Although the topic is hackneyed, nevertheless, many often experience difficulties - be it a novice system administrator or simply an advanced user who was forced by his superiors to perform the functions of an Enikey specialist. It’s paradoxical, but despite the abundance of information on VPNs, finding a clear option is a real problem. Moreover, one even gets the impression that one wrote it, while others brazenly copied the text. As a result, search results are literally cluttered with an abundance of unnecessary information, from which something worthwhile can rarely be extracted. Therefore, I decided to chew on all the nuances in my own way (maybe it will be useful to someone).

So what is a VPN? VPN (VirtualPrivateNetwork- virtual private network) is a generalized name for technologies that allow one or more network connections (logical network) to be provided over another network (including the Internet). Depending on the protocols and purposes used, VPN can provide three types of connections: node-node, node-network And network-network. As they say, no comments.

Stereotypical VPN scheme

VPN allows you to easily combine a remote host with the local network of a company or another host, as well as combine networks into one. The benefit is quite obvious - we can easily access the enterprise network from the VPN client. In addition, VPN also protects your data through encryption.

I don’t pretend to describe to you all the principles of VPN operation, since there is a lot of specialized literature, and to be honest, I don’t know a lot of things myself. However, if your task is “Do it!”, you urgently need to get involved in the topic.

Let's look at a problem from my personal practice, when I needed to connect two offices via VPN - a head office and a branch office. The situation was further complicated by the fact that there was a video server at the head office, which was supposed to receive video from the branch’s IP camera. Here's the task in brief.

There are many solutions. It all depends on what you have on hand. In general, a VPN is easy to build using a hardware solution based on various Zyxel routers. Ideally, it may also happen that the Internet is distributed to both offices by one provider and then you will not have any problems at all (you just need to contact the provider). If the company is rich, then it can afford CISCO. But usually everything is solved using software.

And here the choice is great - Open VPN, WinRoute (note that it is paid), operating system tools, programs like Hamanchi (to be honest, in rare cases it can help out, but I don’t recommend relying on it - the free version has a limit of 5 hosts and another significant disadvantage is that your entire connection depends on the Hamanchi host, which is not always good). In my case, it would be ideal to use OpenVPN, a free program that can easily create a reliable VPN connection. But, as always, we will follow the path of least resistance.

In my branch, the Internet is distributed by a gateway based on client Windows. I agree, it’s not the best solution, but it’s enough for three client computers. I need to make a VPN server from this gateway. Since you are reading this article, you are probably sure that you are new to VPN. Therefore, for you I give the simplest example, which, in principle, suits me.

The Windows NT family already has rudimentary server capabilities built into it. Setting up a VPN server on one of the machines is not difficult. As a server, I will give examples of Windows 7 screenshots, but the general principles will be the same as for old XP.

Please note that to connect two networks, you need to they had different range! For example, at the head office the range could be 192.168.0.x, and at the branch – 192.168.20.x (or any gray IP range). This is very important, so be careful. Now, you can start setting up.

Go to the VPN server in Control Panel -> Network and Sharing Center -> change adapter settings.

Now press the Alt key to bring up the menu. There, in the File item, you need to select “New incoming connection”.

Check the boxes for users who can log in via VPN. I highly recommend Adding a new user, giving it a friendly name and assigning a password.

After you have done this, you need to select in the next window how users will connect. Check the box “Via the Internet”. Now you just need to assign a range of virtual network addresses. Moreover, you can choose how many computers can participate in data exchange. In the next window, select TCP/IP version 4 protocol, click “Properties”:

You will see what I have in the screenshot. If you want the client to gain access to the local network in which the server is located, simply check the “Allow callers access to the local network” checkbox. In the “Assigning IP addresses” section, I recommend specifying addresses manually according to the principle that I described above. In my example, I gave the range only twenty-five addresses, although I could have simply specified two or 255.

After that, click on the “Allow access” button.

The system will automatically create a VPN server, which will lonely wait for someone to join it.

Now all that's left to do is set up a VPN client. On the client machine, also go to the Network and Sharing Center and select Setting up a new connection or network. Now you will need to select the item "Connecting to the workplace"

Click on “Use my Internet connection” and now you will be thrown out a window where you will need to enter the address of our Internet gateway at the branch. For me it looks like 95.2.x.x

Now you can call the connection, enter the username and password that you entered on the server and try to connect. If everything is correct, you will be connected. In my case, I can already ping any branch computer and request a camera. Now its mono is easy to connect to a video server. You may have something different.

Alternatively, when connecting, an 800 error may pop up, indicating that something is wrong with the connection. This is either a client or server firewall issue. I can’t tell you specifically - everything is determined experimentally.

This is how we simply created a VPN between two offices. Players can be united in the same way. However, do not forget that this will still not be a full-fledged server and it is better to use more advanced tools, which I will talk about in the following parts.

In particular, in Part 2 we will look at setting up OPenVPN for Windows and Linux.

• When choosing a connection protocol, think about how you will use the VPN. PPTP is known to be fast over a wireless network, but is less secure than L2TP and IPSec. Therefore, if you care about security, use L2TP or IPSec. If you connect to a VPN at work, your employer will likely tell you which protocol to choose. If you use your own VPN, choose a protocol that is supported by your ISP.
• When choosing a VPN provider, think about security. If you want to use a VPN to send documents and emails, or want to protect yourself while surfing the web, choose a VPN provider that offers SSL (TLS) or IPsec encryption. The SSL encryption protocol is the most popular. Encryption is a method of hiding data from outsiders. Also, choose a VPN provider that uses OpenVPN for encryption rather than PPTP. Several vulnerabilities have been found in PPTP in recent years; with OpenVPN generally considered a more secure encryption method.
• When choosing a VPN provider, think about privacy. Some providers monitor the activity of their clients and may alert the authorities if they become suspicious. If you want to keep your online activity private, choose a VPN provider that doesn't keep user logs.
• When choosing a VPN provider, consider the VPN's throughput. It determines how much data can be transferred. Keep in mind that high-quality videos and music files are larger in size and therefore require more bandwidth than text files and images. If you're only going to use a VPN to view and transfer sensitive documents, any VPN provider will provide sufficient bandwidth. But if you want to watch Netflix or play online games, for example, choose a VPN provider that allows you to use unlimited bandwidth.
• When choosing a VPN provider, consider whether you want to view content that is only available in other countries. When you browse the web, they receive your IP address, which determines your location. If you try to access content in another country, you may not be able to do so due to the IP address because there is no copyright agreement between countries for that content. Therefore, look for a provider with output servers - in this case you will have the IP address of the country you need. This way you can access content in another country using overseas servers. Choose a VPN provider that has servers in the country with the content you need.
• When choosing a VPN provider, consider whether you'll be connecting to the VPN on a computer or mobile device. If you travel a lot or use a mobile device (smartphone or tablet) frequently, choose a VPN provider that provides a VPN connection for mobile devices or even provides apps compatible with your mobile devices.
• When choosing a VPN provider, think about what kind of support you need. Read reviews and find information about customer support for a particular VPN provider. Some providers only provide phone support, while others can also be reached via live chat or email. Find a provider that offers a customer support experience that suits you. Also look for reviews (via a search engine such as Yandex or Google) about the provider to evaluate the quality of customer support.
• When choosing a VPN provider, think about how much you are willing to spend. Some VPN providers offer free services (such as Open VPN), but usually the services (features, bandwidth, support, etc.) will be reduced. Since there are many VPN providers out there, compare the prices and services of some of them. Surely you will find a provider who will provide the services you need at an affordable price.

In this article, we will take a closer look at the process of setting up a VPN server in the Windows Server operating system, and also answer the questions: What is a VPN and how to set up a VPN connection?

What is a VPN connection?

VPN (Virtual Private Network) is a virtual private network that is used to provide a secure connection to the network. A technology that allows you to connect any number of devices into a private network. As a rule, via the Internet.

Although this technology is not new, it has recently gained relevance due to the desire of users to maintain data integrity or privacy in real time.

This connection method is called a VPN tunnel. You can connect to a VPN from any computer, with any operating system that supports a VPN connection. Or a VPN-Client is installed, which is capable of forwarding ports using TCP/IP to a virtual network.

What does a VPN do?

VPN provides remote connection to private networks

You can also safely combine several networks and servers

Computers with IP addresses from 192.168.0.10 to 192.168.0.125 are connected through a network gateway, which acts as a VPN server. Rules for connections via the VPN channel must first be written on the server and router.

VPN allows you to safely use the Internet when connecting even to open Wi-Fi networks in public areas (in shopping centers, hotels or airports)

And also bypass restrictions on displaying content in certain countries

VPN prevents cyber threats from interception of information by an attacker on the fly, unnoticed by the recipient.

How VPN works

Let's look at how a VPN connection works in principle.

Let's imagine that transmission is the movement of a packet along a highway from point A to point B; along the path of the packet there are checkpoints for passing the data packet. When using a VPN, this route is additionally protected by an encryption system and user authentication to secure the traffic containing the data packet. This method is called “tunneling” (tunneling - using a tunnel)

In this channel, all communications are reliably protected, and all intermediate data transmission nodes deal with an encrypted package and only when the data is transmitted to the recipient, the data in the package is decrypted and becomes available to the authorized recipient.

VPN will ensure the privacy of your information along with a comprehensive antivirus.

VPN supports such certificates as OpenVPN, L2TP, IPSec, PPTP, PPOE and it turns out to be a completely secure and safe way to transfer data.

VPN tunneling is used:

1. Inside the corporate network.
2. Consolidation of remote offices, as well as small branches.
3. Access to external IT resources.
4. For building video conferences.

Creating a VPN, selecting and configuring equipment.

For corporate communications in large organizations or combining offices remote from each other, hardware is used that is capable of maintaining uninterrupted operation and security in the network.

To use the VPN service, the role of the network gateway can be: Linux/Windows servers, a router and a network gateway on which the VPN is installed.

The router must ensure reliable operation of the network without freezes. The built-in VPN function allows you to change the configuration for working at home, in an organization or in a branch office.

Setting up a VPN server.

If you want to install and use a VPN server based on the Windows family, then you need to understand that client machines Windows XP/7/8/10 do not support this function; you need a virtualization system, or a physical server on the Windows 2000/2003/2008/ platform 2012/2016, but we will look at this feature on Windows Server 2008 R2.

1. First, you need to install the “Network Policy and Access Services” server role. To do this, open the server manager and click on the “Add role” link:

Select the Network and Access Policy Services role and click next:

Select "Routing and Remote Access Services" and click Next and Install.

2. After installing the role, you need to configure it. Go to Server Manager, expand the "Roles" branch, select the "Network and Access Policy Services" role, expand it, right-click on "Routing and Remote Access" and select "Configure and enable routing and remote access"

After starting the service, we consider the configuration of the role complete. Now you need to allow users access to the server and configure the issuance of IP addresses to clients.

Ports that VPN supports. After the service is raised, they open in the firewall.

For PPTP: 1723 (TCP);

For L2TP: 1701 (TCP)

For SSTP: 443 (TCP).

The L2TP/IpSec protocol is more preferable for building VPN networks, mainly for security and higher availability, due to the fact that a single UDP session is used for data and control channels. Today we will look at setting up an L2TP/IpSec VPN server on the Windows Server 2008 r2 platform.

You can try to deploy on the following protocols: PPTP, PPOE, SSTP, L2TP/L2TP/IpSec

Let's go to Server Manager: Roles - Routing and Remote Access, right-click on this role and select “ Properties", on the “General” tab, check the IPv4 router box, select “local network and demand call”, and IPv4 remote access server:

Now we need to enter the pre-shared key. Go to the tab Safety and in the field Allow special IPSec policies for L2TP connections, check the box and enter your key. (About the key. You can enter an arbitrary combination of letters and numbers there; the main principle is that the more complex the combination, the safer it is, and remember or write down this combination; we will need it later). In the Authentication Provider tab, select Windows Authentication.

Now we need to configure Connection security. To do this, go to the tab Safety and choose Authentication Methods, check the boxes EAP and Encrypted Authentication (Microsoft version 2, MS-CHAP v2):

Next let's go to the tab IPv4, there we will indicate which interface will accept VPN connections, and also configure the pool of addresses issued to L2TP VPN clients on the IPv4 tab (Set the Interface to “Allow RAS to select an adapter”):

Now let's go to the tab that appears Ports, right-click and Properties, select a connection L2TP and press Tune, we will display it in a new window Remote access connection (incoming only) And On-demand connection (incoming and outgoing) and set the maximum number of ports, the number of ports must match or exceed the expected number of clients. It is better to disable unused protocols by unchecking both checkboxes in their properties.

List of ports that we have left in the specified quantity.

This completes the server setup. All that remains is to allow users to connect to the server. Go to Server Manager Active Directory – users – we find the user we want allow access press properties, go to the bookmark incoming calls

There is much more to setting up a private virtual network than just registering and activating it. Our guide will help you get the most out of this privacy and security tool.

Everyone should use a virtual private network (VPN), regardless of how they connect to the Internet: be it a computer or a smartphone. It may sound paranoid, but real threats do exist, and they are only getting worse. Attackers may try to intercept your personal information via a Wi-Fi network. And every time you go online, your Internet Service Provider (ISP) has access to everything you send, and Congress has given the green light to sell your anonymous information to advertisers. Across the vast Internet, advertisers and spies can track your browsing habits and location by looking at your IP address. And it sounds scary.

The fact is that the Internet was not designed to protect your privacy. It was created to facilitate the exchange of information, and not for user anonymity, privacy or encrypted communication. Although an HTTPS connection does a lot to protect your information, it does not protect against attacks on Internet providers or local networks, which in turn is a serious problem if you have ever used a connection that is not yours, for example, in a hotel or cafe.
And until a new, more private Internet arrives (it may never), using a VPN is the easiest way to make sure you're sharing as little personal information as possible. Make no mistake: You need a private virtual network.

What a VPN Can and Can't Do

As with other security tools, it's important to understand the limits of a VPN. After all, you wouldn't rely on a bulletproof vest to save you when you fall out of a plane, or that a parachute will stop a bullet.
When you enable a VPN, your traffic is sent through an encrypted tunnel to a server managed by the VPN company. This means that neither your ISP nor anyone (or anything) else connected to your router will see your Internet traffic. Your traffic goes to the Internet through the VPN server. If you go to a site that does not use an HTTPS connection, your traffic will no longer be encrypted.

And since your traffic originates from the VPN server, your real IP address is safely hidden. This is important because IP addresses are distributed geographically and can be used to determine your location. And if someone tries to find out your IP address, they will see the IP address of the VPN server. And this can come in handy if you want to spoof your location. By connecting to a VPN server in London, you can make it appear as if you are accessing the Internet from the UK.
Here's what a VPN can NOT do: make your traffic completely anonymous. For this purpose, you are better off using services such as Tor. This excellent anonymization tool can be easily accessed through a special version of the Firefox browser. Instead of passing your data through a single intermediary (via a VPN server), Tor routes your information through several different computers on the Tor network. This makes the process of tracking your activity and your online presence much more difficult.

On top of that, websites can track your movements through cookies, browser collection of personal information, online trackers and other clever devices. Using an ad blocker like Privacy Badger helps quell these observant pests while also making it harder for advertisers to track your movements online.
Finally, just because you have a private virtual network doesn't mean you can forget about basic security rules. Although some VPNs claim that they can block viruses, we recommend separate antivirus software for your computer as it was designed specifically to protect your computer from malware.

Also, you are better off using a password manager because using the same password over and over again is often the main cause of hacking or infection. Another caution is to use your instincts when opening links or attachments in emails. Phishing attacks—attacks where a hacker uses a fake website that's copied from a real one to trick you into entering your personal information—are so common that they've become almost commonplace, so be careful.

How to choose a VPN

When choosing a VPN, there are a few key points to consider. For example, a VPN service should allow you to connect five devices simultaneously, at a minimum. We also pay attention to whether the VPN service allows you to use BitTorrent traffic on its servers. Some allow it and some don't, so pay attention to that because you don't want to be disappointed with the company you pay a monthly fee to.

Speaking of fees, the average cost of a VPN is $10.53 per month. If a VPN service charges a monthly fee more than this, it doesn't mean they're ripping you off, but they should be offering something substantial in return. For example, a better interface or more server locations to sweeten the deal a little. You'll usually be offered a discount if you sign up for a long-term contract, but we don't advise you to do this until you're completely sure you're happy with the service.

Please read the terms of service carefully before purchasing a VPN. This document will highlight what information the VPN service stores and what it does with this information. Many companies claim that they do not keep traffic logs, which is excellent. Others go further and claim that they do not monitor user activity at all. And this is important because the VPN has access to all the information you are trying to protect from others. In the best conditions of service, all of the above points are transparently traced, but in the worst conditions, on the contrary, everything is vague, with a lot of references to details and to the law. If you feel like you are deciphering Petka's letter when reading one of these documents, rest assured that you need to contact another service. TunnelBear, for example, clearly and transparently explains its services in easy to understand language.

It's also a good idea to look at where the VPN company is located. Remember that this is not always the physical location of the company, but a legal aspect that indicates under whose jurisdiction the company operates. For example, NordVPN is located in Panama, and ProtonVPN is located in Switzerland. This means that these companies are not subject to data retention laws under which security agencies can access the information stored on them. Another example, Hide My Ass VPN is based in the UK, where similar laws are more severe.
The most important thing when choosing a VPN is trust. So if the location, price or terms of service do not inspire confidence in you, then try another service.

The best VPN services in 2019:

Paid or free VPN

We recently conducted a survey of 1,000 people about VPN use. According to our results, 62.9% of respondents say they are unwilling to pay more than $5, and 42.1% say they want to use a free VPN.
Unfortunately, most VPN services are far from providing their services free of charge. Or at least less than $5. But you don't have to break a bank to be protected. After trial use of the service for 1-2 months, you can sign up for a long-term contract, thereby reducing your costs. Private Internet Access VPN is an excellent and affordable service that costs just $6.65 per month for its services (no frills).

Most VPN services offer a trial period, which is usually limited in time. Others, like TunnelBear and AnchorFree Hotspot Shield Elite, offer completely free versions of their products, but with some restrictions that do not apply to paid users. For example, TunnelBear keeps records of the data of its free users. But the free version of Hotspot Shield runs on advertising. ProtonVPN, makers of the secure email service ProtonMail, also has a limited trial period.
The Opera browser has a built-in free VPN and does not charge anything to use it. Opera also offers excellent VPN apps separately for iOS and Android, completely free, keeping you protected wherever you go.

Let's get started

Once you install the service, the first thing you should do is download the company's app. There are usually special download pages for this on the VPN service's website. So go ahead, download the app on your mobile devices too; The more devices you protect, the better for you. In most cases, you pay once to subscribe to a certain number of licenses (usually five), and then you can use the service on any device that has a dedicated app.
We have discovered that when VPNs are released for Mac, the versions of apps in the Mac App Store may sometimes differ from the versions available on the VPN service's website. Apparently, this happens due to Apple restrictions. Through trial and error, of course, you can find out which version will work for you, but we did it for you in our reviews.

Once you have installed the application, you will be prompted for input information. In most cases, this is the username and password you provided when registering. Some companies, such as Private Internet Access, assign you a username that is different from your payment information to ensure greater user privacy.
Once you're logged in, your VPN app connects to the VPN server closest to you. This is done to ensure better speed over the VPN, as latency and speed reductions increase as the distance between your actual location and the VPN server's location increases. That's it: your information is now routed through a secure tunnel to the VPN server.

Keep in mind that you don't have to install the company's VPN app. Instead, you can configure your device's network settings to connect directly to the VPN service. If you are concerned about possible surveillance "under the hood" of the application, then this option is good for you. Most VPN services have instructions for setting up your device.

Server selection

Sometimes you might not want to connect to a server that a VPN app recommends. You might want to spoof your location, use BitTorrent over a VPN, or want to take advantage of some of the customized servers your VPN company provides you with.
Many VPN companies include an interactive map in their apps. For example, in NordVPN you can click on a country to connect to its servers. This is an accessible way to understand where your information is going, and there will likely be a list of servers you can choose from.

Choosing a server depends entirely on what you want to do. For security and speed, you better choose a server near you. To access region-specific content, you must select a server in the appropriate region. For example, if you want to watch the BBC, you're better off connecting to a UK tunnel. Some VPN companies, KeepSolid VPN Unlimited and NordVPN, for example, have dedicated servers for video streaming.

These special servers are useful because streaming services like Netflix block VPNs. We are talking about licensed content that is protected by studios and Netflix itself. For example, Netflix has the rights to provide Star Trek: Discovery outside the US, but inside the US you need to pay for CBS's All Access service.
It would also be a good idea to check whether your BitTorrent VPN service allows traffic on all servers or only on special ones. NordVPN, like many other services, makes it clear that it does not allow torrenting. But TorGuard, for example, has nothing against this and allows you to use torrents on all the company’s servers.

Services like NordVPN and ProtonVPN have advanced security options, such as Tor network access or multi-hop VPN. As noted earlier, Tor is a tool for providing a higher level of privacy. It allows you to access hidden websites on the so-called Dark Web. A multi-hop VPN works in a similar way: instead of routing your traffic through one VPN server, a multi-hop connection will transfer you first to one server and then to another. Both proposals work to the benefit of privacy, but at the expense of speed.
If you decide to ignore third-party apps and configure your network settings manually, you may have to enter information for each VPN server separately.

Advanced settings

The feature set of each private virtual network differs from service to service, so we can only generalize and guess what you might see when you open the settings panel. But we recommend that you read the documentation and try clicking the buttons. The best way to learn how to use something is to experience it, after all.
Most VPN services include a Kill-Switch feature. Once enabled, this option prevents the computer from receiving or transmitting information over the Internet while the VPN is turned off. This feature is useful when your computer is disconnected from the VPN and can transmit (or receive) bits of information over an unencrypted connection.

Many services offer the option to select a VPN protocol. It looks scary because the protocols have strange, unclear names, and companies rarely provide information about what will happen if the protocol is changed. Overall, this is the kind of thing you can leave alone.
But if you are still interested, then OpenVPN is the protocol we recommend. It is in the public domain, so a lot of eyes have looked at it for possible vulnerabilities. IKEv2 is a good, secure replacement if OpenVPN is not available. Keep in mind that on some platforms, like macOS and iPhone, OpenVPN is not always available due to additional restrictions placed on developers.

When to use a VPN

To ensure the highest level of security, you should use private virtual networks as often as possible, and ideally all the time. But this is ideal, which is not always achievable. At a minimum, you should use a VPN if you are using a network that you do not control, and especially if it is a public Wi-Fi network. But more often than not, we recommend that users configure their VPN apps to keep them running for as long as possible. You can always switch off if it starts to bother you.

VPNs for Android and other mobile devices are a bit more complicated, particularly when you frequently move in and out of mobile network coverage. Every time you lose and re-gain connection data, the VPN also reconnects, adding to the tedious wait. It's also the least likely that your mobile traffic will be intercepted, but we've seen research that shows it's possible. Given the fact that law enforcement and intelligence agencies have virtually unfettered access to telecommunications data, here's a good tip: use a VPN even while using a cellular connection. In addition, most mobile devices can automatically connect to familiar Wi-Fi networks. At a minimum, you should use a VPN while connected via Wi-Fi, because it's easy to spoof a Wi-Fi network.

Many VPN services provide settings for how and under what circumstances they should reconnect if the connection is lost. We honestly can't think of a reason why you wouldn't want your VPN service to try to reconnect, so we encourage everyone to make sure your settings are set correctly.
If you're concerned that a VPN is slowing down your connections or blocking important traffic, then you need to look at the split tunneling option. Again, different companies give this option a different name, but the gist of it is that it will allow you to configure applications that will use the VPN connection for their traffic, and applications that will work normally. For example, TunnelBear includes an option to not tunnel Apple apps so they can function on the Mac. Streamers and gamers in need of a VPN will certainly be interested in this option.

How to Use a VPN to Stream via Chromecast or AirPlay

Chromecast and AirPlay let you stream music and video from your computer or mobile device to speakers, TVs, and other streaming devices. But they all require Wi-Fi, which can be problematic if you're using a VPN.
When VPN is enabled, your traffic travels through an encrypted tunnel, which prevents devices connected to the same Wi-Fi network from detecting each other. This is how it should work, because you don't want anyone just being in range of your network to find out what you're doing. Sad to say, this also means Chromecast and AirPlay won't work while you're using a VPN.

The simplest solution is to turn off the VPN, but it is not the only one. You can use split tunneling, as noted earlier, to route only the traffic you want to protect through the VPN. You can also enable the VPN-browser plugin; it only encrypts browser traffic and nothing else.
Alternative solution: You can install a VPN on your router. After this, all devices connected to your router (from your phone to your smart juicer) will use encrypted traffic. This is an excellent solution for well-equipped smart homes.

Private virtual networks are not nuclear physics

VPNs may seem like some mystical security tool at first glance, but many companies work hard to make them clear and easy to use. Most of them are no longer difficult. That's how it should be. And while it’s never a good idea to shell out money for protection from potential threats, a VPN is one of the best and easiest ways to protect your network traffic from... Yes, everything.

The best VPN services in 2019:

Denial of responsibility: This article is written for educational purposes only. The author or publisher did not publish this article for malicious purposes. If readers would like to use the information for personal gain, the author and publisher are not responsible for any harm or damage caused.

Increasingly, situations arise in which users on the go need to access their home network and network storage. To minimize risks in unencrypted wireless networks during such actions, it is recommended to organize a “virtual private network” (VPN). The advantage of such a VPN connection compared to a solution using a dynamic domain name system: you have a direct connection to your entire home network, the same as if you were sitting at home in your office. In this article, we will show you how to set up the VPN feature on your Synology NAS and configure your devices.

1 VPN connection to Synology NAS

The most important conditions are that your Synology NAS has the latest version of the DiskStation Manager (DSM) operating system installed and remote access is configured. In this case, launch the “VPN Server” component in the control center, located in the “Utilities” section. Now you can choose one of three connection options. Since “PPTP” is considered insecure, and “OpenVPN” is not fully supported by mobile devices, click “L2TP/IPSec” in the left section (“Settings”) and activate the function. Settings that have already been entered, such as the “Dynamic IP address” assigned to devices connected via VPN, do not need to be changed. You just need to enter a strong password in the “Preset password” item and repeat it in the “Confirm preset password” item. Save the changes by clicking the “Accept” button and confirm by clicking “OK” the message about forwarding UDP ports 500, 1701 and 4500.

Important: If you are using a network storage firewall, you should open the above ports. In addition, in the “VPN Server” dialog box, you must select “Privileges” and limit the rights of users who are not allowed access via VPN. To avoid these actions in the future, select the “General Settings” section in the left column and uncheck the “Grant VPN access rights for new users” checkbox. Users with VPN access rights are listed in the “Protocol” section. Network storage systems manufactured by Asustor and Qnap also support VPN access. The setup is almost the same: launch the application (Asustor - “VPN server”, Qnap - “QVPN service”), select the VPN type and enter the necessary information.

2 Configuring port forwarding on the router

In order for a router to forward data packets coming from the Internet to the required devices, it must "know" which network clients those devices are. To do this, you need to configure port forwarding on it. This is done using the router configuration mask. Open a web browser and log into your router through the web interface.

Then click on the menu item “Internet | Permissions" and activate the "Port Forwarding" tab to configure forwarding. Scroll down to “Add an allowed device” and select your network storage. After clicking the “New Resolution” button, select the “Port Allowance” option, then in the “Application” section, select “Filter Name” and enter a name, for example “VPN server”. In the “Protocol” section, select “UDP”, in the “Port to device”, “To port” and “Desired external port (IPv4)” items, enter the number “500” and confirm the entry by clicking “OK”. Then configure forwarding of UDP ports 1701 and 4500 in the same way. Save the settings by clicking the “OK” button.

3 Create a VPN connection with Windows 10

After carrying out the preparatory actions, you can check whether everything worked out. Ideally, your first VPN access should be from your local computer, so that if problems arise, you have access to both the router and the network storage, and therefore can make changes quickly. When working with Windows 10, setup is quite simple. Select “Network and Internet” in the “Settings” section, select “VPN” in the left column, click on the “Add a VPN connection” link and enter the required data. In the “VPN Service Provider” menu, select “Windows (built-in)”; you can specify any connection name, for example “VPN-NAS”. In the “Server name or address” section, enter the dynamic DNS address of your Synology NAS, and in the “VPN Type” select “Automatic”. Confirm your entry with the “Save” button, then click on the VPN icon and select “Connect”.

In the Register dialog box, enter the information you are using to connect to the online storage and click OK. After a few seconds (while Windows 10 and the NAS communicate about the VPN type), a connection will be created and you will be able to access all resources available on your home network, including the Synology NAS configuration mask.

4 Setting up VPN on mobile devices

Access to network storage via VPN is also possible from mobile devices. However, setting them up is a little more complicated than in Windows 10.

Android: open “Settings”, in the “Network connections” item click “Advanced settings” and add a new connection by clicking on “+”. After that, in the “Type” section, select “L2TP/IPSec PSK”, enter “Server Address” (the dynamic DNS address of your storage), as well as “IPsec Pre-shared Key” (that is, the password specified in step 1), then click "Save". Finally, tap the new connection, enter your username and password, enable the “Save account details” option and tap “Connect.”

iOS: Go to Settings | Basic | VPN | Add VPN" and in the "Type" select "L2TP". After this, enter the data in “Description”, in the “Server” item indicate the dynamic DNS address of your network storage and, finally, in the “Secret Password” item - the password specified in step 1. Enter your access data in the “Login” and “Password” sections. Then click "Done", return to the previous dialog box and set the switch under "VPN Configuration" to "On" to establish the connection.