How to Set Up Twingate on a Synology NAS Running DSM 7.x
Install a Connector on a Synology NAS device to enable remote access to your network
Synology NAS devices, despite their name (“network attached storage”) aren’t only for adding shared storage on a network. Synology NAS devices are actually servers that can provide a variety of different services beyond file sharing - and this includes hosting a Twingate Connector!
Installing a Twingate Connector on a Synology NAS allows you to make the Synology, and any other device on the same network (e.g. computers, webcams, network-connected printers), remotely accessible in a manner that’s more secure and easy than other options, like setting up a VPN server or port forwarding on a router.
Synology DiskStation and RackStation devices run on an operating system called Synology DiskStation Manager (DSM), which is based on Linux. Below is how to install and provision a Connector on a Synology NAS that is running DSM version 7.0 or later. If your Synology NAS is running an earlier version of DSM, please use the Synology NAS DSM 6 guide to deploy a Connector.
If you do not have a Remote Network set up, you can add one on the Network page of the Twingate Admin Console.
On the details page of the new Remote Network, pick one of the two pre-created Connectors and click
Generate Tokens, then Authenticate when prompted.
Scroll down and click the toggle for any of the options you want to apply, such as custom DNS or local connection logging, then scroll to the bottom of the page and copy the deploy command - we will need it later.
While connected to the same network your Synology NAS is on, sign into the DSM web admin interface with a new browser tab or window. This is typically found at
https://X.X.X.X:5001by default (where
X.X.X.Xis the IP address of your NAS).
To deploy a Connector in Synology DSM 7.x, we will be using the built-in Docker Compose service. Create a folder called “twingate-connector” under your docker configuration in File Station:
On your computer, create a file called
compose.yaml with the following content:
services: twingate-connector: image: twingate/connector:latest environment: - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt - TWINGATE_API_ENDPOINT=/connector.stock - TWINGATE_NETWORK=<TENANT NAME> - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN> - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
On your NAS, open Container Manager. Under Project, click “Create”:
Call your project “twingate-connector”. Point the “Path” to the folder you just created and upload your YAML file by clicking “Browse”. Once done, your project should look like this:
In the Twingate Admin Console, create a new Connector in your Remote Network and generate an Access Token and Refresh Token for it (those will be required for the next step):
Back on the Synology side, replace the following parameters in your Container Manager project:
- TENANT NAME: replace with your Twingate tenant / network name (the
https:\\tenant.twingate.com\networksof the Admin Console)
- TWINGATE_ACCESS_TOKEN: see token from Admin Console
- TWINGATE_REFRESH_TOKEN: see token from Admin Console
Once replaced, click “Next”:
Click “Next” on the next screen:
Check “Start the project once it is created” and click “Done”
The Twingate Connector will get deployed automatically with an exit code of 0:
You should now see the live Connector in your Admin Console:
You can now access your network with a device that has a Twingate Client installed and is signed into your Twingate account. In order to access the NAS, you need to add it as a Resource in the Twingate Admin Console, using the IP address you would use to access it when you are directly connected to the local network it’s on. You can follow the Resources guide for more information on how to add Resources.
To update the Connector, check under “Image” in Container Manager. If “Update Available” appears, a new version of the Connector has become available:
Click “Update available”, then click “Update”:
Acknowledge the warning and click “Update”:
Your image will be downloaded and applied to your running container without requiring any additional action.
Once the update is done, your container should be running:
Last updated 15 days ago