You can also easily turn your Synology Router into a VPN client and connect to an existing VPN (Virtual Private Network) server via PPTP, OpenVPN, or L2TP/IPSec protocols. If you have multiple VPN servers, you can also create specific VPN profiles for each server to quickly switch and connect to different VPN servers with a simple click.
Additional PPPD options: Enter additional Point-to-Point Protocol daemon settings.
Click Apply to save your settings.
To configure Auto settings:
Select Auto from the Connection Type drop-down list.
Configure the following:
Set as default gateway: Select Enabled or Disabled.
Enable Jumbo Frame: Select Enabled or Disabled.
HIDDEN-->
Click Apply to save your settings.
To configure Manual settings:
Select Manual from the Connection Type drop-down list.
Configure the following:
IP address: Enter an IP address.
Subnet mask: Enter a subnet mask value.
Gateway: Enter a gateway value.
DNS Server: Keep the preset value.
Set as default gateway: Select Enabled or Disabled.
Enable Jumbo Frame: Select Enabled or Disabled.
HIDDEN-->
Click Apply to save your settings.
To configure DS-Lite settings:
Select DS-Lite from the Connection Type drop-down list.
Configure the following:
Configuration type: Select Auto or Manual.
AFTR address: Enter your AFTR address.
B4 IPv4 address: Select your IPv4 address.
Set as default gateway: Select Enabled or Disabled.
Click Apply to save your settings.
ISP settings
You can configure ISP settings by clicking the ISP settings button at Internet > Connection.
When the Connection Type is Auto, fill in the fields: Hostname, DHCP client ID, and DHCP client option.
Your device hostname is case insensitive and can be in the range of 1 to 15 characters, consisting of letters, numbers, underscores and minus (-) signs. The first character of the name must be a letter.
When the Connection Type is PPPoE, enter your MAC address and click Clone.
ISP Settings (IPTV & VoIP) can only be set for connection types PPPoE, Auto, and Manual.
2. VPN settings
A VPN, or virtual private network, is a solution to meet the need to securely access resources on your private network from the Internet. For businesses or some individuals, with the need for expanding networking capabilities growing, the cost of this physical networking system and their technical support will increase exponentially. When considering the cost-efficiency and the long-term maintenances, VPN is a smart and increasingly attractive solution. With encryption and other security mechanisms, VPN technology allows business members to easily access the central network of the company and leveraging the resources in it just as in LAN. Individuals can also access resources on their home LAN when being far away from home.
Note:
Synology Router can only connect to OpenVPN servers which support tun-style tunnels on Layer 3.
Before installing the VPN package, make sure you have a VPN server to connect to. For better compatibility, you are suggested to connect to VPN services hosted on a Synology Router running the VPN Plus Server package. To set up another Synology Router as a VPN server, please install VPN Plus Server from Package Center, and refer to Help articles for instructions.
To connect to VPN:
Go to Network Center > Internet > Connection and click the VPN Settings button.
Click Create, and a window will open, prompting you to choose from the following connection types:
PPTP: PPTP (Point-to-Point Tunneling Protocol) is a commonly used VPN solution supported by most clients (including Windows, Mac, Linux, and mobile devices).
OpenVPN: OpenVPN is an open source solution for implementing VPN service. It protects the VPN connection with the SSL/TLS encryption mechanism.
L2TP/IPSec: L2TP (Layer 2 Tunneling Protocol) over IPSec provides virtual private networks with increased security and is supported by most clients (such as Windows, Mac, Linux, and mobile devices).
To create a PPTP profile:
When prompted to choose a VPN connection method, choose PPTP, and then click Next.
Pick a name for the new profile, specify the address of the VPN server you want to establish connection with, and enter your username and password for the server. Click Next to continue.
Note:
The username, password, and address of the VPN server should be provided by the administrator of the VPN server.
Choose one of the following authentication protocols from the Authentication menu to protect VPN client's password during authentication:
PAP: The password will not be encrypted during authentication.
CHAP: The password will be encrypted using CHAP (Challenge-Handshake Authentication Protocol).
MS CHAP: The password will be encrypted using Microsoft CHAP version 1.
MS CHAP v2: The password will be encrypted using Microsoft CHAP version 2.
If you chose MS CHAP or MS CHAP v2, then select one of the following from the Encryption menu to encrypt VPN connection:
No MPPE: VPN connection will not be protected with Microsoft Point to Point Encryption.
Require MPPE (40/128 bit): VPN connection will be protected with 40-bit or 128-bit Microsoft Point to Point Encryption.
Maximum MPPE (128 bit): VPN connection will be protected with 128-bit Microsoft Point to Point Encryption, which provides the highest level of security.
Note:
The authentication and encryption settings here must the same as the settings specified on the VPN server. For details, please contact the administrator of the VPN server.
Tick any of the following checkboxes depending on your needs:
Use default gateway on remote network: Enable this option to route the network traffic of the Synology Router to the specified VPN server.
Allow other network devices to connect through this Synology server's Internet connection: Enable this option to allow network devices that are within the same local network as your Synology Router to connect to the same VPN server.
Reconnect when the VPN connection is lost: If the VPN connection is unexpectedly lost, the system will attempt to reestablish the connection five times, attempting once every 30 seconds.
Click Apply.
To create an OpenVPN profile:
When prompted to choose a VPN connection method, choose OpenVPN, and then click Next.
Pick a name for the new profile, specify the address of the VPN server you want to establish connection with, and enter your username and password for the server.
In the Certificate field, click the Browse button to find and import the certificate file (e.g. ca.crt) that was exported from the VPN server. Click Next to continue.
Note:
The username, password, address, and certificate of the VPN server should be provided by the administrator of the VPN server.
Tick any of the following checkboxes depending on your needs:
Enable compression on VPN link: Enable this option to perform data compression before transferring data via VPN. This option might increase transfer speed, but will consume more system resources.
Use default gateway on remote network: Enable this option to route the network traffic of the Synology Router to the specified VPN server.
Allow other network devices to connect through this Synology server's Internet connection: Enable this option to allow network devices that are within the same local network as your Synology Router to connect to the same VPN server.
Reconnect when the VPN connection is lost: If the VPN connection is unexpectedly lost, the system will attempt to reestablish the connection five times, attempting once every 30 seconds.
Click Apply.
To create an OpenVPN (via .ovpn) profile:
When prompted to choose a VPN connection method, choose OpenVPN (via importing a .ovpn file), and then click Next.
Pick a name for the new profile, and in the Import .ovpn file field, click Browse to select and import an .ovpn file exported from the VPN server.
Enter the following information provided by your VPN server administrator: your username, password and import the CA certificate file (e.g. ca.crt).
If the VPN server provider has also provided you with a TLS-auth key, client key, client certificate, or a certificate revocation list, please click Advanced options and import them into their respective fields.
Click Next to continue.
Note:
The username, password, address, and any additonal files such as certificates or keys should be provided by the administrator of the VPN server.
Tick any of the following checkboxes depending on your needs:
Enable compression on VPN link: Enable this option to perform data compression before transferring data via VPN. This option might increase transfer speed, but will consume more system resources.
Use default gateway on remote network: Enable this option to route the network traffic of the Synology Router to the specified VPN server.
Allow other network devices to connect through this Synology server's Internet connection: Enable this option to allow network devices that are within the same local network as your Synology Router to connect to the same VPN server.
Reconnect when the VPN connection is lost: If the VPN connection is unexpectedly lost, the system will attempt to reestablish the connection five times, attempting once every 30 seconds.
Click Apply.
To create an L2TP/IPSec profile:
When prompted to choose a VPN connection method, choose L2TP/IPSec, and then click Next.
Pick a name for the new profile, specify the address of the VPN server you want to establish connection with, and enter your username and password for the server. You'll also need to enter the pre-shared key for the VPN server. Then click Next.
Note:
The username, password, address, and pre-shared key of the VPN server should be provided by the administrator of the VPN server.
Choose one of the following authentication protocols from the Authentication menu to protect VPN client's password during authentication:
PAP: The password will not be encrypted.
CHAP: The password will be encrypted using CHAP (Challenge-Handshake Authentication Protocol).
MS CHAP: The password will be encrypted using Microsoft CHAP version 1.
MS CHAP v2: The password will be encrypted using Microsoft CHAP version 2.
Note:
The authentication and encryption settings here must the same as the settings specified on the VPN server. For details, please contact the administrator of your VPN server.
Tick any of the following checkboxes depending on your needs:
Use default gateway on remote network: Enable this option to route the network traffic of the Synology Router to the specified VPN server.
Allow other network devices to connect through this Synology server's Internet connection: Enable this option to allow network devices that are within the same local network as your Synology Router to connect to the same VPN server.
Server is behind NAT device: By default, L2TP/IPSec protocol does not allow connecting to a VPN server behind a NAT device. Enable this option to bypass this limitation, allowing the Synology Router to connect to an L2TP/IPSec VPN server behind a NAT device.
Reconnect when the VPN connection is lost: If the VPN connection is unexpectedly lost, the system will attempt to reestablish the connection five times, attempting once every 30 seconds.
Click Apply.
3. IPv6 settings
Synology Router devices support IPv4/IPv6 dual stack schemes. This means that IPv4 and IPv6 can work simultaneously on your Synology Router.
To configure IPv6:
Go to Internet > Connection, click the IPv6 setup button, and select one of the following types from the drop-down menu:
Auto: IPv6 setup is Auto by default.
Manual: Manually set up IPv6 by entering information into the IPv6 address, Prefix length, and Default gateway boxes.
6in4: Connect to the IPv6 network through a tunnel broker. You will need to fill in IPv6 address, Prefix length, Prefix, and Tunnel broker IPv4 address. This requires a public IPv4 address.
6to4: Connect to the IPv6 network through a tunnel broker utilizing anycast. This requires a public IPv4 address.
6rd: Rapidly connect to the IPv6 network through a tunnel broker deployed by your ISP.
DHCP-PD: Obtain an IPv6 prefix from the DHCP server via prefix delegation within your LAN. This requires ISP support and only works in router mode.
IPv6 Relay: Connect to the IPv6 network through upper layer WAN services.
FLET's IPv6: Connect to the IPv6 network through FLET’s ISPs.
Off: Disable IPv6 support.
To configure IPv6 router:
To be an IPv6 router and have ability to set DHCPv6 server, go to Local Network > IPv6:
Tick Enable IPv6.
Select an IPv6 router mode:
Stateless mode: Automatically configure an IPv6 address by MAC, and will not get IPv6 DNS.
Stateless DHCPv6 mode: Automatically configure an IPv6 address by MAC, and obtain DNS information via DHCPv6 client.
Stateful mode: Obtain IPv6 address and DNS information via DHCPv6 client.
Note:
You will get an IPv6 address from your ISP in PPPoE connection. Therefore, you can only select IPv6 router mode when using PPPoE.