Hey there! Ever found yourself needing to access your Synology NAS while away from home? I sure have. Setting up remote access can be a bit daunting, especially with all the VPN configurations and security concerns. But guess what? I discovered Tailscale, and it’s been a game-changer for me. In this guide, I’ll walk you through how to set up Tailscale on your Synology NAS, so you can securely access your files from anywhere without the usual VPN headaches.

Why Choose Tailscale for Your Synology NAS?

Tailscale is a modern solution for secure remote access. Built on top of WireGuard, it provides a device-to-device VPN that’s both secure and easy to set up. Unlike traditional VPNs, Tailscale doesn’t require port forwarding or a public IP address. This means you can disable QuickConnect and ensure your NAS is only accessible through your local network or Tailscale itself.

✔️
The best part? Tailscale is completely free for personal use!

Understanding Tailscale and VPNs

Before we dive in, let’s understand what makes Tailscale different from traditional VPNs. Traditional VPNs often require complex setups, including port forwarding and managing public IP addresses. They can also introduce latency due to relay servers.

Tailscale Inc is a private company that produces software called Tailscale. This software leverages WireGuard to create a secure mesh network known as a tailnet. In this mesh network, all your devices can communicate directly and securely over the internet, without the need for centralized VPN servers.

💡
Tailscale uses the CGNAT subnet for internal routing, ensuring no interference with your existing network setup.

Benefits of Using Tailscale

Here are some reasons why I recommend Tailscale for your Synology NAS:

  • No Port Forwarding Needed: Simplifies your network configuration.
  • Enhanced Security: Secure, encrypted connections using WireGuard.
  • Easy Setup: Minimal configuration compared to traditional VPNs.
  • Free for Personal Use: Generous free tier suitable for most home users.
  • Versatile Access: Perfect for remote backups, file access, and more.
✔️
Tailscale makes it incredibly easy to back up from one NAS to another, enhancing your data redundancy and peace of mind.

How Tailscale Works

Tailscale establishes secure, peer-to-peer connections between your devices. It uses the STUN protocol to efficiently traverse network firewalls, allowing direct communication over the internet. This means faster speeds and lower latency compared to traditional VPN solutions that rely on relay servers.

By adding your devices to your tailnet, you can access them remotely as if they were on the same local network. Plus, you can share access with others by sending them an invite link, making collaboration effortless.

💪
Unlike QuickConnect, Tailscale doesn’t rely on a relay server that can slow down your file transfers.

Zero Trust Networking

Tailscale employs a zero-trust networking model, meaning each device must authenticate and authorize connections individually. This enhances security by ensuring that only approved devices can connect to your tailnet.

Installing Tailscale on Your Synology NAS

Now, let’s get our hands dirty and install Tailscale on your Synology NAS. Don’t worry; it’s simpler than you might think!

Prerequisites

  • A Synology NAS running DSM 6.2 or higher.
  • Administrative access to your NAS.
  • An account with an identity provider (Google, Microsoft, GitHub, etc.).
  • A device on the same local network as your NAS for initial setup.

Step-by-Step Installation Guide

  1. Log in to DSM: Access your Synology DiskStation Manager (DSM) by entering your NAS’s local IP address in your web browser.
  2. Open Package Center: Navigate to the Package Center from the main menu.
  3. Install Tailscale: In the Package Center, use the search bar to find “Tailscale” and click the install button. Follow the on-screen instructions to complete the installation.
  4. Verify Local Connection: Ensure you’re connected locally by checking the IP address in your browser’s address bar (e.g., 192.168.x.x). If you’re using QuickConnect or accessing remotely, switch to a local connection.
  5. Open Tailscale: Once installed, open the Tailscale app from the main menu. If prompted with a security warning, proceed to the next step.
  6. Authenticate: Click on “Log in” and choose your preferred identity provider (Google, Microsoft, GitHub, etc.). You’ll be redirected to a login page to authorize Tailscale.
If you encounter an error opening Tailscale, double-check that you’re connected to the same local network as your NAS and that your firewall settings allow local connections.

Authentication and Security

Tailscale uses a zero-trust model, which means it doesn’t rely on traditional username/password authentication. Instead, it uses your chosen identity provider for secure access. This adds an extra layer of security and convenience, as you don’t have to manage separate credentials for your NAS.

💡
Your devices authenticate using rotating keys. For always-on devices like your NAS, you can disable key expiry in the Tailscale admin console under “Machines” by selecting your NAS and choosing “Disable key expiry.”

Configuring Tailscale for Remote Access

With Tailscale installed, let’s configure it for remote access to your Synology NAS.

Installing Tailscale on Other Devices

To access your NAS remotely, you’ll need Tailscale on your other devices too. Here’s how:

  • Computers: Install Tailscale on your macOS, Windows, or Linux machines by downloading it from the official website.
  • Mobile Devices: Get the Tailscale app for your iOS or Android devices from the App Store or Google Play Store.

Connecting to Your NAS Remotely

Once Tailscale is installed on all your devices, they will be part of your tailnet. To access your NAS:

  1. Open Tailscale on your device and ensure it’s connected. Log in using the same identity provider you used on your NAS.
  2. Find your NAS’s Tailscale IP address from the Tailscale admin console or the Tailscale app on your device.
  3. Enter the IP address in your file explorer, web browser, or Synology apps like DS File.
✔️
You can now access your Synology NAS securely from anywhere in the world!

Using Tailscale for Network Drive Mapping

Synology NAS device next to a laptop with active LED indicators.
Synology NAS alongside a laptop, ready for use.

One of my favorite features is mapping network drives over Tailscale. This allows you to access your NAS shares as if they were local drives, even when you’re halfway around the world.

For Windows Users

To map a network drive in Windows:

  1. Open File Explorer.
  2. In the address bar, type \\ and press Enter.
  3. Enter your NAS credentials when prompted.
  4. Browse to the shared folder you want to map.
  5. Right-click on the folder and select “Map network drive.”
  6. Choose a drive letter and ensure “Reconnect at sign-in” is checked if you want it to persist.
💪
Ensure that SMB services are enabled on your NAS under Control Panel > File Services > SMB/AFP/NFS.

For macOS Users

To connect on macOS:

  1. In Finder, press Command + K to open “Connect to Server.”
  2. Enter smb:// and click Connect.
  3. Provide your NAS username and password when prompted.
  4. Select the shared folder you want to access.
  5. To make the connection persistent, drag the share to your Dock or add it to your Login Items under System Preferences.
💪
You’ll need to repeat these steps each time you reconnect unless you choose to save the login details or set up a persistent connection.

Advanced Use: Backing Up Between Synology Devices

If you have multiple Synology NAS devices, Tailscale makes it easy to back up between them over the internet. This is perfect for off-site backups, enhancing your data redundancy.

Overcoming Synology’s Default Restrictions

By default, Synology’s firewall settings prevent outbound connections through Tailscale. This means that if you try to use a Tailscale IP in Hyper Backup, it won’t work without some adjustments.

If you try to use a Tailscale IP in Hyper Backup without adjustments, it won’t work due to default firewall rules blocking outbound connections.

Running a Custom Script

We’ll create a scheduled task that runs a script to reconfigure the host networking. This will allow your NAS to initiate outbound connections through Tailscale.

Steps to Create the Scheduled Task:

  1. Create a Scheduled Task: In DSM, go to Control Panel > Task Scheduler > Create > Triggered Task > User-defined script.
  2. Name the Task: Call it “Tailscale Up” and set it to run as root under the “General” tab.
  3. Insert the Script: Under the “Task Settings” tab, paste the following code:
/volume1/@appstore/Tailscale/bin/tailscale up --accept-routes
  1. Set the Schedule: Under the “Schedule” tab, choose “Run on the following date” and set it to “Boot-up.”
  2. Save and Run: Save the task and run it manually to apply changes immediately without rebooting.
💡
Running this script allows your NAS to initiate outbound connections through Tailscale, enabling functions like Hyper Backup over Tailscale IPs.

Security Considerations

While this script requires root access, rest assured that Tailscale is open-source and vetted by Synology. However, always exercise caution when granting elevated permissions and ensure you’re comfortable with the changes.

Setting Up Hyper Backup Over Tailscale

Now that your NAS can initiate outbound connections, you can set up Hyper Backup:

  1. Open Hyper Backup on your source NAS.
  2. Create a new backup task and select “Remote NAS device.”
  3. Enter the destination NAS’s Tailscale IP address.
  4. Provide the username and password of an account on the destination NAS with appropriate permissions.
  5. Follow the on-screen instructions to complete the backup setup.
✔️
Your NAS devices can now back up to each other securely over Tailscale, without exposing any services to the public internet!

Troubleshooting and Final Thoughts

If you update the Tailscale package, you might need to rerun the “Tailscale Up” task or reboot your NAS. This ensures the host networking configuration remains intact.

There’s so much more Tailscale can do, from advanced network configurations to custom access controls. For instance, you can set up subnet routing, use Magic DNS for easier device naming, and even integrate with cloud services.

I encourage you to explore the Tailscale Knowledge Base for more insights and advanced configurations that can further enhance your network setup.

✔️
By leveraging Tailscale, you’ve taken a significant step toward mastering secure remote access to your Synology NAS!

Conclusion

Thanks for sticking with me through this guide! Setting up Tailscale on your Synology NAS opens up a world of possibilities for secure, remote access. Whether you’re managing backups between devices, accessing your files on the go, or collaborating with others, Tailscale makes it simple and efficient.

If you have any questions or run into any issues, feel free to drop a comment below. I’m here to help you make the most out of your NAS setup!

Happy networking!

Categorized in:

Servers, Tech, Tutorials,