obviously wish these connections to be as secure as possible, but I also really want the folders and files I map to appear in the 'Windows Explorer' view as though they were local, (without having to consider FTP or SFTP options).

You really, really don't want to be doing that. Allowing remote access using SMB ( even if you could configure it ) is a huge security risk.

Does your NAS provide any support for a VPN server ?

That is the secure way to do what you want. You have a VPN server hosted on your local network, you connect a client to the VPN and then you can access files as though you were on the local network.

Hi MisterW,

thanks for your reply. Security is a concern, so I was resisting making any modification to the router settings / DMZ stuff before altering!

My NAS does support functionality as a VPN server. I'm aware that many of my queries will become mostly focused on that hardware, so I'll head elsewhere for support on those matters, should they arise.

I would be appreciative if you could point me in the direction for Plusnet Router Settings for VPN access, is there a guide somewhere to follow?

Thanks again,

Regards,

Josh.

My NAS does support functionality as a VPN server.

Then configure the VPN server on that.

I would be appreciative if you could point me in the direction for Plusnet Router Settings for VPN access, is there a guide somewhere to follow?

On the HUB one You will need to forward ports ( depending on the VPN protocol ) to the NAS. The NAS documentation ought to tell you what protcol it supports and what ports need forwarding.

Hi,

thanks again. VPN Server up and running, now just attempting to set the correct ports to forward. I've settled on OpenVPN as my protocol choice, as this seems to only require port 1194 forwarding, is this correct?

I'm also being asked for a Dynamic IP Range to be provided, the default settings loaded on my NAS config are in the range 10.8.0.X, is this a suitable setting for operating when connected to a Plusnet Hub One, or is a different range more suitable?

And when making a VPN connection from a remote Windows PC, am I correct in thinking that the 'Server name or Address', now simply needs to be filled with [MY.PLUSNET.STATIC.IP] : [1194] / [OPTIONAL LOCAL FOLDER]?

Apologies for the questions, I'm rather new to this level of networking set-up, and I want to ensure I get things right!

Kind regards,

Josh.

as this seems to only require port 1194 forwarding, is this correct?

I believe it requires UDP port 1194

I'm also being asked for a Dynamic IP Range to be provided, the default settings loaded on my NAS config are in the range 10.8.0.X, is this a suitable setting for operating when connected to a Plusnet Hub One, or is a different range more suitable?

I haven't got detailed knowledge of how the NAS will allocate Ip addresses, but you need it to allocate addresses in the same subnet (192.168.1.x) as the PN router I would have thought. However you need to ensure that it doesnt duplicate any IP's that the Hub one can allocate. I suggest trying a range 192.168.1.10 - 192.168.1.20 , that is out of the Hub one's default DHCP range.

And when making a VPN connection from a remote Windows PC, am I correct in thinking that the 'Server name or Address', now simply needs to be filled with [MY.PLUSNET.STATIC.IP]: [1194] / [OPTIONAL LOCAL FOLDER]?

Not quite, you just make the VPN connection to [MY.PLUSNET.STATIC.IP] OR you could use <acccountname>.plus.com

You are then on the local network and can map a network drive just like you would when connected locally

Hi there,

I attempted to set my OpenVPN Dynamic IP Address range to 192.168.1.XX (I have no ability to set the forth number on my configuration interface), and the system error-ed with the message 'This IP Address is already being used by a device or VPN on the network'. So I have altered the range to start at 192.168.2.XX. This seems to have been accepted, is it likely to work from the Router's perspective?

I have also included an image of my Port Forwarding settings, (for creating a new 'Application or Service') that I hope you could review, as I'm so new to this, I want to ensure my configuration is correct. I have then set the port forward rule for the application 'OpenVPN', to talk to device '[MY NAS IP]', which is being statically assigned by the Plus Hub One.

Thank-you again for being so free with your assistance MisterW.

Kind regards,

Josh.

@BackFire 

Some NAS manufacturers offer a "midpoint" service to achieve remote access where your NAS connects to their service and you then connect in via their "midpoint".

Otherwise I've found having a router that allows for inward VPN connections works nicely.

Hi,

I know my NAS manufacturer does indeed offer this service, but I'm eager to attempt configuration myself, just to expand my knowledge of VPN / Networking. It's a major reason I decided to plump for a static IP from Plusnet; I've also a few home automation projects I'm keen to build.

Thanks for the advice.

Kind regards,

Josh.

The Plusnet static IP address is a very handy feature.

I think it's quite likely that if, for example, you have a Synology router and it offers a VPN termination service it would be reasonably secure but as a general principle I'm not comfortable exposing LAN devices to the Internet.

I would also be extremely cautious with home automation equipment as that has a mixed record with security.

At the very least I might consider a second router "behind" the first one for devices where security is important.

With a more capable router you can create segregated networks for different devices but the Hub One doesn't do that.

Morning all,

well, still persevering with this; but making some progress 😄 !

After discovering that Windows 10 does not natively support OpenVPN, (I guess I should've figured this from the name) and a client application would be required; exactly what I was hoping to avoid, I've opted for L2TP/IPSec instead as a VPN protocol on my NAS.

( @markhawkin it is actually a Synology unit, a good guess! )

I have set port forwarding on my Plus One Hub, as indicated in the image attached to this post. So the only port-forwarding related options changed anywhere else away from the system defaults, is to assign my "Game/Application" as defined in the image below, to forward to the 'Device', that is my NAS.

My NAS still receives it's private IP address from the router via DHCP, but this is set to be a static IP by the router.

Are all these settings for the router correct, and/or, am I missing any settings for the Plus One Hub to enable L2TP/IPSec based VPN connections?

At the moment, I'm simply trying to ensure the router configuration is 100% correct, before continuing to connection-problem solve at the NAS / VPN Server side of things, which I know is off-topic for this forum.

Kind regards,

and thanks for all the help & input folks!

Josh.

Was there a pre-defined application for IPsec VPN ?

I think protocol 50 needs forwarding as well as the ports and the pre-defined application does this

Hi @MisterW,

no pre-configured 'application' as far as I could see for IPsec, or any other protocol supported by my NAS VPN Server. The only reference to a VPN of any kind, was for 'Bay VPN', in my existent applications drop-down.

You mention port (protocol?) 50 may also need to be open? I've followed the guide made available at ( https://www.synology.com/tr-tr/knowledgebase/DSM/help/VPNCenter/vpn_setup ), which only mentions ports 1701, 500, and 4500 (All UDP) being required. But if you believe 50 is also necessary then I will add this.

The ONE element, that I am now struggling to comprehend, and again I offer my apologies; is my NAS L2TP/IPSec configuration options for what they refer to as "Dynamic IP Address". Now, I know this is more of a NAS set-up related question, so forgive me asking it here, but I'm hoping some-one will be generous with an answer (and hopefully I'll understand it!). What settings are most suitable for this field, given my application...?

The article I have followed states:

[quote]

Dynamic IP addresses allowed for VPN server should be any of the following:

• From "10.0.0.0" to "10.255.255.0"
• From "172.16.0.0" to "172.31.255.0"
• From "192.168.0.0" to "192.168.255.0"

[/quote]

And I know that my Plusnet Hub One is configured to operate within it's "default" DHCP IP range ( 192.168.1.64 - 192.168.1.253 ), I have also configured my Hub to provide a static private IP to my NAS. Essentially my question is; does the "Dynamic IP Address" Range selected in my NAS VPN Configuration have any impact on my Router DHCP settings, or does my current Hub One configuration lead to any issues arising for my NAS VPN?

All this, given that I can only set the first three "most significant" if you will, IP address sub-fields in my NAS VPN configuration. And having previously attempted to set the "Dynamic IP Address" of my NAS VPN configuration to be [192.168.1.XX], resulted in an error, as mentioned previously above.

Thank-you all contributors for your input so far. I will be happy to write a final post into this thread with my functional settings and configuration (obviously with any actual private details properly redacted), so others may benefit.

Kind regards,

Josh.

I was hoping someone may be able to assist, as I'm pretty confident I've got my systems configured correctly; but I am still unable to connect to my NAS-hosted VPN remotely with Windows 10.

Key points;

I have a Plusnet-Provided Static Public IP - It is to this address I set the VPN Connection to communicate with.

My "Plusnet Account Firewall" (https://portal.plus.net/member-centre/broadband/firewall) Is set to Off.

I have forwarded UDP ports 50, 450, 1701 & 4500 to the device that hosts the VPN Server (A Synology NAS).

This Synology NAS receives a static private IP from my Plusnet Hub One.

I have set inbound and outbound port exemptions on the remote PC from which I try to connect.

My Plusnet Hub One has "Port Clamping" enabled.

My Plusnet Hub One Firewall Configuration is set to "Default".

I am attempting an IPSec / L2TP connection with a pre-shared key.

My network admins responsible for the remote site from which I attempt to connect assure me they undertake no NAT or port blocking on their network.

Could anybody point out if any of these settings are incorrect, or if I have missed anything? I'm so eager to get this working, and I am sure it must be possible. I have phoned Plusnet Support, but they simply advised that they do not provide VPN issue support; which is fine.

But somebody MUST have wanted to connect to a NAS, when the unit is connected to a LAN which has a publicly static gateway IP! Surely!

Many thanks in advance, apologies if I am missing something basic.

Josh.