How to create a Tailscale VPN connection to Synology NAS

Posted on Christian By Christian No Comments on How to create a Tailscale VPN connection to Synology NAS
Access-Synology-Remotely

This article discusses how to create a Tailscale VPN connection to my Synology NAS. According to their documentation, Tailscale simplifies secure connections to your Network-Attached Storage (NAS) devices using WireGuard. Please see how to create New Users and Join Synology NAS to Active Directory, DSM Security: How to Protect Synology DS923+ NAS, and how to “Configure VPN on Windows Server: How to allow remote VPN Access for Domain or Local Users“.

Note: The platform offers varying levels of official or community support depending on your device. So you have got no option not to try out this tool as it offers secure remote access to your Synology NAS with no Port Forwarding and firewall Hassles.

Below is an image showing the various prices available on their website. The personal offer is more than suitable as it offers up to 100 device connections without any associated cost.

Tailscale Pricing

Also, see the “Step-by-step guide on how to set up the Synology DS923+ NAS“, How to fix a vulnerable Trusted Platform Module [TPM] and how to “Backup Mac with Veeam Agent for Mac to Synology DS923+ NAS“.

Install Tailscale on DS923+ Synology NAS

To install Tailscale on your NAS, please follow the steps below to authorise it. Synology recommends that the best way to install Tailscale on Synology devices is to download and manually install the Tailscale package for DiskStation Manager (DSM).

Note: To ensure you’re using the most up-to-date version of Tailscale on DSM, download the app from our package server and install it manually. The version available in the Synology Package Manager is updated approximately once per quarter.

To do this, navigate to the Synology Package Center and search for the Tailscale App as shown below.

search-fortailscale

Click on install to install “Tailscale”.

instail-tailscale

Tailscale is being downloaded and installed.

Downloading-tailscale

As we can see, Tailscale is installed and running.

Tailscale-installed-and-running

Note: When connected via QuickConnect, the Tailscale package is not accessible. To resolve this, connect to your Synology NAS using its IP address. If you’ve forgotten the IP address and port number, you can retrieve them while connected via QuickConnect or by visiting “find.synology.com.”

After the Tailscale app is installed, click on “Open”.

Open tailscale

Please see Manage User Permission on Synology with Active Directory [Part 1], and how to Configure Synology DS923+ NAS for File Sharing [Part 2].

Create Tailscale Network Account

Upon redirection, if the device key has expired, you can simply authenticate as shown below.

Reauthenticate
This means that the authentication key used to add your Mac to the Tailscale network has timed out. Just click Reauthenticate!

Please sign-up into Tailscale network (known as a tailnet) using your preferred identity provider.

On the welcome to Tailscale page, I will select “Personal Use”

account details

Click on “Connect” to connect your Synology NAS to the Tailscale Network also referred to as Tailnet.

connect

As you can see below, the login is sucessful.

login successful

Now, click Next to proceed.

personal usage

Add Another Device to Tailscale

Tailscale allows you to create a private network, often called a “mesh network,” where your devices can securely connect to each other as if they were on the same local network, no matter where they are physically located.

Note: Tailscale works across different platforms including macOS, Windows, Linux, iOS, and Android, making it an excellent choice if you work across multiple devices

Next, we will have to add another device. This is because Tailscale connects multiple devices together. Therefore, there is a need to have it installed on another device.

connect macos

Download Tailscale for Mac, Windows or Linux etc from this link. Since I will be using Mac to connect to my NAS remotely, I will “Download Tailscale for macOS”.

Download tailscale for mac

Install Tailscale for macOS

After downloading the installer, double click on it as shown below and click Next. You can also install it via Homebrew.

install tailscale

Click next on select a destination

Select Destination

You can change the “Install Location” if you wish. Click Next to continue

Installation type and location

Please enter your password to install Tailscale.

Enter password to install

We have successfully installed Tailscale unto Mac.

Successful installation

Launch Tailscale Application

Navigate to the Launchpad and search for Tailscale or from the Applications folder and double-click on Tailscale to open it etc.

luanch Tailscale

Click on “Get Started”

Get started

Click on install now to install “System Extension”.

Install now

System extensions are blocked. To fix this, open security preferences

Open security preference
By default, macOS has built-in security measures designed to protect users from potentially harmful software. One of these measures involves blocking extensions and applications that are not from “identified developers” or the Mac App Store.
This is part of macOS’s Gatekeeper technology, which helps ensure that only trusted software runs on your Mac

Click the lock to make changes as shown below

Authenticate

Enter your password to make this possible and click on unlock

Enter Password

Click on “Allow” and do not forget to click on the lock again to prevent further changes. Also, when the security and privacy page is close, the opened lock will revert immediately.

Allow Tailscale

Click on “Allow VPN Configuration”. This will enable Tailscale to route traffic to other devices within your network.

Allow VPN Configuration

Please confirm by clicking on “Allow”.

Permit VPN configuration

Sign into Tailnet

Next you will be redirected to sign-in. When this does not happen automatically, please click Sign-in to your network.

Starting VPN and sign-in required

Enter your email and click on sign in.

Redirected to login

Click on “Connect” to connect your macOS to the Tailnet.

connect device

From the Tailscale account, under machines. You will be able to see the connected machines, versions, and addresses. With this address, you can connected to your devices securely from any network.

connected machine

You can decide to manually start or start Tailscale automatically when you logon to your device.

start on login

To play around, you can click on Tailscale menu bar”, or open Admin console chich will open your Tailscale account.

show menu, console or close

As you can see, we are connected and as such can access Synology NAS remotely.

I will recommend configuring a Jump server to get to other devices remotely in your network.

Tail scale menu

Test Tailscale VPN

Connect your device to a VPN, choosing the Canada region as your location. I have Norton Secure VPN, therefore, I will connect to it.

Connect VPN

I will select Turn On VPN.

Turn on VPN

You can select any region. Therefore, I am selecting Canada.

different region

Access your Tailscale dashboard and locate the IP address assigned to your Synology NAS. You can now access other devices on your Tailscale network securely from your Mac.

Enter your Username and Password. That is all! As you can see, it is very simple and easy to set up Tailscale VPN in order to remotely access your device and in my case, Synology NAS.

access Snilogy with Tailscale Address
This completes the steps on how to create a Tailscale VPN connection to my Synology NAS.

The image below also shows the connected devices and IP Addresses. I hope you have fun using this VPN solution.

Connection possible from anywhere

Please see the “differences between Private and Public networks in Windows to VPN, and how to “Download and install Norton 360 Anti-Virus on your Mac device.

Uninstall Tailscale

If you wish to uninstall and re-install Tailscale. Please follow rhe steps below. And if you reinstall Tailscale and it does no longer work correctly etc. You may want want to take a look at the Tailscale limitations and known issues.

Navigate to the Package Center and search for Tailscale. Click on it to open the package details and select uninstall.

Uninstall Tailscaale

Confirm the uninstallation when prompted to remove Tailscale from your Synology NAS.

Confirm uninstallation of tailscale

FAQs

Does Tailscale support jumpserver?

Yes, Tailscale does support the use of a jump server (also known as a jump host or jump box). This setup allows users to connect to a jump server first, which then provides access to other servers within the network.

Tailscale offers native SSH server support, which can be used in conjunction with Access Control Lists (ACLs) to create and manage jump hosts with minimal administrative effort1. This means you can securely connect to internal servers through a jump host using Tailscale’s secure network.

Additionally, Tailscale allows you to share machines with other users, enabling them to access specific machines within your network without exposing them to the public internet2. This feature respects the ACLs and MagicDNS settings of both your network and the recipient’s network.

How can I set up a jump server with Tailscale?

To do this, Install Tailscale on Your Jump Server.
– Download and install Tailscale on your jump server. You can find installation instructions for various operating systems on the Tailscale website.
– Authenticate the jump server with your Tailscale network.
– Configure Access Control Lists (ACLs) to control which users can access the jump server and other internal servers.
– Set Up SSH on the Jump Server
– Connect to the Jump Server by using Tailscale’s MagicDNS or the Tailscale IP address to connect to the jump server via SSH

Once connected to the jump server, you can SSH into other internal servers and Share Access with Other Users.

I hope you found this article on “how to create a Tailscale VPN connection to my Synology NAS” very useful. Please feel free to leave a comment below.

5/5 - (1 vote)
Backup, Network | Monitoring, Reviews Tags:, , , ,

Related Posts

More Related Articles

Featured image Two Factor Authentication Change Two-Factor Authentication in Microsoft 365/Office 365 Network | Monitoring
checkmk Perform System Monitoring with CheckMK Reviews
Add camaeras Add additional CC400W Cameras to Synology Surveillance Station Backup
DNS DNS uses TCP and UDP Network | Monitoring
GetScreen796zg65 Getscreen.me: Flexible Remote Access Software For Customer Support Reviews
Watchguard Firewall 180504 100511 1 WatchGuard Firebox: Restoring Backups on XTM Device Network | Monitoring

Leave a Reply