How to Deploy a Connector on a Synology NAS running DSM 7.x or later

Install a Connector on a Synology NAS device to enable remote access to your network

Synology NAS devices, despite their name (“network attached storage”) aren’t only for adding shared storage on a network. Synology NAS devices are actually servers that can provide a variety of different services beyond file sharing - and this includes hosting a Twingate Connector!

Installing a Twingate Connector on a Synology NAS allows you to make the Synology, and any other device on the same network (e.g. computers, webcams, network-connected printers), remotely accessible in a manner that’s more secure and easy than other options, like setting up a VPN server or port forwarding on a router.

Synology DiskStation and RackStation devices run on an operating system called Synology DiskStation Manager (DSM), which is based on Linux. Below is how to install and provision a Connector on a Synology NAS that is running DSM version 7.0 or later. If your Synology NAS is running an earlier version of DSM, please use the Synology NAS DSM 6 guide to deploy a Connector.

Prerequisites

If you do not have a Remote Network set up, you can add one on the Network page of the Twingate Admin Console.

Add a Remote Network
Add a Remote Network
  • On the details page of the new Remote Network, pick one of the two pre-created Connectors and click Deploy Connector.

  • Click on Docker then Generate Tokens, then Authenticate when prompted.

  • Scroll down and click the toggle for any of the options you want to apply, such as custom DNS or local connection logging, then scroll to the bottom of the page and copy the deploy command - we will need it later.

  • While connected to the same network your Synology NAS is on, sign into the DSM web admin interface with a new browser tab or window. This is typically found at https://X.X.X.X:5001 by default (where X.X.X.X is the IP address of your NAS).

DSM Instructions

To deploy a Connector in Synology DSM 7.2+, we will be using the built-in Docker Compose service. Create a folder called “twingate-connector” under your docker configuration in File Station:

Creating a Folder
Creating a Folder

On your computer, create a file called compose.yaml with the following content:

services:
twingate-connector:
image: twingate/connector:latest
environment:
- TWINGATE_NETWORK=<TENANT NAME>
- TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
- TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>

Note: you can add more parameters to your YAML file depending on how you want to configure your Connector. Take a look at our Docker Compose examples.

On your NAS, open Container Manager. Under Project, click “Create”:

Creating a Project
Creating a Project

Call your project “twingate-connector”. Point the “Path” to the folder you just created and upload your YAML file by clicking “Browse”. Once done, your project should look like this:

Pending Project
Pending Project

In the Twingate Admin Console, create a new Connector in your Remote Network and generate an Access Token and Refresh Token for it (those will be required for the next step):

Twingate Connector Screen
Twingate Connector Screen

Back on the Synology side, replace the following parameters in your Container Manager project:

  • TENANT NAME: replace with your Twingate tenant / network name (the tenant in https:\\tenant.twingate.com\networks of the Admin Console)
  • TWINGATE_ACCESS_TOKEN: see token from Admin Console
  • TWINGATE_REFRESH_TOKEN: see token from Admin Console

Once replaced, click “Next”:

Completed Project
Completed Project

Click “Next” on the next screen:

Web Portal Settings
Web Portal Settings

Check “Start the project once it is created” and click “Done”

Project Summary
Project Summary

The Twingate Connector will get deployed automatically with an exit code of 0:

Deployed Connector in DSM 7.x
Deployed Connector in DSM 7.x

You should now see the live Connector in your Admin Console:

Live Connector in Twingate Admin Console
Live Connector in Twingate Admin Console

You can now access your network with a device that has a Twingate Client installed and is signed into your Twingate account. In order to access the NAS, you need to add it as a Resource in the Twingate Admin Console, using the IP address you would use to access it when you are directly connected to the local network it’s on. You can follow the Resources guide for more information on how to add Resources.

Update Process

To update the Connector, check under “Image” in Container Manager. If “Update Available” appears, a new version of the Connector has become available:

Container Manager
Container Manager

Click “Update available”, then click “Update”:

Update Image Screen
Update Image Screen

Acknowledge the warning and click “Update”:

Update Confirmation
Update Confirmation

Your image will be downloaded and applied to your running container without requiring any additional action.

Container Updating
Container Updating

Once the update is done, your container should be running:

Updated Container
Updated Container

Last updated 7 months ago