How to Hyper Backup to a Remote Synology NAS, using TailScale (without port forwarding)

Synology
, ,
1

Overview

You cannot use quick connect when backing up a NAS using hyper backup. Instead Synology recommends you use port forwarding, and DDNS. However if you do not have the ability to do port forwarding on the remote backup destination (because you have StarLink or any other CGNAT) this becomes impossible.

However you are able to use the free tier of TailScale to do this.

This was in response to a post by @ranord50

How to use Hyper Backup over TailScale on Synology

Step 1: Install the TailScale package on both Synologyā€™s

You can do this fairly easily using the package center, and signing in with the same google account. You will get a ā€˜TailScaleā€™ IP which will be 100.x.y.z for both NAS units.
You will also want to disable key expiration on TailScale for both units

Step 2: Setup DSM to see the TailScale network

Due to increased security since DSM 7 Synology does not allow packages to add routes (by default). This would mean that while you can connect to the Synology over TailScale, the Synology cannot see anything on TailScale. Meaning it would not be able to send the Hyper Backup, to the remote Synology.

But TailScale has a solution for this! Follow the steps in this article (starting at Enabling Synology outbound connections) on the NAS you want to Backup

The Synology will be able to communicate outward on the TailScale network.

Step 3: Run the Hyper Backup job

Now its easy! Install Hyper Backup on the NAS you want to backup and Hyper Backup Vault on the backup unit.

Next just create the backup task as you normally would, following the steps in this video

When you input the ā€˜Remote NAS IPā€™ enter the 100.x.y.z TailScale IP of the backup unit.

And you should be done!

5 Likes
2

Was looking for this guide, question though: do you still need to select port 6281 on the backup destination settings window if youā€™re using the Tailscale IP address?

3

Yes you still need to use the port! But you do not need any port forwarding

1 Like
4

Another quick follow up question, I just realized you mentioned that Iā€™d need to sign into my Tailscale account for both NAS machines for this to work, however, if the other NAS belongs to my brother and he also wants to back up to my NAS, can he sign into the Tailscale installed on his machine with his account if itā€™s already been installed and added to my account? Does that make sense? So if he wanted to sign into his NAS from his laptop while heā€™s away from his LAN, would he need to also use my Tailscale account on his laptop?

If he uses his own Tailscale account on his NAS instead of me using my account on his machine, would the share feature work? Sharing your nodes with other users Ā· Tailscale Docs.

5

Yes! You would simply share the device with him and it should work!

9

Possibly for others -
You can check if Step 2 is configured correctly by checking the Tailscale app.
It opens something like:

Devicename
XXX.XXX.XXX.XXX
Debug info: Tailscale 1.38.4, tun=false, DSM7 (outgoing access not configured)

I had it misconfigured when I set up the boot-up task and selected my DSM admin account that I normally log in with. Instead, you should really use ā€œrootā€ account.

1 Like
10

I am backing up an entire system from one NAS to a remote NAS over tailscale thanks to the help in this guide. SpeedTest ran from the NAS itself reveals upload speeds of 18Mbps, but the average hyper backup transfer speed is only 3 Mbps. I have checked resources and this is not a hardware limitation. Is tailscale just slow?

If the answer is yes, what faster options are there? DDNS and port forwarding?

1 Like
11

Awesome! Questions:

  1. Should transfer encryption be on/off when backing up remotely using Tailscale?
  2. Would the Tailscale method work for Snapshot Replication in the same manner? If so, is the enabling outbound connections step still required?

Thanks!

12

Neophyte synology user hereā€¦ Iā€™m really struggling to get this to work. I Have one synology on my home network and another at work as a remote back-up (in theory). Both are connected to my tailnet and Iā€™ve verified that tailscale is able to communicate outwardly by adding the root boot-up task to both synologys. Despite all this, when I go to connect my hyper back-up, I still see ā€œTarget offlineā€.
Iā€™ve been trying to figure this out for a couple weeks now and simply canā€™t get thereā€¦ any suggestions would be greatly appreciated.

13

This works great for a while but every few months my backups start failing when the destination machine SSL certificate updates and I have to manually trust the certificate again to resume backups. Any solution for this?

14

hi! I have exactly the same problem. Backing up from my first NAS to my second NAS works fine when they are both on my local network. I have set up Tailscale for both NASā€™s and my desktop and it seems to run fine (i.e. I can access all using the tailscale ts.net address) but when I enter the Tailscale IP address of the back-up NAS as Remote NAS IP it says ā€˜target offlineā€™. How can this be fixed?

15

hi! Backing up from my first NAS to my second NAS works fine when they are both on my local network. Once the first backup was done I have set up Tailscale for both NASā€™s and my desktop. It all seems to run fine (i.e. I can access all using the ts.net adresses) but when I enter the Tailscale IP address of the back-up NAS as Remote NAS IP it says ā€˜target offlineā€™. How can this be fixed?