advertisement
QVPN Service
The NAS supports Virtual Private Network (VPN) service for users to access the NAS and resources on a private network from the Internet. Use QVPN Service to set up your NAS as a VPN server and establish a VPN client connection.
In this chapter, the following topics are covered:
Third Party VPN Client Setup and Connection
Connect a VPN Server via OpenVPN
Connect a VPN Server via L2TP/IPSec
VPN Server Setup
1. Enable PPTP, OpenVPN, or L2TP/IPSec: The NAS supports PPTP, OpenVPN or L2TP/IPSec for VPN connection. Select one of the following options and configure the settings.
264
o
PPTP: Point-to-Point Tunneling Protocol (PPTP) is one of the most commonly used methods for VPN connection. It is natively supported by Windows, Mac, Linux, Android, and iPhone. You can also specify the VPN client IP pool and advanced settings (including the maximum number of clients, authentication protocol, encryption method, network interface and DNS server).
o
OpenVPN: OpenVPN is an open source VPN solution which utilizes SSL encryption for secure connection. To connect to the OpenVPN server, the OpenVPN client must be installed on your PC. Click
"Download Configuration File" to download the VPN client settings, certificate/key and installation guide from the NAS and upload the files to the OpenVPN client. You can also specify the VPN client IP pool and advanced settings (including the VPN server port, maximum number of clients, encryption method, network interface, DNS server, and whether to use the redirect-gateway and compressed data before their transfer via VPN).
o
L2TP/IPSec: L2TP (Layer Two Tunneling Protocol) is a combination of the Point-to-Point Tunneling
Protocol (PPTP) and Layer 2 Forwarding (L2F). Compared to PPTP, which only establishes a single tunnel between the two end points, L2TP supports the use of multiple tunnels. IPSec is often used to secure L2TP packets by providing confidentiality, authentication and integrity checks. The combination of these two protocols provides a high-security VPN solution which is known as L2TP/IPSec. L2TP/IPSec is supported by most clients, including Windows, Mac, Linux, and mobile devices.
2. Configure port forwarding by auto router configuration: The NAS supports auto port forwarding for
UPnP (Universal Plug-and-Play network protocol) routers. Go to "myQNAPcloud" > "Auto Router
Configuration" to enable UPnP port forwarding and open the ports of the PPTP, OpenVPN or L2TP/IPSec service on the router.
3. Register myQNAPcloud service: You can connect to the NAS by WAN IP or myQNAPcloud name. To configure myQNAPcloud service, check the chapter on myQNAPcloud Service or visit myQNAPcloud
( https://www.myqnapcloud.com) .
4. Add VPN users: Go to "QVPN Service" > "Privilege Settings", click "Add VPN Users". The local NAS users will be listed. Select the users who are allowed to use the VPN service and their connection method (PPTP, OpenVPN or L2TP/IPSec, multiple methods are also allowed). Click "Add".
5. Connect to the private network by a VPN client device: Now you can use your VPN client device to connect to the NAS via the VPN service.
Notes:
The default NAS IP is 10.0.0.1 under PPTP VPN connection.
Upload the configuration file to the OpenVPN client every time the OpenVPN settings, myQNAPcloud name, or the secure certificate is changed.
To connect to the PPTP or L2TP/IPSec server on the Internet, the PPTP or L2TP/IPSec passthrough options on some routers have to be opened. PPTP uses only port TCP-1723 and L2TP/IPSec uses UDP 500, 1701 and 4500; forward those ports manually if your router does not support UPnP.
265
Third-Party VPN Client Setup and Connection
PPTP on Windows 8
1. Go to "Control Panel" > "Network and Sharing Center".
2. Select "Set up a new connection or network".
3. Select "Connect to a workplace" and click "Next".
4. Select "Use my Internet connection (VPN)".
5. Enter your myQNAPcloud name or IP address in “Internet address”.
6. Enter a name for the connection in “Destination name”.
7. Click "Create".
8. Go to “Control Panel” > “Network and Sharing Center” > “Change adapter settings”.
9. Right-click the VPN connection and then select “Properties”.
10. Enter “Security” page, select the “Type of VPN” as PPTP.
11. Click “OK”.
PPTP on Mac OS X 10.10
1. Go to "Apple menu" > "System Preferences", and click "Network".
2. Click "Add (+)" at the bottom of the list, and choose "VPN" as the interface.
3. Select “Add new service (+)” and choose “VPN” in “Interface”.
4. Select “PPTP” in “VPN Type”.
5. Enter a name for the connection in “Service Name”.
6. Enter your myQNAPcloud name or IP address in “Server Address” and your QNAP NAS user name in
“Account Name”.
7. Click “ Authentication Settings” and then enter the password and preshared key.
8. Click “Connect”.
PPTP on Android 5.0
1. Go to “Settings” > “VPN”. Click “Add VPN profile”.
2. Enter “Name” and select “PPTP”.
3. Click the VPN profile and enter your username and password to start the connection.
OpenVPN on Windows
1. Download OpenVPN from http://openvpn.net/index.php/open-source/downloads.html/ .
266
2. Install the OpenVPN client on Windows.
The default installation directory is C:\Program Files\OpenVPN.
3. Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
4. Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
5. Place “ca.crt” and “openvpn.ovpn” in the folder C:\Program Files\OpenVPN\config.
6. Use an administrator account to launch OpenVPN and activate the connection.
Note: If the OpenVPN client is running on Windows 7, add the firewall rules in the advanced settings of OpenVPN.
OpenVPN on Mac OS X 10.11
1. Download and install Tunnelblick from https://tunnelblick.net/ .
2. Launch Tunnelblick.
3. Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
4. Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
5. Double-click the configuration file (or right-click and import the file with Tunnelblick).
The certification file will be imported automatically.
6. Click “Connect”.
7. Enter your NAS username and password.
OpenVPN on iOS 9
1. Install OpenVPN Connect from https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8 .
2. Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
3. Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
4. Open the configuration file with OpenVPN Connect.
Tip: You can send the file to your email address and open it on your device, or you can send the file to the OpenVPN folder via PC with a third-party application such as “iTools for Windows”.
5. Enter your NAS username and password
If you have imported the configuration file to the OpenVPN folder you will see it in OpenVPN Connect.
267
Note: Ensure this option on your iOS device is enabled: “Settings” > ”OpenVPN” >
“Advanced Settings” > ”Force AES-CBC cipher suites”.
OpenVPN on Android 5.0
1. Install OpenVPN Connect from https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en .
2. Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
3. Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
4. Import your settings files to the folder on your Android device.
5. Launch OpenVPN Connect and select "Import" in the top-right menu. Find and import the configuration file, and then follow the instructions for importing the certification file.
6. Enter your NAS username and password.
OpenVPN on Windows
1. Download and install OpenVPN from http://openvpn.net/index.php/open-source/downloads.html/ .
The default folder for the installation is "C:\Program Files\OpenVPN".
2. Download the settings files from your QNAP NAS, including the certification file “ca.crt” and the configuration file “openvpn.ovpn”.
3. Open “openvpn.ovpn” and replace “OPENVPN_SERVER_IP” with your NAS IP address.
4. Place “ca.crt” and “openvpn.ovpn” in the folder C:\Program Files\OpenVPN\config.
5. Use an administrator's account to launch OpenVPN and activate the connection.
L2TP/IPSec on Windows 8
1. Go to “Control Panel” > “Network and Internet” > “Network and Sharing Center” and select “Set up a new connection or network”.
2. Select “Connect to a workplace”.
3. Select “Use my Internet connection (VPN)”.
4. Enter your myQNAPcloud name or IP address in “Internet address”.
5. Enter a name for the connection in “Destination name”.
6. Go to “Control Panel” > “Network and Sharing Center” > “Change adapter settings”.
7. Right-click the VPN connection and select “Properties”.
268
8. Go to “Security”, select the “Type of VPN” as L2TP/IPSec, and then click “Advanced settings”.
9. Select “Use preshared key for authentication” and enter the same key as the server’s settings.
You can now connect to the VPN.
Note: If your NAS is behind a NAT router, use the following configuration: https://support.microsoft.com/en-us/kb/926179 .
L2TP/IPSec on Mac OS X10.10
1. Go to “System Preferences” > “Network”.
2. Select “Add new service (+)” and choose “VPN” in “Interface”.
3. Select “L2TP/IPSec” in “VPN Type”.
4. Enter a name for the connection in “Service Name”.
5. Enter your myQNAPcloud name or IP address in “Server Address” and your QNAP NAS user name in
“Account Name”.
6. Click “Authentication Settings”, and enter the password and preshared key.
7. Click “Connect”.
L2TP/IPSec on Android 5.0
1. Go to “Settings” > “VPN”.
2. Click “Add VPN profile”.
3. Enter “Name” and choose the type as “L2TP/IPSec PSK”.
4. Enter “IPSec Pre-shared key”.
5. Click the VPN profile and enter your username and password.
L2TP/IPSec on iOS 8
1. Go to “Settings” > “General” > “VPN”.
2. Choose “Add VPN Configuration…”.
3. Select “L2TP”.
4. Enter a name for the connection in “Destination”.
5. Enter the myQNAPcloud name or IP address in “Server”.
6. Enter your QNAP NAS username, password and preshared key.
7. Go to “Settings” > “General” > “VPN” to connect to the VPN.
269
Privilege Settings
Select the VPN users and specify their privileges.
Add VPN users
Click "Add VPN Users" and check the services you want to allow each user to connect with. Both local users and domain users can be VPN users. You can also search for users in the search bar.
Note: To connect to a VPN server using domain user accounts, you must enable the service in Domain Security.
Delete VPN users
Click "Delete" to remove VPN users. The users will be unable to connect to the VPN service after being deleted.
Connection List
This list shows information about each connection with a server including login time, uptime, username, source IP, VPN client IP, and connection method.
Click “Disconnect” on the table to disable client connections.
VPN Client
The NAS provides the VPN client service which can connect to a VPN server via PPTP, OpenVPN and
L2TP/IPSec. The NAS also supports saving multiple VPN settings to easily switch between different connections.
Before you start
Before starting the VPN client service, please ensure that the Internet connection is normal.
Connect a VPN server via PPTP
The Point-to-Point Tunneling Protocol (PPTP) is a commonly-used method for implementing VPN and is supported by most clients, including Windows, Mac OS X, Linux, and mobile devices.
1. Go to "QVPN Service" > "VPN Client".
2. Click "Add" > "PPTP" to connect a VPN server.
270
3. Enter the connection configuration settings, including the profile name, server address (that you want to connect to), and the username and password of the VPN server.
4. Choose any of the following authentication mechanisms from the ”Authentication" menu to protect the VPN client’s password during authentication: o
MS-CHAPv2: The password will be encrypted using Microsoft CHAP version 2.
o
MS-CHAP: The password will be encrypted using Microsoft CHAP version 1.
o
PAP: The password will not be encrypted.
o
CHAP: The password will be encrypted using CHAP.
5. If you choose MS-CHAP or MS-CHAPv2, go to the "Encryption" menu and select an option: o
None: The VPN connection will not be encrypted.
o
Medium (AES 40/128 bit): The VPN connection will be encrypted using a 40-bit or 128-bit key.
o
High (AES 256 bit): The VPN connection will be encrypted using a 256-bit key (the highest-possible level).
6. Specify the subnet mask.
7. Select any of the following options, as required: o
Use the default gateway on remote network: This will allow all packets to be transferred via the VPN server.
o
Allow other network devices to connect to the VPN through the NAS: This will allow network devices on the same LAN as the NAS to connect to the same VPN.
o
Reconnect when the VPN connection is lost: This will automatically reconnect to the VPN server when the connection is lost.
8. Select "Create" to start.
Note: To connect to a VPN server using domain user accounts, you must enable the service in Domain Security.
If you select "Allow other network devices to connect to the VPN through the NAS", the network device can access the VPN via the NAS. To enable this function, you must change the default gateway on that other device. Using a Windows PC as an example:
1. Go to "Control Panel" > "Network and Sharing Center" > "Change adapter settings".
2. Right-click the connection icon and choose "Properties".
3. Select "Internet Protocol Version 4 (TCP/IP)" and click "Properties".
4. Choose "Use the following IP address" and change the Default gateway to the IP address of the NAS that is operating the VPN Client service then click "OK".
271
Connect a VPN server via OpenVPN
The NAS also supports OpenVPN, which is an open-source solution for VPN services. It protects a VPN's connection with the SSL/TLS encrypting mechanism. It is also available on Windows, Mac OS X, Linux,
Android and iOS.
To connect to a VPN server via OpenVPN, follow these steps:
1. Go to "QVPN Service" > "VPN Client".
2. Click "Add" > "OpenVPN" to connect to a VPN server.
3. Select the OVPN file (.ovpn) and click “Open”.
4. Enter the connection configuration settings, including the profile name, and the username and password of the VPN server.
5. Click inside the required text field to import the certificate (ca.crt) exported from the OpenVPN server.
6. Specify the subnet mask.
7. Select any of the following options, as required: o
Use the default gateway on remote network: This will allow all packets to be transferred via the VPN server.
o
Allow other network devices to connect to the VPN through the NAS: This will allow network devices on the same LAN as the NAS to connect to the same VPN.
o
Reconnect when the VPN connection is lost: This will automatically reconnect to the VPN server when the connection is lost.
8. Click "Apply" to start.
o
If you check "Use the default gateway on remote network", the default gateway on your NAS will change to the VPN server’s default gateway.
o
If you check "Allow other network devices to connect to the VPN through the NAS", the network device can access the VPN via the NAS.
Connect a VPN server via L2TP/IPSec
1. Go to "QVPN Service" > "VPN Client".
2. Click "Add" > "L2TP/IPSec" to connect a VPN server.
3. Enter the connection configuration settings, including the profile name, server address (that you want to connect to), and the username and password of the VPN server.
4. Choose any of the following authentication mechanisms from the "Authentication" menu to protect
VPN client’s password during authentication: o
MS-CHAPv2: The password will be encrypted using Microsoft CHAP version 2.
o
MS-CHAP: The password will be encrypted using Microsoft CHAP version 1.
o
PAP: The password will not be encrypted.
o
CHAP: The password will be encrypted using CHAP.
272
5. If you choose MS-CHAP or MS-CHAPv2, go to the "Encryption" menu and select an option: o
None: The VPN connection will not be encrypted.
o
Medium (AES 40/128 bit): The VPN connection will be encrypted using a 40-bit or 128-bit key.
o
High (AES 256 bit): The VPN connection will be encrypted using a 256-bit key (the highest-possible level).
6. Type the preshared key.
7. Specify the subnet mask.
8. Select any of the following options, as required: o
Use the default gateway on remote network: This will allow all packets to be transferred via the VPN server.
o
Allow other network devices to connect to the VPN through the NAS: This will allow network devices on the same LAN as the NAS to connect to the same VPN.
o
Reconnect when the VPN connection is lost: This will automatically reconnect to the VPN server when the connection is lost.
9. Select "Create" to start.
Logs
Connection Logs
QVPN Service creates a log entry every time a user accesses a VPN server. The connection logs include the connection method, date, time, username, source IP, and content.
Note: QVPN Service only displays the connection logs. To copy or delete a log, or to export the list, go to “Control Panel” > “System” > “System Logs”.
Enable Connection Logs on QVPN Service
1. Open QVPN Service.
2. Go to “Logs” > “Connection Logs”.
3. Move the slider to the right.
Event Logs
QVPN Service creates a log entry every time a user enables or disables services, changes settings, and modifies the configuration. The event logs include the date, time, username, and content.
Note: QVPN Service only displays the event logs. To copy or delete a log, or to export the list, go to “Control Panel” > “System” > “System Logs”.
273
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement