Simple, Secure & Free Remote Access to your Synology NAS
by Jimmy Li

Simple, Secure & Free Remote Access to your Synology NAS

A network-attached storage device (or NAS) is a great way to backup your files or your entire computer. But beyond just storage, a NAS is itself also a computer that can be used for example as a media server to access your photos or watch your movies. This works fine when you are at home, but what’s the best way to access your NAS when you are out and about?

There are some common approaches, but as the table below illustrates, they are cumbersome, insecure, and potentially expensive. We are excited to offer a new simple, secure, and free solution: Twingate Starter!

Twingate remote access does not require setting up a VPN, port forwarding, static IP addresses, or configuring DDNS
Twingate remote access does not require setting up a VPN, port forwarding, static IP addresses, or configuring DDNS

We’ve created a quick start guide below to walk you through the steps to get Twingate up and running on Synology, a popular NAS option, but the same concept would work for TrueNAS, Unraid, and others. Please join us at our community forum to share and discuss your experience and projects.

Prerequisites

The rest of this guide assumes that you have a couple components already installed. If not, please following these instructions first:

Sign up for Twingate

Twingate Starter is a new free plan that is designed for home and personal use. If you don’t have an account already, please click here and follow the simple steps to sign up for a Starter account and begin the initial setup. Creating an account is simple and you can choose to sign up using a Google, Github, or other existing account you have.

Add a Connector

The Twingate Connector is a piece of software that allows for secure access to your remote network and the devices connected to it (in this case, your Synology NAS). For it to work, you first need to deploy the Connector on your Synology NAS. Click on the remote network you just created and you should see a screen like the one below with two automatically generated Connectors (the names are random) that are not yet connected.

Add a Connector
Add a Connector

Choose one of the two Connectors and click on the “Deploy Connector” button. You’ll see a Controller configuration page like the one below with several deployment options. You can keep the default option (Docker).

Docker deployment

Add a Connector via Docker
Add a Connector via Docker

The next step is to generate tokens for the Connector. Scroll down to Step 2 and click the “Generate Tokens” button. You’ll see a popup like below asking you to re-authenticate using whichever account you used to sign up (e.g., Google). After doing so, you’ll come back to this page and see that two tokens have been generated. You will need these tokens in a little bit.

Generate tokens
Generate tokens

Install the Twingate Connector on your Synology NAS

Open Docker on your Synology NAS, click on “Registry” in the left side panel, search for twingate, select twingate/connector, and click “Download” to install it.

Install the Twingate Connector via Docker
Install the Twingate Connector via Docker

Click on the “Image” tab and you sould see the Connector. Select it and click on the “Launch” button. In the “General Settings” screen, give the Connector a name and then click on “Advanced Settings”.

Docker container general settings
Docker container general settings

Under “Advanced Settings”, go to the “Network” tab, and make sure to check the box next to “Use the same network as Docker Host”.

Docker container advanced settings
Docker container advanced settings

Next, go to the “Environment” tab and you should see several variables listed. Make sure that the REFRESH_TOKEN, ACCESS_TOKEN, and TENANT_URL variables are defined. For the first two variables, paste in the two tokens that you generated earlier. For the third variable, enter your Twingate URL (e.g., https://jlhome.twingate.com).

Docker container environment variables
Docker container environment variables

Click “Apply” to save the settings, then click “Next” and you should see a summary of the settings you configured. Make sure to check “Run this container after the wizard is finished” and click “Apply”. The container for your Twingate Connector should have been successfully created. Check in Docker that the container is running. If it is not, click the on/off toggle on the right.

Go back the Twingate web portal and you should see that the Connector’s status has automatically turned green, indicating that the Connector was successfully deployed.

Connector is connected
Connector is connected

Keeping the Twingate connector up to date

We regularly update our connector with improvements. Follow these steps to update your Docker container:

  • Go to the “Registry” tab and download the latest version of twingate/connector
  • Go to the “Container” tab and stop twingate/connector
  • Go to the “Actions” menu and select “Clear” (or might be named “Reset”)
  • Restart the twingate/connector container

Add a Resource

You’ve now set up a Connector on your Synology NAS. This Connector enables remote access for any device or service on your home network (called a “Resource” in Twingate). Go back to your Remote Network and click on the “Add Resource” link. You’ll see a popup like the one below. Click on the “CIDR Address” box, choose a Label name for the Resource, enter the local IP address of your Synology NAS (probably something like 10.x.x.x or 192.168.x.x), choose 5000 for the Port Restriction, and click “Add Resource”.

Add a Resource
Add a Resource

Congrats! Your Synology NAS is now enabled for secure remote access.

Setup is complete
Setup is complete

Set up the Twingate client

All that’s left to do now is to install Twingate on your device (we support Windows, Mac, Linux and have apps for iOS and Android) and access your Synology NAS. As an example, let’s walk through setting up the Twingate client on iOS.

First, download and install the iOS app here. Type in the Network URL that you chose when you signed up and tap “Join Network”. You’ll be automatically asked to log in using the same account you used to sign up. After signing in, you’ll land on the home screen, where you should already see your Synology NAS Resource listed. When you are connected to your Twingate network, a “VPN” icon will appear in the top bar of your screen.

To test it out, stay connected to Twingate, disconnect from your local network (e.g., by disabling WiFi), and navigate to your Synology NAS on your phone’s browser. You should be able to access it just as if you were at home.

Finally, disconnect from Twingate and try accessing it again — you should see that it’s inaccessible.

Congrats! You’ve finished setting up Twingate for Synology NAS. You can now securely access anything that you have running on your Synology NAS, such as:

  • Streaming photos, music, or videos stored on your NAS from anywhere
  • Monitoring and reviewing camera footage using Surveillance Station
  • Using your NAS as a file server that you can use from anywhere

Join us in the community forum to share how things went and what cool use cases you’ve discovered!

Client setup
Client setup

Sharing is Caring

Do you want to share access with a family member? You can easily do this from the Twingate web UI. Just go to the Team tab and click “Invite User” to send an email invitation. The recipient would simply follow the same steps to download the Twingate client, join your network, and get access to your Synology NAS, or any other resource you set up!

Invite other users
Invite other users

Featured Articles