Create a VPN to download from a Synology

In order to hide my NAS, I wanted it to use its own VPN, while my public IP was still visible when surfing with any other devices in my LAN.

To do so, I subscribed to HMA! (HideMyAss!) and applied their configuration procedure on my Synology. Et voilà.

Click to Read More

I did try both a L2TP and a OpenVPN VPN with success. Tricks:

  • For a L2TP VPN, use your PPTP password and NOT your account password
  • For a OpenVPN VPN, use your account password
  • Although using Port Forwarding to access my NAS from internet, I did not had to open the required ports !!!
    • L2TP: UDP 500, 4500 and 1701
    • Open VPN : 443 if using TCP, 553 is using UDL
  • If you are using a DDNS, go to the  Control Panel > External Access and Click Update to verify the public IP of your NAS. It must now be your VPN IP.
  • Check that downloading a torrent (with this procedure), your tracker IP is your VPN IP.
  • Check you IP calling ipify from your NAS.
    • A very simple way to do this is to call the following php page on your Web Station:
 $ip = file_get_contents('');
 echo "My public IP address is: " . $ip;
  • Soon after enabling the VPN, I started to be attacked on Telnet port! I am using Security’s Auto-Block feature to prevent brute force attacks.
  • On a mobile device (or anything else) connected directly to Internet (not via your LAN), type your VPN IP in a browser. You should see the default home page of your web station if this one is enabled.
    • I would recommend to replace this default page by a php page returning a header 404.
 header("HTTP/1.0 404 Not Found");
  • If you are using a DDNS on your NAS, you won’t be able to access your router and VDSL modem via that domain name. Indeed, only your NAS is accessible via this VPN IP. If possible, configure another DDNS on your VDSL modem or router.
    • Ex.: I am using for free. They have a great support page here with detailed configurations for many different devices.
    • Doing so, you can access your NAS and your router or modem via their own Domain name.
  • “Tested OK” both when accessed from LAN or from Internet:
    • Download Station via Synology Download Station for Chrome (
    • JDownloader via Chrome extension and via
    • Plex Server via App or via http://DDNS name:port/web or via
    • DSM via its admin port
    • Apps: DS Cam, DS File, DS Audio, DS Get, DS Photo, DS Video, DS Cloud and DS Note are all wokring fine using Quick Connect (All those I tested via their DDNS name + custom port or DSM admin port worked too)
    • Cloud Sync (with Hubic)
    • FTP Server





Leave a Reply

Your email address will not be published. Required fields are marked *