How to Twingate Remote Access to Synology (no port forwarding)
Вставка
- Опубліковано 27 січ 2023
- Thanks to Twingate for sponsoring this tutorial.
This tutorial goes over how to setup Twingate on a Synology NAS using Docker. This allows you allow remote access to specific devices on your network, to remote users without using port forwarding.
Sign up for twingate: www.twingate.com
Hire Me! www.spacerex.co/hire-me/
Support the Channel & Get Early Access to ALL Videos: / spacerexwill
#Twingate #Synology #Tutorial
Twingate on Synology Guide: www.twingate.com/docs/how-to-...
My RaspberryPi Twingate tutorial: • Access your RaspberryP... - Наука та технологія
Thank you for such a great, easy-to-follow tutorial.
Thanks for a great video. Works a charm - after a few adjustments.
Hey thanks! Great tutorial. I couldn't get tailscale to work for me but this works perfect
Didnt work with the new DSM 7.2 but got the information to make it work with the documentation of the page, this time is with the container manager no longer docker, still got a lot help from this video, thank you alot!
worked so well, thank you! not having port forward on Telstra 5G has been a big pain in the bottom! finally a solution to get into an old camea system!
Excellent review thanks
That’s awesome! There is a similar video that Network Chuck posted not too long ago. In his video he used Cloudflare.
Interesting. Thanks Will
Cheers for the recommendation about snapshots, just saved my ass on a project.
It will do that!
I wish I would have heard you discuss if NAS to NAS onsite to offsite would work through Twingate using Hyper Backup reliably or not. I had it working with Tailscale for 7 backups, then it disconnected from the Vault and I could not get it to connect again since. Looking for alternatives.
Good Video! You can deploy Tailscale to access the whole network
you can if you use VPN called PureVPN on the nas yes or on your own router it works yes
Great video. Just curious as I don’t use it, but what’s the advantage of using this over Cloudflare zero trust?
Hey Will, another great video. Thanks for always bringing good content, lessons and tips for us. I have two questions tho.
1-Does all the traffic goes through Twingate, therefore my local network as a regular VPN would? Or
2-Is it safer/better to vpn (OpenVPN) into my router and access my network “locally”?
As for 2 my only concern about twingate is are they thrustworthy. I mean Tailscale or Zerotier are already well stablished in the market and Twingate is a new player. I really hesitate to install anything which may turn out a troyan horse for my network.
Thanks for the tutorial. Although it may not be Twingate's purpose, but it'd be nice to have a Twingate client app for Synology. That way local NAS could connect to a remote NAS via Twingate securely to run syncs or backups with something like Hyper Backup.
Anyone aware of any method to achieve this?
What is the speed comparing between Twingate and OpenVPN?
can a synology use this to connect to a synology nas on another network? Since the connection you demonstrated is established via the iphone Twingate app, not sure if it's possible to use a synology to establish a connection to a remote network.
Hi Will! I am new to this. I just bought a new DS923 after watching your great videos. I was able to setup the nas with your tutorial. I was able to map a network drive to my nas and it works perfectly at home. Now I am trying to connect to my nas remotely. It looks like Twingate is a pretty good option. Can I access my nas with the mapped network drive after I connect to Twingate or do I need to use VPN? Any help would be greatly appreciated.
This works for my servers but it's not working for Synology.
Thanks
Can I use this to backup on a remote Raspberry if the NAS doesn’t recognise UPnP on my router ?
Can I use this to backup my NAS to a remote NAS USB port somehow? Thanks for the tutorials they have been extremely helpful!
I use VNC Viewer. No need to setup of multiple connectors.
After setting up Twingate, should I be reversing any settings (like ports forwarded) from my original QC setup?
Thanks mate, very good tutorial. Now it workes!!
I found this application via the UA-cam channel of NetworkChuck (video: "the END of VPNs?!"), but with your help I got it to work :)
Thanks again!
Would I be able to run a sync task to an offsite Synology NAS using this?
how can i access the nas through twingate using ds file on iphone? i need to use ds file app and not safari. Thank you
We have Local PBX (ETERNITY PE6S) installed by the local ISP in our office LAN. Is it possible to allow remote SIP clients to register and make call to our to local SIP clients within our LAN using Twintage ? I've been trying to do this with port-forward my pfsense firewall with no success. We can only ring local sip client but no sound when you the phone.
hello @SpaceRex what are the firewall Port rules?
I can't get twingate to connect if i turn on synology firewall when i with TCP port rules 30000-31000 and 443
If i disable firewall I can connect to twingate but that is not good practice
Bedankt
Hi Wil, In march I bought a DS1522+. The video's of you and the channel Wundertech helped me from someone who did not even know what a NAS is, to almost a minor expert. Today I decided to buy you a coffee as thanks.
Thanks man!!!
Tailscale uses wireguard as its backbone. What does twingate use?
Hey Will, many thanks for this great video. I have followed your tutorial and instead of using the IP address for the Twingate connector, I have used the DDNS hostname. Unfortunately, it is not working :( and am not sure what needs fixing - as all steps in your tutorial were followed, and the Twingate is working - as far as I have been able to determine - but I do not gain access to the NAS using the mobile :( Please Help ! Claudio
I've got a notification on Twingate to update the Connector. Can you do a tutorial how to do that? Thank you.
Thanks for the video. What rules should be added to Synology firewall, because it doesn't connect to Connectors when firewall in on
All firewalls rules should be done through Twingate of allowing users / ports, rather than the synology firewall
hey mate, with end users signign in.. only options they have to sign in is with google, microsoft and a feew other, i just want the end user to use a different email addy is this possible?
Excellent Video.
I have been using tailsafe and thought I would try twingate
I installed it on one synology nas - works fine.. it generated a new synology lan ip
I did the same procedure on several other synology machines, however, it never displays a new lan and ip on my synology.. I just see my regular lan?
Tried several times and on other synology devices with the same result
Each time Twingate displays my new resource and connected green, however, access activity says fail to connect to ip - which makes sense since my synology does not display a new lan.
Any help would be much appreciated
Thanks
can you add a demo of running updates on Connectors please?
This was a great tutorial. Any chance you can make a video on how to update the connector? Thanks!
So DSM 7.2 finally added support for automatic updates of containers! Otherwise you basically blow away the container and rebuild it
@@SpaceRexWill awesome! Thanks for the reply and great content. I really appreciate all your tutorials. Synology should really hire you to demo their products
Hi there I'm trying to remotely download a 25 gig video file from my Synology at home. I have a gig download/upload from my home (fiber), and where I am I have a gig download....And it's downloading now but the download is REALLY slow. Like 2 megs per second. Is there a setting I need to tweak or something?
Hey how would I be able to update Twingate within my docker?
Does Twingate support U2F?
I have installed Tailscale on either devices and the devices are separated geographically . Synology NAS is mapped on to Windows Machine but when we transfer files to Synology NAS Mapped drive , is very slow.
Any advice to speed up the process?
So could I use this to access Jellyfin remotely? I can’t do port forwarding (thank you ISP) and from my knowledge QuickConnect does not work for Jellyfin, pls correct me if wrong.
Can a Apple TV remote access thru Plex or Infuse?
Do you have a tutorial showing how someone can connect Filezilla to synology?
What about Hyper backups to a remote Synology nas? Would that work?
I have a question about a change. This worked great, however, I had to do a reset of my network and now have a new ip address. How do I update the ip address with Wingate in docker? Or is that where you update the ip address? Thanks for you all you do!
Figured it out. In case anyone needs it, you just change it in your twingate account. Login to twingate and change it there.
Doesn't Quick Connect accomplish the same goal - to access your files remotely? I like that Twingate adds a layer of security, beyond that I'm not sure there's a reason not to just use Quick Connect. From other videos of yours' , I saw a hesitancy about using Quick Connect but I haven't seen you expand on why. Perhaps a new video topic? I'm fairly new to this and am soaking up it up as fast as I can. You've taught me a lot. Thx
So you get the extra security, but you also can use things like active backup for business over this, where synology will not let ABB run over QC
Would this work for Plex on my Synology too? Because of my ISP NAT situation I can’t use port forwarding a which means I can’t use Plex outside of my home (I can only use their rely service which is capped at 480p). It would be amazing if that’s possible
Yes it will!
@@SpaceRexWill this is awesome! I just tried it and it worked perfectly!! You have no idea how much research I did to solve this issue only to be more frustrated every time and this completely solved it! Thank you!!
Awesome! Glad this helped!
So you didn’t have to exposure port 32400 on Plex?
i absolutely give up! i've watched your tutorial and wundertechs and i can't get this setup on my nas. i don't know if something is blocking it but i also don't know how to find out either.
What's the difference between Twingate and Tailscale?
Thank for the great video. I have 2 question, 1. how do I pass `--sysctl net.ipv4.ping_group_range=\"0 2147483647\"` into the docker GUI? I can't ping twingate host network, but can be access. 2. How to resolve twingate host network hostname, I can't ping by hostname. Thank you for reading, hope to see your reply. Peace.
I have disabled the Docker for the Twingate solution on my NAS - I found that the disks ended up spinning 24x7 - with it disabled the NAS disks spin down, especially at night.
I will raise the issue with Twingate since the solution is potentially very promising.
NAS/SERVER Drives are designed to spin 24X7.... Ever tried accessing data on drives in sleep mode.... They have to spin up to the correct RPM's before any data is transferred.
Security aside, is there any benefit (speed, etc) of using DDNS over Twingate?
DDNS will (almost) always be aster than Twingate / and other VPN
@@SpaceRexWill Thank you sir!
plz help i cant download image twingate
Does traffic go through their network? Is it throttled or capped in any way?
It does hop through their relay severs, but I do not believe it’s throttled or capped, though that is just what I have seen using it
@@SpaceRexWill Thank you. Worth a closer look, then.
Thanks for the tutorial! Looks like simple and free VPN like WireGuard can accomplish the same thing. Am I wrong?
The difference here is this does not require port forwarding to work
Remember one thing. All your traffic transfers via their network. Yes running a VPN between your device and say the office is a much safer option and you have full control with only the VPN port for forwarding.
Another great tutorial. I have internet access thru Starlink at my second location. I had intended to have my backup NAS at my second place but without port forwarding that was not possible. Would Twingate give me the access I need so I can backup my primary NAS to my backup NAS using Hyper Backup?
Is it possible to use, for example, Synology Drive on macOS or Photos on Android in this way? Or rather everything has to be done through the browser?
You can do exactly this!
@@SpaceRexWill great! And what's the speed difference compare to QuickConnect? I think the second one is so slow even if I have 200MB/s upload on both sides.
Thanks for yet another great tutorial! Though my controller remains on 'Not yet connected'. At first I set this up from home for a remote NAS through Tailscale, figuring this might be the problem. I'm on site now and tried again, deleted the remote network and connector and started over, but it still remains on 'Not yet connected' (different connector name/instance). I thought I'd delete my 'Network' on the Twingate site in the settings, but this is not possible. Could this be the problem, that I created the initial 'Network' from my home PC rather then on the LAN where the NAS is located? Any help would be appreciated. I feel kinda stupid, cause it's such an easy tutorial. Figured it was going to be a piece of cake...
So the connector has to be on the same local LAN as the resources you are adding!
@@SpaceRexWill thanks for the reply. Yesterday I was on-site and tried again and added a new connector on the same local LAN, but I still got that same 'error'. I started with a clean slate except for the 'Network', because it seems I can't delete that. Any idea what's going wrong or how I can check?
@@SpaceRexWill Fixed it, I had to add port 30000 to 31000 to the firewall and no it works! Stupid mistake, completely forgot about that...
Is this similar to using a Cloudflare tunnel?
Yes. They all want your data Lol...... This is why many are offering it for free.
@@Crazy--Clown There is a way more safe you recomend?
4:18 light flex 😂
I notice when you plug in your IP, you have multiple options. I've only got LAN1 which is a static IP assigned from my router (192.xxx.x.xx).
Is that ok to use? Or do I need to obtain a public IP somehow?
You just want to log into your router, and give your NAS a DHCP reservation
@@SpaceRexWill I think I follow. I was able to go into my router and do an 'IP Allocation'. Is that any different from assigning a static IP or is that just ensuring it doesn't change?
I believe the NAS always shows the same IP (before doing any IP allocation).
Sorry if I'm not understanding fully, appreciate the input!
allocation is a dhcp reservation so this is correct!
@@SpaceRexWill Thanks Rex! I always thought using that IP vs a public IP was a bad idea. Maybe just doesn't apply in this case?
In this case that 192.168 or 10.x IP is a private IP that is routable through twingates network
Does twingate cap your upload limit to 100mb, like cloudflare?
It does not
@@SpaceRexWill Thanks
This has worked great but there is an update now and I don't know how to go about it.
So updating docker containers is really straight forward. All you need to do is blow away the old container and make a new one.
@@SpaceRexWill Thank you.
my log on docker :
error: Configuration error: none of ["TWINGATE_ACCESS_TOKEN", "ACCESS_TOKEN"] is set
nu werkt het wel via taakplanner een gedifineert script uitvoeren
If all traffic goes through Twingate, will Twingate knows everything of your data transferring?
They know as much as your ISP knows whenever you do something online
I can't get it to work. My guess is that is related to firewall rules on my synology and/or my unifi.
Unfortunately same. Twingate sees me trying to connect too, just says 'Failed to connect'
Weird, does the connector show up?
@@SpaceRexWill It does. I tried Tailscale as well and it just worked straight up. However Tailscale basically sets itself up since it has a package on Synology. It shows the NAS IP as 100.xx.xxx.xx instead of the 192.xxx.x.xx I was using with Twingate 🤔
Edit: I guess that makes sense, Tailscale still shows the 192.xxx.x.xx as an endpoint. So I guess I'm just not sure where the wires are getting crossed.
@@SpaceRexWill it doesn’t see it. I tried enabling port forwarding and that didn’t work. I’ll try some adjustments to the unifi firewall or what else would you recommend?
any company that asks for CC details can stick their service where the sun doesn't shine
It appears that you MUST GIVE THEM YOUR WORK INFORMATION TO EVEN SIGN UP!
Hm, isn't quickconnect basicly this?
The key difference is that only authenticated users can see the devices on the network with twingate vs quick connect where anyone can get to your login screen with your QC
I do not work with companies that require sign up via a service such as Facebook, Microsoft account, Google account etc rather than an email address / password. These types of companies try to collect entirely too much information from you.
I suspect that Twingate's logic is the same as Tailscale's - if they don't have your login details, then they don't become a hacking target to get at your device. Pick your poison.
David is correct, the reason many of them do not offer their own email / password is because authentication is really hard to do right. By piggy backing off of OAUTH of another company they don’t have to store your password
these companies really don’t care about your data, they really want to make money on cooperations.