Set up a VPN server on QNAP NAS behind the router
Last modified date:
2023-05-19
Applicable Products:
- QVPN
Follow the steps to set up a VPN server on a QNAP NAS behind the router.
- Install QVPN service in App Center.
- Log in to QTS as an administrator.
- Open the App center.
- Install QVPN service.
- Choose a suitable VPN service, see the comparison table.
- In terms of speed and security, recommend using WireGuard VPN. Note: WireGuard VPN is only available on QVPN Service 3.0 running QTS 5.0 on x86 NAS model.
- In terms of easy-to-setup, recommend using L2TP, almost all modern devices (Windows, macOS, iOS, Android) native supports L2TP without installing an extra VPN Client software.
- In terms of speed and security, recommend using WireGuard VPN.
- Setup VPN service on QNAP NAS Note: recommend changing the default VPN port at this step to enhance the security.
- Setup Qufirewall rule to allow VPN connections.
- Setup VPN client and establish a test VPN connection in a local network.
-
on macOS
-
on Windows
-
on iOS
-
on Android
-
- Setup port forwarding on your NAT router. Note: If you need to console the router manufacturer, the question is like How do I set up a VPN service behind a router.
- Log in to your NAT router.
- Go to Advance settings > Port forwarding/Virtual server
- Insert NAS IP, port number, protocol in the setting. (For example: 192.168.1.2, 51820, UDP for a default WireGuard VPN server)
- Activate and apply the setting.
- Establish the VPN connection.
Choose suitable VPN service
| WireGuard® | QBelt (QNAP’s VPN service) | L2TP | OpenVPN | |
|---|---|---|---|---|
| Main strength | Fastest | Works with QuWAN (QNAP’s SD-WAN solution) | Easiest to use | Most secure |
| Recommended use case | Large file transferWhen you are currently managing multiple devices with WireGuard®When using a single smartphone or laptop | When building a tunnel to devices in the QuWAN mesh connectionWhen requiring VPN connection between multiple QNAP devicesWhen quick VPN setup is required | When building a VPN between QNAP NAS and iOS, Android, and other edge devicesWhen a secondary VPN connection is required | When you prefer to use OpenVPN supported third party services (check a row below)When building tunnels to servers in other countriesWhen organizations require critical security rules fulfilled |
| Which app you should install on the host/client to use this VPN service? | [Host] QVPN Service [Client] WireGuard®, or third-party apps that support WireGuard® | [Host] QVPN Service [Client] QVPN Device Client | Not required (Modern devices support built-in L2TP connection) | [Host] QVPN Service [Client] QVPN Device Client or third-party apps/services that support OpenVPN (ExpressVPN™, NordVPN®, Surfshark®, Astrill®) |
| How to verify | Public/private keyPSK | Can use PSK | No verification required (Use PAP/MS-CHAPv2 or PSK additionally) | PSKCertificationUsername and password |
| Encryption | Supported | DTLSAES | Not supported (Can use IPsec) | Built-in OpenSSL SSL/TLS |
| Speed test* | FTP Download: 106MB/s Upload: 104.6MB/s HTTP Download: 96.8MB/s Upload: 91MB/s | FTP Download: 45.5MB/s Upload: 50.1MB/s HTTP Download: 34.7MB/s Upload: 46.92MB/s | FTP Download: 44.8MB/s Upload: 21.6MB/s HTTP Download: 41.4MB/s Upload: 29.5MB/s | FTP Download: 62.7MB/s Upload: 91.4MB/s HTTP Download: 61MB/s Upload: 86.6MB/s |
