Simple, Secure & Free Remote Access to your Synology NAS
A network-attached storage device (or NAS) is a great way to backup your files or your entire computer. But beyond just storage, a NAS is itself also a computer that can be used for example as a media server to access your photos or watch your movies. This works fine when you are at home, but what’s the best way to access your NAS when you are out and about?
There are some common approaches, but as the table below illustrates, they are cumbersome, insecure, and potentially expensive. We are excited to offer a new simple, secure, and free solution: Twingate Starter!
We’ve created a quick start guide below to walk you through the steps to get Twingate up and running on Synology, a popular NAS option, but the same concept would work for TrueNAS, Unraid, and others. Please join us at our community forum to share and discuss your experience and projects.
The rest of this guide assumes that you have a couple components already installed. If not, please following these instructions first:
Twingate Starter is a new free plan that is designed for home and personal use. If you don’t have an account already, please click here and follow the simple steps to sign up for a Starter account and begin the initial setup. Creating an account is simple and you can choose to sign up using a Google, Github, or other existing account you have.
The Twingate Connector is a piece of software that allows for secure access to your remote network and the devices connected to it (in this case, your Synology NAS). For it to work, you first need to deploy the Connector on your Synology NAS. Click on the remote network you just created and you should see a screen like the one below with two automatically generated Connectors (the names are random) that are not yet connected.
Choose one of the two Connectors and click on the “Deploy Connector” button. You’ll see a Controller configuration page like the one below with several deployment options. You can keep the default option (Docker).
The next step is to generate tokens for the Connector. Scroll down to Step 2 and click the “Generate Tokens” button. You’ll see a popup like below asking you to re-authenticate using whichever account you used to sign up (e.g., Google). After doing so, you’ll come back to this page and see that two tokens have been generated. You will need these tokens in a little bit.
Open Docker on your Synology NAS, click on “Registry” in the left side panel, search for
twingate/connector, and click “Download” to install it.
Click on the “Image” tab and you sould see the Connector. Select it and click on the “Launch” button. In the “General Settings” screen, give the Connector a name and then click on “Advanced Settings”.
Under “Advanced Settings”, go to the “Network” tab, and make sure to check the box next to “Use the same network as Docker Host”.
Next, go to the “Environment” tab and you should see several variables listed. Make sure that the
TENANT_URL variables are defined. For the first two variables, paste in the two tokens that you generated earlier. For the third variable, enter your Twingate URL (e.g.,
Click “Apply” to save the settings, then click “Next” and you should see a summary of the settings you configured. Make sure to check “Run this container after the wizard is finished” and click “Apply”. The container for your Twingate Connector should have been successfully created. Check in Docker that the container is running. If it is not, click the on/off toggle on the right.
Go back the Twingate web portal and you should see that the Connector’s status has automatically turned green, indicating that the Connector was successfully deployed.
We regularly update our connector with improvements. Follow these steps to update your Docker container:
- Go to the “Registry” tab and download the latest version of
- Go to the “Container” tab and stop
- Go to the “Actions” menu and select “Clear” (or might be named “Reset”)
- Restart the
You’ve now set up a Connector on your Synology NAS. This Connector enables remote access for any device or service on your home network (called a “Resource” in Twingate). Go back to your Remote Network and click on the “Add Resource” link. You’ll see a popup like the one below. Click on the “CIDR Address” box, choose a Label name for the Resource, enter the local IP address of your Synology NAS (probably something like
192.168.x.x), choose 5000 for the Port Restriction, and click “Add Resource”.
Congrats! Your Synology NAS is now enabled for secure remote access.
All that’s left to do now is to install Twingate on your device (we support Windows, Mac, Linux and have apps for iOS and Android) and access your Synology NAS. As an example, let’s walk through setting up the Twingate client on iOS.
First, download and install the iOS app here. Type in the Network URL that you chose when you signed up and tap “Join Network”. You’ll be automatically asked to log in using the same account you used to sign up. After signing in, you’ll land on the home screen, where you should already see your Synology NAS Resource listed. When you are connected to your Twingate network, a “VPN” icon will appear in the top bar of your screen.
To test it out, stay connected to Twingate, disconnect from your local network (e.g., by disabling WiFi), and navigate to your Synology NAS on your phone’s browser. You should be able to access it just as if you were at home.
Finally, disconnect from Twingate and try accessing it again — you should see that it’s inaccessible.
Congrats! You’ve finished setting up Twingate for Synology NAS. You can now securely access anything that you have running on your Synology NAS, such as:
- Streaming photos, music, or videos stored on your NAS from anywhere
- Monitoring and reviewing camera footage using Surveillance Station
- Using your NAS as a file server that you can use from anywhere
Join us in the community forum to share how things went and what cool use cases you’ve discovered!
Do you want to share access with a family member? You can easily do this from the Twingate web UI. Just go to the Team tab and click “Invite User” to send an email invitation. The recipient would simply follow the same steps to download the Twingate client, join your network, and get access to your Synology NAS, or any other resource you set up!
Visualize and Analyze Network Log Data with Twingate and Datadog
Improve security and monitoring by making real-time network log data observable with Twingate and Datadog.