How to Deploy a Connector on a Synology NAS running DSM 7.x or later

Install a Connector on a Synology NAS device to enable remote access to your network

Synology NAS devices, despite their name (“network attached storage”) aren’t only for adding shared storage on a network. Synology NAS devices are actually servers that can provide a variety of different services beyond file sharing - and this includes hosting a Twingate Connector!

Installing a Twingate Connector on a Synology NAS allows you to make the Synology, and any other device on the same network (e.g. computers, webcams, network-connected printers), remotely accessible in a manner that’s more secure and easy than other options, like setting up a VPN server or port forwarding on a router.

Synology DiskStation and RackStation devices run on an operating system called Synology DiskStation Manager (DSM), which is based on Linux. Below is how to install and provision a Connector on a Synology NAS that is running DSM version 7.0 or later. If your Synology NAS is running an earlier version of DSM, please use the Synology NAS DSM 6 guide to deploy a Connector.

Prerequisites

If you do not have a Remote Network set up, you can add one on the Network page of the Twingate Admin Console.

On the details page of the new Remote Network, pick one of the two pre-created Connectors and click Deploy Connector.
Click on Docker then Generate Tokens, then Authenticate when prompted.
Scroll down and click the toggle for any of the options you want to apply, such as custom DNS or local connection logging, then scroll to the bottom of the page and copy the deploy command - we will need it later.
While connected to the same network your Synology NAS is on, sign into the DSM web admin interface with a new browser tab or window. This is typically found at https://X.X.X.X:5001 by default (where X.X.X.X is the IP address of your NAS).

DSM Instructions

To deploy a Connector in Synology DSM 7.2+, we will be using the built-in Docker Compose service. Create a folder called “twingate-connector” under your docker configuration in File Station:

On your computer, create a file called compose.yaml with the following content:

services:
  twingate-connector:
    image: twingate/connector:latest
    environment:
      - TWINGATE_NETWORK=<TENANT NAME>
      - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
      - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>

Note: you can add more parameters to your YAML file depending on how you want to configure your Connector. Take a look at our Docker Compose examples.

On your NAS, open Container Manager. Under Project, click “Create”:

Call your project “twingate-connector”. Point the “Path” to the folder you just created and upload your YAML file by clicking “Browse”. Once done, your project should look like this:

In the Twingate Admin Console, create a new Connector in your Remote Network and generate an Access Token and Refresh Token for it (those will be required for the next step):

Back on the Synology side, replace the following parameters in your Container Manager project:

TENANT NAME: replace with your Twingate tenant / network name (the tenant in https:\\tenant.twingate.com\networks of the Admin Console)
TWINGATE_ACCESS_TOKEN: see token from Admin Console
TWINGATE_REFRESH_TOKEN: see token from Admin Console

Once replaced, click “Next”:

Click “Next” on the next screen:

Check “Start the project once it is created” and click “Done”

The Twingate Connector will get deployed automatically with an exit code of 0:

You should now see the live Connector in your Admin Console:

Live Connector in Twingate Admin Console

You can now access your network with a device that has a Twingate Client installed and is signed into your Twingate account. In order to access the NAS, you need to add it as a Resource in the Twingate Admin Console, using the IP address you would use to access it when you are directly connected to the local network it’s on. You can follow the Resources guide for more information on how to add Resources.

Update Process

To update the Connector, check under “Image” in Container Manager. If “Update Available” appears, a new version of the Connector has become available:

Click “Update available”, then click “Update”:

Acknowledge the warning and click “Update”:

Your image will be downloaded and applied to your running container without requiring any additional action.

Once the update is done, your container should be running:

Last updated 2 months ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Understanding Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance