TLDR: instead of making door stronger prevent thieves from getting to the door in the first place.
Latter one is useful for users that can’t be arsed with or can’t use VPN client: you could open application ports (remember - only for narrow network range some firewalls even allow to write rules for DNS names, so you can use their DDNS name in the rule: port will be open literally just for them) and Synology apps will just work with direct connection. Former is firewall bypass tool so unless you turn it off everything you did was in vain. It is two services: relay and connection facilitator. On quickconnect: read quickconnect whitepaper. Just realize that OpenVPN is not hardware accelerated so it will be bad for mobile users. But if it makes things easier - then why not. You then don’t have to go overboard with everything else, and don’t even need VPn strictly speaking. Both organizations have functional abuse department it’s very unlikely you will be getting probed from those networks. Your county may have public VPN endpoints of services that “don’t keep logs”, defeating “your country” filters.įor example, if you plan to connect from your phone and workplace - add DHCP ranges of your cell provider and your work. When we talk about site-to-site VPN connections in the Synology eco-system, then you will have to have certain prerequisites in place in order to configure it. You did a lot of overkill things (2FA), many useless things (disable admin and change ports) which are fine, but there is this one trick single setting that drastically reduces attack surface.Ĭonfigure your firewall to only allow connections from a very narrow address ranges and block everyone else. Now lets be clear, this is nothing groundbreaking new even in the Synology world, but it is also not so common unless you actually need it. Right now I haven't changed its settings nor the Firewall because tbh I don't know what I should change. Is there anything else I can do to secure my network? I also have a Synology NAS connected through this router and I want to disable Quickconnect in order to use it with the VPN instead. In the Firewall, the port opened for the VPN can accept incoming connection only from my country.
#SYNOLOGY VPN PLUS CLIENT PASSWORD#
Only one account is enabled for the Synology VPN, with a strong password and 2FA enabled.
Everything else except the SSL VPN is disabled. I have changed the default port (443) to something else and chosen TLSv12 as security level, AEAD as authentication and DHE-RSA-AES256-GCM as cryptography. I have never done anything like this before, so I just want to be sure to have the most secure configuration I can achieve. Recently I have enabled Synology VPN Plus on my RT2600ac.