or just plain stupid about the VPN thing.
I want to operate a VPN service so I can VPN in while I am not at home and access everything on my NAS. It sounds like what I am thinking of is operating my NAS as a client as you suggested. Am I correct in thinking that the VPN server in my case would actually be just ExpressVPN? I use the Open VPN profile from my subscription with ExpressVPN and then I’ll be able to sign into my VPN with say, my phone or Surface Pro while on vacation to access any of the media/files on my NAS?
No what you’re thinking of is operating your NAS as a VPN server.
It’s actually good news as you don’t need to pay for that 
First you’ll need to setup your DDNS. The online help makes it look harder than it is:https://www.synology.com/en-us/knowledgebase/DSM/help/DSM/AdminCenter/connection_ddns
Really it’s pretty simple if you use defaults, it gives you an address such as yournasname.synology.me that will always resolve to the external IP of your home router. You can obviously setup DDNS some other way, or you could have a fixed IP, but if you’re starting from zero this will do. It also creates an SSL certificate with Let’s Encrypt automatically.
Once that’s done, you install the VPN server on the Synology: https://www.synology.com/en-global/knowledgebase/DSM/help/VPNCenter/vpn_setup
I’d advise OpenVPN unless you have a reason not to. Again that’s pretty simple, the end result will be that you can download an .ovpn file, which you copy to whichever client you’d like, such as your smartphone or laptop.
You then install a VPN Client on that device (for instance this open source app on Android: https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en_GB&gl=US) and follow that app’s procedure to import the .ovpn file. This will ask for a username and password for the NAS, I’d suggest you create one specifically for this usage on the NAS, disable all access and apps for this user and let it be the only one authorized for VPN.
At some point in there you need to map the port, i.e. go to your router admin console and set it up so it transfers the port (the one you selected in the VPN Server) to the IP your NAS has on the local network.
Then you just connect your client app, and voilà your client is remotely connected to your local network.
I personnally wouldn’t give access like this to anyone else than me though, because anyone with this access is essentially in your house as far as network is concerned. Meaning even well intentionned family members could allow an attacker to invade your local network if their device is compromised.
For the sake of completeness, I need to point out there are other ways you can access your files remotely:
- QuickConnect: so that’s a service that Synology provides for free to all Synology users, where they operate a website which then connects to your Synology remotely. You then have access to the Synology web ui (aka DSM) from a browser. This is not the same as the DDNS solution as you don’t connect directly to the machine through your router (the NAS itself is tunneling to the QuickConnect service). It leverages the Multi-Factor Authentication from your NAS as well.
- Plex: this is specific to videos and music. Plex (there are other alternatives such as Emby and Kodi but Plex is the easiest to install) opens its own tunnel (if you configure it so) to the Plex servers to serve the media files, in a similar fashion to QuickConnect. One advantage of Plex is that it uses SSO (including MFA) so you just define your user once and then you can use that user to connect on the NAS, on any app on your local network or outside (there are player apps for phone, TVs, and a web app that includes the player). You can also easily manage users and permissions and give access to anyone, whithout having to deal with that on the NAS (it works if you have more than one NAS as well).
- Synology Drive: this is Synology’s response to Cloud providers such as Google Drive etc. In this case you serve documents, photos etc from your home folder (a folder that’s specific to your user on the NAS). It’s not really cloud obviously (it serves content from your NAS) but it looks and feels the same: you have desktop apps to sync with Windows and MacOS (the Windows version has), you have apps to navigate the files on your smartphone, web access, sharing etc.
I think a few other apps provide similar features but I’m less familiar with them (e.g. not sure what you can do with Synology Photos).
But overall, from what I’ve read, the VPN Server solution is the least specific (just gives you access to your whole local network so that would include your router, other computers, Docker containers etc) and the most secure. But not really shareable!
