Updated 7/14/2018: Added a link to an article that could help with setups on Windows 10.
I recently purchased a QNAP TS-231+ and thought it would be a good idea to be able to remotely VPN into my NAS. The most important capabilities to be gained from doing this was that I would be able to access my NAS as if I was on the home network, map network drives to shared folders, and safely use my NAS through inheriting the security settings of my home network. After spending a few days to get this working, I wanted to document the steps so that you too can get it up and running if you needed a push in the right direction. Read on if you also happen to want to set this up on Windows 10 or an Android smartphone, as I hadn’t experimented with other platforms.
Configuring VPN Server on the NAS
To begin configuring VPN, first log in to your NAS. Open up the Control Panel and navigate to “VPN Server” as shown below and modify the settings to fit your need (note: your security settings may be different from mine).
As you can see, only PPTP and L2TP/IPsec modes are enabled. Through a quick googling effort, I found that PPTP is less secure than L2TP/IPsec, so I would recommend establishing connections through the latter method if you can. If you enabled L2TP/IPsec, you’ll have to think of a preshared key that you will need to specify when you attempt to connect. OpenVPN is also an option to consider, especially if you’re familiar with it. However, I did not enable it because the aforementioned methods were sufficient to be able to connect from Windows and Android, and I could avoid downloading OpenVPN clients that would’ve been needed otherwise.
At this point, you might ask why I didn’t just disable PPTP if it was less secure. The reason was that I found that I could only VPN into the NAS using PPTP on Windows when I’m outside of the local network. On the local network, Windows was able to connect with L2TP/IPsec.
Forwarding Ports in your Router
As suggested by QNAP in their VPN tutorial, log in to your router’s web interface and enable ports 500, 1701, 1723, and 4500. Set them to forward to the internal IP address of your NAS. You can find the IP address from your NAS’ Control Panel > System Settings > Network.
After applying the port forwarding, you can go to http://www.portchecktool.com/ to check that the ports are open. In my experience, I was only able to see that port 1723 was open; all the others resulted in the port check tool reporting a “Connection refused” error. A connection refused error means that either there are no services configured to listen to that port or that a firewall is blocking them. I spent many hours debugging, but could not find where the issue was. My Windows laptop connected via PPTP and my Android phone was able to connect via L2TP/IPsec, so I know that the NAS was configured to listen to the ports and that the router properly forwarded them. Since I could establish the connections though, which is the end goal, I stopped trying to figure out what caused the connection refused errors. If this continues to be a problem for you, I would suggest temporarily disabling any firewalls on your router.
Connecting from an Android smartphone
My phone, at the time of this writing, was running Android 4.4.4. With Android, you don’t need to download any third party VPN apps to be able to connect. Simply open up Settings > Connections > More networks > VPN. Then select “Advanced IPsec VPN”. Enter the public IP of your router (http://www.portchecktool.com/ will tell you what the IP is, as long as you are browsing on the same network as the router) and the preshared key that you selected above. You will be prompted to enter the username and password when you connect. For convenience, you can tap on the entry for the connection you just created and select “Create shortcut” to put the connection on your home screen.
Connecting from Windows 10
In Windows, hit the Windows key or press the Start button, then type “vpn”. Select the option “Change virtual private networks (VPN)”. Click “Add a VPN connection” and set up the connection as shown below. You can enter the username and password to avoid being prompted each time you connect.
Update 7/14/2018: A reader referred me to this article which may assist more in setting up connections with Windows 10: https://www.selfaware.be/configuring-a-vpn-connection-to-your-qnap-nas/
Optional for Windows: myQNAPcloud Connect
As a bonus for Windows users, you can head over to the QNAP Utilities page and download myQNAPcloud Connect, which is a desktop application that makes setting up VPN easier and, after connecting, provides a GUI where you can launch NAS apps like File Station, browse network folders on the NAS, and map network drives. myQNAPcloud Connect saves the VPN connections to Windows, so you would see them just as if you had set them up via Windows itself.