OK, I had my VPN working, then my internet service provider pushed un update into my router/modem and I could no longer control my port forwarding directly on the modem (seems suspicious) I then shut off the router functions and turned their equipment into a modem only, connecting a secondary router (my own) to it with an ethernet cable. After a full day working through the L2TP/IPSec connections and the port forwarding with no luck, I watched this video and followed it through. I found one minor discrepancy between my work and this video - changed it and now VPN works like a dream. I would like to thank you for your well organized and properly sequenced video. Awesome
Very useful video, I was literally going crazy to make the vpn work on my Windows 10 machine and I solved it creating the regedit entry. Thank you very much!
Hi I need help. I have my main router that is connected to a Netgear Nighthawk Mesh. But when I go to “Router Configuration” -> “Set up Router “ on my Synology and perform a “Check Network Connection” I get a warning message, “Warning: Two or more routers were found in your network. Please consult your Internet service provider to set the modem/router to Bridge Mode, or try setting your router to Bridge Mode.” On the “checking network environment “
@daquma I'd suggest that you manually configure your router through it's interface, rather then have your Synology NAS try to update the configuration of the router through uPnP. Look for options for port forwarding and add in the appropriate ports that I mentioned in the video. Good luck!!
Hi, Superbe straight forward video! Highly apreciated! Good paced, and full of details. Superbe references, and well splitted according to what we are interested in! Very straight forward video with all the needed details! I already have a VPN/L2TP working from my IOS. I will now add Win-10/11 and Mac ... ;-) However, I wanted to ask two questions, if you do not mind; - What avout the set-up, as I have, to run a DNS Server on the Synology DSM 7 and have this one used for all the VPN/T2TP clients. I was not able to get these IOS standard VPN devices to resolve the hostnames (.local used as my Home-domain) I always restarted through the package center my VPN server after each modifications, e.g.. "Use Manual DNS OFF or ON while pointing to the IP of my Synology) - Must "Send all traffic" be activated on clients? It is not working at all (ip or FQDN) if disabled with L2TP. But works with OpenVPN. Does L2TP not support split Any hints? Greetings from Luxembourg
Hi LeLuc, thanks so much for the compliments on the video!! Regarding your question on using a DNS Server running on your Synology NAS for your L2TP/IPSec connection it kind of depends on the DNS server setup from what I'm finding. I don't use the Synology DNS server package and I specifically use Pihole running as a Docker container. In my case I use the Docker bridge IP address for Pihole as the DNS server for my L2TP/IPSec connection and it works fine. If you share a little more on how your DNS server is setup maybe I can point you in the right direction. Regarding the "Send all traffic" setting on the clients. I've only found L2TP/IPSec to work properly with that option enabled. Hope this information helps a little and nice to know I have a viewer from Luxembourg!! Aloha from Hawaii!!
@@digital_aloha I am happy on my side, to be able to exchange views with some nice guy from Hawaii ;-) ... These are the great thing of Internet ... Moving countries closer together ... I will then stick with LT2P and "Send all Traffic" enabled ... and focus on Pihole, as I have lot's of dockers running on my NAS. Furthermore I will try to switch to OpenVPN. But as the Synology implementation is quite old, RaspBerryPI will also here be an alternative ... Aloha from Luxembourg to Hawaii .. ;-)
@@lucr1016 I agree, the Internet is amazing in connecting people and making the world a smaller place. Good luck with your LT2P/IPSec setup and I can confirm that Pihole running on the same Synology NAS as the VPN server works fine. Have a look at my Pihole video if you need further reference -> ua-cam.com/video/1yG0p9gU104/v-deo.html. I also have an OpenVPN video if you need assistance in setting that up as well -> ua-cam.com/video/Wv4CfZ40rFE/v-deo.html. Best of luck to you in your setup!!
For port forwarding on my router, what should be the external ip's? Are they going to be the same you shared on the video? if that's so worth mentioning on the the video
Thank you for sharing the knowledge. On a Mac, I was able to seamlessly access my folders on the Synology. On Win10, I couldn't see the Synology on "Network". I couldn't map drive either. Is there a "send all traffic over VPN connection for Win10?
Hi Alpha Charlie, You're welcome!! Regarding your question on mapping a drive on Windows 10, I believe you need to just really be specific on the mount point that you enter. For example if I use \\192.168.81.14, I get an error that the mount point can't be accessed. But if I give it an exact mount point (\\192.168.81.14\home for example) I'm able to mount that SMB share just fine. Note also that the Synology won't be displayed under Network because that feature is only available when both devices are on a local LAN. Hope this helps? Good luck to you!!
I made a vpn to access via an I phone. I made an account just for VPN and restricted its access to only certain folders. But upon VPN connection I could see a wider range of folders than what I restricted, which I found odd. I basically want to give access from the VPN to just one folder on the synology. any ideas? TY for the video, great as always.
@jp27300 You're welcome!! Regarding your question, does the account that you setup for the VPN, when logged in and used locally on your LAN, have the restrictions on the folders in place? It does seem odd that over the VPN the user has more access than when setup locally connected if that is the case. Let me know and I'll see if I can troubleshoot that situation or, if you did figure out what was happening, if you could fill me in that would be great as well.
Thank you for this amazing video! I've followed it step by step and rechecked everything, but only 1 person can connect to the VPN at a time. What could be wrong ?
The video's really well made and easy to follow! Though I somehow still encountered issues when trying to connect to the VPN. Windows would show the error "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer".
Hi Tan, Thank you for the compliment on the video!! Regarding your problem it may be related to a Windows update causing the problem. Have a look at this forum link for things to try -> docs.microsoft.com/en-us/answers/questions/691993/can39t-connect-to-any-vpn-after-today39s-windows-u.html. Hope this helps... Good luck!!
Really good informative video. I do have a problem to reach the remote system from the home network. Using a teltonika router with L2TP to my synology. When connected I can from the teltonika network reach my home network devices. But I can't reach units on the teltonika network from my home. Is there a way to get it working "both ways" ?
Hi mippengbg, Glad the video was informative!! Regarding your question, I haven't really tested a site-to-site VPN setup using L2TP/IPSec. In this video the client can connect to the Synology NAS and the devices on the NAS's LAN, but not the other way around. In site-to-site VPN setups that I've created for clients I've used Tailscale and I have a few videos on using Tailscale if you are interested. The one that is most relevant is probably this one -> ua-cam.com/video/uJ8PsImiDrM/v-deo.html where you setup a Tailscale node as a subnet router. Hope this helps and good luck to you in your setup!!
Hi stan, If I had to choose I would go with OpenVPN. Both L2TP/IPSec and OpenVPN are very secure, but you'll get faster performance with OpenVPN. I've also seen where users of L2TP/IPSec have problems with their connections and I believe it may be related to their firewall setup but it seems to be hard to figure out (you'll see some comments here where people are having problems). Hope this helps? And good luck to you in your setup!!
You've just inspired a new video idea :) If you haven't gotten your L2TP/IPSec VPN connection setup with your iOS device you should be able to do so with the following instructions. 1. On your iOS device go to Settings -> VPN 2. Tap on Add VPN Configuration. 3. From the Add Configuration screen change/enter the following: - Type = L2TP - Description = Enter a description of your choice - Server = Enter your public IP address or domain name - Account = Enter your username for the L2TP/IPSec VPN connection - Password = Either leave blank to be prompted every time or enter in the password to save it - Secret = Enter in the pre-shared key you created earlier - Send All Traffic = Enable this option 4. Click Done 5. From the VPN screen tap on the newly created L2TP/IPSec connection that you created and toggle the Status - Not Connected switch. If all goes well you should see the status change to Connected and you'll be on the VPN. Hope this helps and good luck in your setup!!
Hi I have managed to set up VPN and connect on my Mac and shows as running and also Synology shows a connected in the connection list. However I am not able to ping or access any device on my network including my Synology. Do you have any suggestions?
Hi Adam, Glad you were able to get the VPN connection established, but it does no good if you can't get anywhere ;-). If you have the Synology NAS firewall enabled see what happens if you turn it off and try the connection after that. Other's seem to have issues when the firewall is enabled. Let me know how things turn out and I'll try it on my end and try to figure out the right firewall settings.
Great video! I followed it and was able to successfully setup my VPN server, but I cannot access local devices on my network (including the NAS). Any suggestions/tips on what to do? I'm authenticated to VPN and my public IP address has changed to that of the office where the Synology NAS/VPN is. On the VPN I have a private ip on he 10.2.0.x range and need to access a computer on the local network with an IP of 192.168.1.x. Thanks!
Hi Charles, Thanks for the compliment on the video!! Sorry for the delay in getting back to you and I'm even more sorry that I don't have an answer for you. I just redid my setup going, through the video again, and everything works fine for me. The only thing I would suggest is to make sure all of the ports required for L2TP/IPSec are being passed through your router and/or firewall through to your Synology NAS. It may be that you can connect, but not use the VPN properly, because all ports aren't being passed through. For your reference the ports are UDP port 500, 4500 and 1701. Good luck to you!!
great video! but i struggle with my firewall. without the firewall, everything works fine : i get access to the LAN and to the Internet through the VPN with the firewall, even though i authorized access to the open ports, I can only get access to the LAN but not the Internet anymore. Do you have any suggestions so I can have both VPN and firewall, and still manage to access the internet? thx :)
Hi R. B., I'm happy you liked the video!! Regarding your firewall if you don't mind sharing the rules you have setup I can try to assist. Firewall rules can be quite challenging.
AssumeUDPEncapsulationContextOnSendRule
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
for those who don't wanna type
@@jtrtsay I'm pinning the comment so others see this first!!
@jtrtsay Thanks for adding the long entries from the video to the comments!!
Thanks your video totally worked!
@@jtrtsay Awesome!! Glad the video worked for you.
A very useful tutorial! In my case everything went smoothly! For those who experience smb issue, you must connect to the IP of your vpn server! 👍👍
@alexader85 Glad you liked the video and I'm happy to hear the setup went smoothly. Thank you for the tip on connecting to an smb share as well!!
OK, I had my VPN working, then my internet service provider pushed un update into my router/modem and I could no longer control my port forwarding directly on the modem (seems suspicious) I then shut off the router functions and turned their equipment into a modem only, connecting a secondary router (my own) to it with an ethernet cable. After a full day working through the L2TP/IPSec connections and the port forwarding with no luck, I watched this video and followed it through. I found one minor discrepancy between my work and this video - changed it and now VPN works like a dream. I would like to thank you for your well organized and properly sequenced video. Awesome
Hi Tom, You're welcome!! I'm happy to hear that this video helped you get your L2TP/IPSec connection up and running!!
FInally found the answer! That mod to the registry did the trick. Thanks.
Hi Peter, You're welcome!! I'm happy to hear the registry mod did the trick for you!!
Thanks. Had trouble with this. Didn't know about the registry setting. Fixed my issue :)
Hi XtraLars, You're welcome! Glad the video helped you!
Very useful video, I was literally going crazy to make the vpn work on my Windows 10 machine and I solved it creating the regedit entry. Thank you very much!
Hi @ftrava, You're welcome... I'm happy that the video was helpful to you and that your Windows 10 machine is working properly now!
Great video as always, ive learned a lot from your synology DSM videos, thanks for your content keep it up...
Glad you like them! I appreciate the feedback and I'm happy to hear you're learning a lot from them. I'll keep making more ;)
@@digital_aloha awww shucks ! you replied, Made my day..... thanks heaps and yes your videos are very educational. thank you again
Hi I need help. I have my main router that is connected to a Netgear Nighthawk Mesh. But when I go to “Router Configuration” -> “Set up Router “ on my Synology and perform a “Check Network Connection” I get a warning message, “Warning: Two or more routers were found in your network. Please consult your Internet service provider to set the modem/router to Bridge Mode, or try setting your router to Bridge Mode.” On the “checking network environment “
@daquma I'd suggest that you manually configure your router through it's interface, rather then have your Synology NAS try to update the configuration of the router through uPnP. Look for options for port forwarding and add in the appropriate ports that I mentioned in the video. Good luck!!
Hi,
Superbe straight forward video! Highly apreciated! Good paced, and full of details. Superbe references, and well splitted according to what we are interested in! Very straight forward video with all the needed details!
I already have a VPN/L2TP working from my IOS. I will now add Win-10/11 and Mac ... ;-)
However, I wanted to ask two questions, if you do not mind;
- What avout the set-up, as I have, to run a DNS Server on the Synology DSM 7 and have this one used for all the VPN/T2TP clients.
I was not able to get these IOS standard VPN devices to resolve the hostnames (.local used as my Home-domain) I always restarted through the package center my VPN server after each modifications, e.g.. "Use Manual DNS OFF or ON while pointing to the IP of my Synology)
- Must "Send all traffic" be activated on clients? It is not working at all (ip or FQDN) if disabled with L2TP. But works with OpenVPN. Does L2TP not support split
Any hints?
Greetings from Luxembourg
Hi LeLuc, thanks so much for the compliments on the video!!
Regarding your question on using a DNS Server running on your Synology NAS for your L2TP/IPSec connection it kind of depends on the DNS server setup from what I'm finding. I don't use the Synology DNS server package and I specifically use Pihole running as a Docker container. In my case I use the Docker bridge IP address for Pihole as the DNS server for my L2TP/IPSec connection and it works fine. If you share a little more on how your DNS server is setup maybe I can point you in the right direction.
Regarding the "Send all traffic" setting on the clients. I've only found L2TP/IPSec to work properly with that option enabled.
Hope this information helps a little and nice to know I have a viewer from Luxembourg!!
Aloha from Hawaii!!
@@digital_aloha I am happy on my side, to be able to exchange views with some nice guy from Hawaii ;-) ... These are the great thing of Internet ... Moving countries closer together ...
I will then stick with LT2P and "Send all Traffic" enabled ... and focus on Pihole, as I have lot's of dockers running on my NAS. Furthermore I will try to switch to OpenVPN. But as the Synology implementation is quite old, RaspBerryPI will also here be an alternative ...
Aloha from Luxembourg to Hawaii .. ;-)
@@lucr1016 I agree, the Internet is amazing in connecting people and making the world a smaller place.
Good luck with your LT2P/IPSec setup and I can confirm that Pihole running on the same Synology NAS as the VPN server works fine. Have a look at my Pihole video if you need further reference -> ua-cam.com/video/1yG0p9gU104/v-deo.html. I also have an OpenVPN video if you need assistance in setting that up as well -> ua-cam.com/video/Wv4CfZ40rFE/v-deo.html.
Best of luck to you in your setup!!
For port forwarding on my router, what should be the external ip's? Are they going to be the same you shared on the video? if that's so worth mentioning on the the video
Thank you for sharing the knowledge.
On a Mac, I was able to seamlessly access my folders on the Synology.
On Win10, I couldn't see the Synology on "Network". I couldn't map drive either. Is there a "send all traffic over VPN connection for Win10?
Hi Alpha Charlie, You're welcome!! Regarding your question on mapping a drive on Windows 10, I believe you need to just really be specific on the mount point that you enter. For example if I use \\192.168.81.14, I get an error that the mount point can't be accessed. But if I give it an exact mount point (\\192.168.81.14\home for example) I'm able to mount that SMB share just fine. Note also that the Synology won't be displayed under Network because that feature is only available when both devices are on a local LAN. Hope this helps? Good luck to you!!
I made a vpn to access via an I phone. I made an account just for VPN and restricted its access to only certain folders. But upon VPN connection I could see a wider range of folders than what I restricted, which I found odd. I basically want to give access from the VPN to just one folder on the synology. any ideas? TY for the video, great as always.
@jp27300 You're welcome!! Regarding your question, does the account that you setup for the VPN, when logged in and used locally on your LAN, have the restrictions on the folders in place? It does seem odd that over the VPN the user has more access than when setup locally connected if that is the case. Let me know and I'll see if I can troubleshoot that situation or, if you did figure out what was happening, if you could fill me in that would be great as well.
Thank you for this amazing video! I've followed it step by step and rechecked everything, but only 1 person can connect to the VPN at a time. What could be wrong ?
Hi Alexander, Thanks for the comment on the video. Hopefully you got this resolved already (it's been a while since your comment/question was posted)?
Why everything on windows should always be so complicated? Why can’t it be just configurable without any additional steps and changes in the registry?
I hear you 😞. I don't think you should need to edit the registry to get this working, but it is what it is with windows.
The video's really well made and easy to follow! Though I somehow still encountered issues when trying to connect to the VPN. Windows would show the error "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer".
Hi Tan, Thank you for the compliment on the video!!
Regarding your problem it may be related to a Windows update causing the problem. Have a look at this forum link for things to try -> docs.microsoft.com/en-us/answers/questions/691993/can39t-connect-to-any-vpn-after-today39s-windows-u.html.
Hope this helps... Good luck!!
Did you find a solution for this? I'm running into the same problem.
Really good informative video. I do have a problem to reach the remote system from the home network. Using a teltonika router with L2TP to my synology. When connected I can from the teltonika network reach my home network devices. But I can't reach units on the teltonika network from my home. Is there a way to get it working "both ways" ?
Hi mippengbg, Glad the video was informative!! Regarding your question, I haven't really tested a site-to-site VPN setup using L2TP/IPSec. In this video the client can connect to the Synology NAS and the devices on the NAS's LAN, but not the other way around.
In site-to-site VPN setups that I've created for clients I've used Tailscale and I have a few videos on using Tailscale if you are interested. The one that is most relevant is probably this one -> ua-cam.com/video/uJ8PsImiDrM/v-deo.html where you setup a Tailscale node as a subnet router.
Hope this helps and good luck to you in your setup!!
@@digital_aloha thanks for the feedback. Chasing along with a site2site solution
Which is better - OpenVPN or L2TP/IPSec as Synology VPN server?
Hi stan, If I had to choose I would go with OpenVPN. Both L2TP/IPSec and OpenVPN are very secure, but you'll get faster performance with OpenVPN. I've also seen where users of L2TP/IPSec have problems with their connections and I believe it may be related to their firewall setup but it seems to be hard to figure out (you'll see some comments here where people are having problems). Hope this helps? And good luck to you in your setup!!
Would have been great with an instruction on how to connect via an iOS device!
You've just inspired a new video idea :)
If you haven't gotten your L2TP/IPSec VPN connection setup with your iOS device you should be able to do so with the following instructions.
1. On your iOS device go to Settings -> VPN
2. Tap on Add VPN Configuration.
3. From the Add Configuration screen change/enter the following:
- Type = L2TP - Description = Enter a description of your choice
- Server = Enter your public IP address or domain name
- Account = Enter your username for the L2TP/IPSec VPN connection
- Password = Either leave blank to be prompted every time or enter in the password to save it
- Secret = Enter in the pre-shared key you created earlier
- Send All Traffic = Enable this option
4. Click Done
5. From the VPN screen tap on the newly created L2TP/IPSec connection that you created and toggle the Status - Not Connected switch. If all goes well you should see the status change to Connected and you'll be on the VPN.
Hope this helps and good luck in your setup!!
@@digital_aloha that is so useful, thanks a lot my friend. /from Sweden.
Hi I have managed to set up VPN and connect on my Mac and shows as running and also Synology shows a connected in the connection list. However I am not able to ping or access any device on my network including my Synology. Do you have any suggestions?
Hi Adam, Glad you were able to get the VPN connection established, but it does no good if you can't get anywhere ;-). If you have the Synology NAS firewall enabled see what happens if you turn it off and try the connection after that. Other's seem to have issues when the firewall is enabled. Let me know how things turn out and I'll try it on my end and try to figure out the right firewall settings.
Great video! I followed it and was able to successfully setup my VPN server, but I cannot access local devices on my network (including the NAS). Any suggestions/tips on what to do? I'm authenticated to VPN and my public IP address has changed to that of the office where the Synology NAS/VPN is. On the VPN I have a private ip on he 10.2.0.x range and need to access a computer on the local network with an IP of 192.168.1.x. Thanks!
Hi Charles, Thanks for the compliment on the video!!
Sorry for the delay in getting back to you and I'm even more sorry that I don't have an answer for you. I just redid my setup going, through the video again, and everything works fine for me. The only thing I would suggest is to make sure all of the ports required for L2TP/IPSec are being passed through your router and/or firewall through to your Synology NAS. It may be that you can connect, but not use the VPN properly, because all ports aren't being passed through. For your reference the ports are UDP port 500, 4500 and 1701. Good luck to you!!
If you use the firewall of Synology, you have to add the vpn private network to firewall rules.
great video!
but i struggle with my firewall.
without the firewall, everything works fine : i get access to the LAN and to the Internet through the VPN
with the firewall, even though i authorized access to the open ports, I can only get access to the LAN but not the Internet anymore.
Do you have any suggestions so I can have both VPN and firewall, and still manage to access the internet? thx :)
Hi R. B., I'm happy you liked the video!! Regarding your firewall if you don't mind sharing the rules you have setup I can try to assist. Firewall rules can be quite challenging.