How do I connect to Synology's VPN Server via Mac?

How do I connect to Synology's VPN Server via Mac?

Purpose

With Synology's VPN Server package, your Synology NAS can become a VPN server, allowing DSM users to remotely and securely access resources shared within the same local area network as your Synology NAS. This article demonstrates how to connect to Synology’s VPN Server using macOS.

Environment

  • You have installed and set up Synology’s VPN Server package. For detailed setup instructions, please refer to this article.
  • You are using a user account belonging to the administrators group (Only DSM users belonging to the administrators group can install and set up a VPN Server).
  • This example uses macOS version 10.15.7.

Resolution

  1. Set up L2TP/IPSec VPN Connections
    1. On your Mac, go to System Preferences from Apple menu.
    2. Go to Network.
    3. Click the + icon in the lower left corner to create a new connection.
    4. Select VPN for Interface and L2TP over IPSec for VPN Type. Name this VPN connection in the Service Name field and click Create.
    5. Enter the IP address of your Synology NAS in the Server Address field and a valid DSM username in the Account Name field.
    6. Click Authentication Settings. Enter the user's password in the Password field, then enter the pre-shared key from your Synology VPN Server in the Shared Secret field.
    7. Click Connect to establish the VPN connection.

  2. Set up OpenVPN VPN Connections
    1. Go to VPN Server > OpenVPN and click Export configuration. Extract the exported file. You should see a openvpn.ovpn and README.txt file.
    2. To download and install Tunnelblick, an OpenVPN client for Mac, visit this website.
    3. Enter your User Name and Password to install Tunnelblick on your Mac. Click OK.
    4. Click I have configuration files.
    5. Open the exported file openvpn.ovpn with TextEdit and replace YOUR_SERVER_IP with the public IP address of your Synology NAS. If you wish to send all traffic over VPN, remove # from #redirect-gateway def1. Save the file after editing.
    6. Drag and drop the edited openvpn.ovpn file on the icon of Tunnelblick in the menu bar.
    7. Choose whether or not you wish to install configuration for all users.
    8. Click the Tunnelblick icon and choose Connect VPNConfig.
    9. Enter the Username and Password of your DSM and click OK to establish a connection.
    10. Choose VPN Details to check the connection status. You can disconnect by clicking Disconnect.

  3. Configure Gateway Settings for VPN Clients
  4. To set your VPN as the default connection:

    This method spares you complex network settings by directing all network traffic over VPN connection, but it may slow the connection.

    1. On your Mac, go to System Preferences > Network, and click the VPN connection on the left panel.
    2. Click Advanced... > Options, and tick the checkbox for Send all traffic over VPN connection.1 Click OK when done.

Notes:

  1. Enabling this option causes the external IP of your device to become the external IP of the VPN Server. If you haven’t set the VPN connection as the default gateway, you may not be able to access your Synology NAS (or other devices within the same network) via VPN.
Purpose
Environment
Contents
Resolution
Set up L2TP/IPSec VPN Connections
Set up OpenVPN VPN Connections
Configure Gateway Settings for VPN Clients
Further reading