How to Hyper Backup to a Remote Synology NAS, using TailScale (without port forwarding)

Will · March 21, 2023, 7:31pm

Overview

You cannot use quick connect when backing up a NAS using hyper backup. Instead Synology recommends you use port forwarding, and DDNS. However if you do not have the ability to do port forwarding on the remote backup destination (because you have StarLink or any other CGNAT) this becomes impossible.

However you are able to use the free tier of TailScale to do this.

This was in response to a post by @ranord50

How to use Hyper Backup over TailScale on Synology

Step 1: Install the TailScale package on both Synology’s

You can do this fairly easily using the package center, and signing in with the same google account. You will get a ‘TailScale’ IP which will be 100.x.y.z for both NAS units.
You will also want to disable key expiration on TailScale for both units

Step 2: Setup DSM to see the TailScale network

Due to increased security since DSM 7 Synology does not allow packages to add routes (by default). This would mean that while you can connect to the Synology over TailScale, the Synology cannot see anything on TailScale. Meaning it would not be able to send the Hyper Backup, to the remote Synology.

But TailScale has a solution for this! Follow the steps in this article (starting at Enabling Synology outbound connections) on the NAS you want to Backup

The Synology will be able to communicate outward on the TailScale network.

Step 3: Run the Hyper Backup job

Now its easy! Install Hyper Backup on the NAS you want to backup and Hyper Backup Vault on the backup unit.

Next just create the backup task as you normally would, following the steps in this video

When you input the ‘Remote NAS IP’ enter the 100.x.y.z TailScale IP of the backup unit.

And you should be done!

pogle · May 9, 2023, 2:26am

Was looking for this guide, question though: do you still need to select port 6281 on the backup destination settings window if you’re using the Tailscale IP address?

Will · May 9, 2023, 9:44am

Yes you still need to use the port! But you do not need any port forwarding

pogle · May 10, 2023, 10:59am

Another quick follow up question, I just realized you mentioned that I’d need to sign into my Tailscale account for both NAS machines for this to work, however, if the other NAS belongs to my brother and he also wants to back up to my NAS, can he sign into the Tailscale installed on his machine with his account if it’s already been installed and added to my account? Does that make sense? So if he wanted to sign into his NAS from his laptop while he’s away from his LAN, would he need to also use my Tailscale account on his laptop?

If he uses his own Tailscale account on his NAS instead of me using my account on his machine, would the share feature work? Sharing your nodes with other users · Tailscale Docs.

Will · May 11, 2023, 9:11pm

Yes! You would simply share the device with him and it should work!

lukashino · January 2, 2024, 8:26am

Possibly for others -
You can check if Step 2 is configured correctly by checking the Tailscale app.
It opens something like:

Devicename
XXX.XXX.XXX.XXX
Debug info: Tailscale 1.38.4, tun=false, DSM7 (outgoing access not configured)

I had it misconfigured when I set up the boot-up task and selected my DSM admin account that I normally log in with. Instead, you should really use “root” account.

edcoppen · January 5, 2024, 7:42am

I am backing up an entire system from one NAS to a remote NAS over tailscale thanks to the help in this guide. SpeedTest ran from the NAS itself reveals upload speeds of 18Mbps, but the average hyper backup transfer speed is only 3 Mbps. I have checked resources and this is not a hardware limitation. Is tailscale just slow?

If the answer is yes, what faster options are there? DDNS and port forwarding?