One of the best features of a NAS is the ability to access your files even when you’re not on your home network. Synology has robust mobile clients to access your media collection and documents over the Internet, using its secure tunneling service called QuickConnect.

I’ve been using QuickConnect for several years now and I’ll give a brief explanation of what the service has to offer. But given the recent series of ransomware attacks on mainstream NAS manufacturers, I decided to use a VPN to securely connect to my NAS when I’m outside my home network.

Tailscale is that VPN utility, and in this post I’ll talk about how to set it up on your NAS and why you should do it now.

QuickConnect: Synology’s relay service gets a lot of justice

QuickConnect is Synology’s built-in relay service that allows you to connect to your NAS over the Internet. As a high-level overview, QuickConnect makes it easy to connect to your NAS without having to manually forward ports on your router.

It does this by assigning each NAS a unique ID. So when you try to access your media collection with DS video, instead of writing your NAS IP address, just enter the server ID and your username and password and you can login.

When you are in your home network, it uses LAN discovery to identify the NAS IP and connect to the server. But when you use mobile data or try to connect to your NAS from another location, QuickConnect sets up a virtual tunnel to see if the NAS can be accessed via the WAN address.

NAS relay

(Image credit: Android Central)

If that is not feasible, the service uses Synology’s relay server to establish a connection between the client device you are using and your NAS. Synology has easy-to-understand documentation that explains how QuickConnect works, and also goes into detail about the security of the service.

In short, QuickConnect provides the easiest way to remotely access your NAS, and it works seamlessly with Synology’s top-of-the-line utilities such as DS audio, DS video, DS file, and so on.

Although I’ve been using QuickConnect for a long time, I wanted to use a Wireguard-based tunneling solution for more security. So I disabled QuickConnect and switched to Tailscale.

Tailscale: Access your Synology NAS from anywhere

Tailscale is a no-configuration VPN that allows you to securely connect to devices over the Internet. Unlike a traditional VPN that relies on a central server, Tailscale uses a peer-to-peer mesh network to facilitate connections.

The best thing about Tailscale is that it takes less than 10 minutes to set up. The service is based on the Wireguard protocol, uses hourly key rotation and has no traffic through Tailscale’s servers. All traffic is encrypted by default, so you are assured of a secure connection. Let’s take a look at how to set up Tailscale on your NAS.

Tailscale and Synology: Set Up and Use

The main differentiator for Tailscale (other than the security) is how easy it is to set up and use. The Tailscale client is available on DiskStation Manager by default and installing it on your NAS takes a few minutes at most. Here’s what to do:

Navigate to the Synology Package Center. Enter Tailscale in the search box. Select Install.

After Tailscale is installed on your NAS, you need to log in to the service. Tailscale does not use its own authentication system; instead, it works with leading SSO identity providers, including Google, Microsoft, GitHub, and more.

All you need to do is authenticate with your Google or Microsoft account, so the same on each of the client devices you want to use Tailscale on.

After logging in, you will enter the admin interface where you can see the machines connected to your Tailscale network (Tailnet). You should see your NAS listed here with Connected status.

You should also see an IP address next to your NAS. This is the Tailscale IP, which is what we will use to connect the NAS to client devices. I’m using the Galaxy S22 Ultra as the client device for this guide, but you can download Tailscale on just about any platform.

First, you need to install Tailscale on Android and once that’s done, use the same identity provider you used with the NAS to log into the service. After logging in, you will see your phone name along with a unique IP address and the other devices on your Tailscale network, including the NAS.

Select the switch at the top to connect your phone to the Tailscale network and you are connected to the secure Tailnet tunnel. Now all you need to do is use the Tailscale IP of the NAS to connect to your home NAS server.

In the My Devices list, press and hold the NAS IP address to copy it. Now go to DS file, DS audio or any of the other Synology mobile clients you want to use and paste the Tailscale IP of the NAS into the Address field.

Then enter your NAS username and password and press Login to access the server. That’s all! You can use the same system for other devices that you want to use with Tailscale; just install the service, connect to your Tailnet and use the Tailscale NAS IP to connect to your home server.

Tailscale is the way forward

I’ve been using Tailscale for a few weeks now and it’s been a real revelation. I had no issues using the service to access my NAS when I’m outside my home network, and the ease of use coupled with the security provided makes it a no-brainer.

If you are using a Synology NAS and looking for a secure way to access your NAS over the internet, Tailscale is the right choice. Make sure to disable QuickConnect once you are done switching.

This post How to securely access your Synology NAS anywhere

was original published at “https://www.androidcentral.com/accessories/how-to-securely-access-your-synology-nas-from-anywhere”