I have an upcoming video on the 5 different ways you can access your files from outside your home and this is going to be listing them out, as well as the pros and cos of each one. The order of this list is going to be from easiest to hardest to implement.

Option 1: Using Quick-Connect

Quick connect with nothing else is by far the easiest way to grab files off of your Synology NAS. It allows you to just login through the web portal, when you are sitting at any web browser in the world and download files are you need them.

Pros:

• Really easy to setup
• Does not require any port forwarding
• Does not require any software on computer accessing NAS
• Folder navigation / search is snappy

Cons:

• Cumbersome if you often need files
• No good way to edit files
• opens NAS to internet (small security implication)

Who is it for:

Great for people who just need occasional access to files on the NAS, and do not need to be tech savvy

Option 2: Using Synology Drive Desktop Client

The Synology Drive desktop client lets use use quick connect, but use either macOS finder or Windows File Explorer to edit files. Both Mac and Windows users can use either full sync (files are stored on the local hard drive) or on demand sync (files are only stored on hard drive when they are downloaded).

Note: macOS On Demand Sync has some flaws and currently has some bugs

Pros:

• Does not require port forwarding
• Can work offline for when you do not have internet
• Allows you to edit and save files natively

Cons:

• Has some bugs when dealing with millions of files
• Requires 3rd party software on each computer
• opens NAS to internet (small security implication)

Who is it for:

Users who generally are working with documents or photo files and want to be able to just always have them on their computer

Option 3: Using TailScale VPN

Tailscale is a third party site to site VPN based on WireGuard. It is free to use for up to 5 devices and allows you to connect to your devices securely. It allows you to get SMB access as if you were on the local network.

Pros:

• Highly Secure (no external access to NAS, plus 2x layers of security)
• Allows SMB access to NAS, which means your workflow stays the same no matter where you are
• Works without port forwarding (StarLink fans will love this)

Cons:

• Have to trust third party
• Must pay for larger deployments
• Increased latency due to routing through third party servers
• Requires client to be installed on each computer you want to connect

Who is it for:

HomeLab users and people who do not have a public IP, but want the highest possible security

Option 4: WebDAV

WebDAV is a way to access files on your NAS through http:// and https://. Both macOS and windows have built in clients for it so you do not need any custom software on your computer to connect. However its a bit clunky when it comes to performance.

Pros:

• Does not require any custom software on client computer
• Easy to setup

Cons:

• Requires port forwarding
• Has small security risk as you have to open your NAS to the internet
• Connecting can be laggy over a high latency connection

Who is it for:

WebDAV is for users who just need to be able to connect in and upload files, from whatever computer they are at. Because it does not require a client it’s a pretty great option to send out to people who need to upload files to you.

Option 5: Using an OpenVPN Server

OpenVPN is a highly secure way to connect back to your Synology NAS. It can allow you local access to everything on your network as well! This requires a client installed on every machine you want to connect back.

Pros:

• Highly Secure
• Allows local SMB access
• No license, scales to whatever size you need
• Customizable

Cons:

• Requires Port forwarding
• Requires every client to have a file, as well as their user and password + custom software
• Can be difficult to install and maintain

Who is it for:

OpenVPN is a great option for business who need flexibility and the ability for everyone to connect back to the NAS in the exact same way.

Will—do you have a video or other link on the Synology Drive flaws & bugs on the macOS?

I have a post over here that has some of them

They come and go!

I really wanted to try Tailscale but for some reason when I go to login from the DSM link it won’t let me through. I can’t port forward at all so this and QC are my only options.

So you can’t use quick connect to setup TailScale you have to use a direct connection. Try typing the IP of your synology in your browser and using that

I’m definitely going through my NASs IP and not QC. Very weird. Even across a few browsers it’s not letting me log in. I’ll try again later.

Working now. Not sure what it was. Thanks for this Will!

Hmm…I am using option 5. I have OpenVPN configured on Mac. I am connecting via OpenVPN with no problem via hotspot (not local network), but when I bring up Finder => Go=> Connect to Server=>smb://10.8.0.1 it eventually times out "there was a problem connecting to the server “10.8.0.1 The server may not exist or it is unavailable at this time. Check the server name or IP address, check your network connection, and then try again.”

I do have port 1194 forwarded using UDP on my router. I also have 1194 open on Firewall under Security.

What am I missing?

EDIT: It’s definitely a firewall rule. I disabled them all, connected just fine.

Hey Will. Love your videos, but I am having some issues with my NAS system. I have a DS923+ and I want to use it remotely via OpenVPN on Windows. Now I am able to go through all the way to the OpenVPN client connection but after that, I am not able to access my files through windows file explorer, not sure I am doing that step wrong but Ive tried all that I know with no luck.

Great vid as always Will.

I’ve been using Tailscale for a bit and absolutely love it. So simple yet so powerful. And it’s free.

I did an SMB speed test between home and my office (office is 1GB/1GB and home is 1GB/50MB) and my Synology is the Exit Node.

Whilst at the office, I connected my MBP to Tailscale and then connected to my Synology via SMB and transferred a ~2GB file to my Synology and it maxed out the 1GB uplink at work and 1GB downlink at home and took about a minute. I was honestly surprised at there is next to no overhead like VPNs etc.

Hi, if you use OpenVPN, on user’s computer are you able to access local websites/NASes simultaneously with remote (VPN) websites/NASes? I’m not able to make that work somehow, any ideas?
I do have different subnets (192.168.x vs 10.1.x )

^It’s always a firewall rule or DNS!

For anyone in the future having trouble with OpenVPN and their firewall you not only need to allow the OpenVPN port access to the NAS, but also the 10.8.0.0/24 (or whatever you set) subnet into the NAS now as well as that is where traffic will be coming from with VPN clients.

So your NAS will not show up in the sidebar of windows file explorer or macOS finder automatically, due to the fact that it is a layer 3 VPN (really long story). What you will want to do instead is directly access the NAS via its IP / hostname. In the tutorial I recommend people using the IP of the NAS on the OpenVPN server, because this will work with any network you are on. In Windows File Explorer (when connected to OpenVPN) type \\10.8.0.1 and it should connect!

@james-melb thats the absolutely insane thing about WireGuard! WireGuard was written from the ground up to just be as efficient as possible. It’s slowly coming to more devices, but the protocol itself has next to no overhead (when compared to OpenVPN). Especially when it comes to latency!

Yes you are! You just need to make sure that the subnets do not overlap.

When you are googling this stuff it is called Split Tunneling. It should be accomplished by making sure redirect-gateway def1 is commented out in the OpenVPN config file:

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

If I want to backup/use MAC OS file from my Desktop, I would need to install Synology Drive on desktop and move all Mac files to Synology Drive?

I was leaning toward OpenVPN server (running on my Fresh Tomato router firmware instead of on Synology) b/c I have a lot of docker containers with reverse proxies set up to them and I’d really like to close down port 443 (port 80 is never open except when I need to renew Let’s Encrypt SSL certs).

In researching OpenVPN as a solution I have seen a lot of mentions of Cloudflare Tunnel as an even slicker solution than OpenVPN. I believe Cloudflare Tunnel can be run in a docker container much like Tailscale can.

Can anyone give the Pros/Cons of using Cloudflare Tunnel vs OpenVPN server vs TailScale?

So cloudflair is really useful for hosting web services, especially if you cannot do port forwarding.

If you can do port forwarding I would say OpenVPN is a no brainer!

Thanks Will.

So if I understand what you’re saying, essentially Cloudflare Tunnel allows web services running on the Syn NAS to tunnel out through Cloudflare’s servers without requiring any port opening on my router…
that’s all good, but I guess the part I don’t understand is does it allow me to tunnel back in when I’m remote? If not, then OpenVPN definitely makes more sense for me.

Cloudflare Tunnel seems like it can handle DNS name resolution transparently if using Cloudflare as the DNS provider. I think that with OpenVPN server, I’d have to set up a local DNS server to handle FQDN DNS requests when using VPN… which I think can probably be done in the PiHole service I’m running in a docker container, but I need to dive into dnsmasq to learn how to implement that. My networking skills are very rusty. Yet another weekend geek project! [ I’m still working on setting up my Lightroom / Synology Photos configuration based on your other vids. ]

It worked! Thanks, Will, I’ve been stuck on this for too long and it finally worked