QNAP OpenVPN (SSL)
Yes, smart network attached storage (NAS) devices support secure VPNs. An open source product named OpenVPN is installed by default on QNAP, Synology, and Asustor. Configuration is easy and, overall, the process takes only a fraction of the effort required for a Windows oriented SSL VPN.
OpenVPN may be activated by simply checking off a box and naming the authorized users. However, since SSL is involved, an additional layer of complication is required to manage SSL certificates. SSL is much easier to manage on a NAS device than on a Windows server, but it still takes a little effort. You also need an internet URL name, which will probably be based on one you selected from your Dynamic DNS (DDNS) provider.
The final configuration steps involve a little port forwarding on your router, downloading a configuration file from your NAS device t0 your PC, downloading and installing the free OpenVPN client program, then copying the configuration file into an OpenVPN folder.
Taking Care of the Prerequisites
You first need to select a DDNS provider and create a URL that points back to your ISP provided IP address. After you decide on a URL name, you need to create an SSL certificate that names it, then load the SSL certificate into in your NAS device. Since I own a QNAP NAS, all examples will illustrate QNAP SSL and VPN management. The other smart NAS devices probably work a lot alike.
[Update March 9, 2015: OpenVPN client for Windows has a security vulnerability for versions prior to 2.3.6-I002/I602, called Freak. It allows an extremely motivated hacker to perform a man-in-the-middle attack. The likelihood of attack for most people is slim. To completely eliminate it, according to OpenVPN, load the most recent version of OpenVPN for Windows.]
[April 13, 2014 Heartbleed bug update: OpenSSL has a recently discovered security bug called Heartbleed that is said to have been repaired starting with version 1.01g and above. Version 1.02 will be secure, according to articles available on the internet. The bug will allow a knowledgeable hacker to pierce a part of the encryption so that much is in the clear. More information is available here.]
Configure the Router
Your router needs to be able to access your VPN over the internet. As a precaution, by default, routers usually won’t allow traffic into your network that is not in response to a previous request, such as a web page. VPN traffic travels on special ports, which are a little like TV channels. Certain types of traffic travel on certain port numbers. Opening these ports is called port forwarding.
OpenVPN needs these ports open and aimed toward your NAS device. Note that port 1194 is UDP, not TCP.
After installing your SSL certificate into the QNAP drive, you need to turn on OpenVPN. The IP address list should be left at the default. When you sign in, your PC will be given an IP address on the local network from that pool. The first address in the subnet is the network ID; in this case 10.1.0.1. You will access the shares using \\10.1.0.1 in Windows Explorer.
Download the configuration file by clicking the button. It will copy a zip file to your PC that holds data for your OpenVPN client software.
Next, select the authorized VPN users. You are done with server configuration.
OpenVPN is a little touchy about accessing shares. For best results, make sure the user name and password below matches the user name and password of the Windows user.
Download and Install Free OpenVPN Client Software
Go to your browser and navigate to this page to download OpenVPN client software for Windows. You are on the OpenVPN web site. Select the appropriate version, download, and install with administrator level privileges.
Go to the zip file you downloaded, unzip it, and look at the read-me file. It tells you how to make the final adjustments to OpenVPN so that your URL and certificate will make it work. Use a text editor and open openvpn.ovpn. Find the line that has an IP address and replace it with your URL name. Save the file. Now copy both it and ca.crt to the location specified in the read-me file.
Fire up the OpenVPN client. Right click the OpenVPN desktop icon and Run as administrator. You’ll be prompted for a user id and password. A little splash screen in the lower right corner will tell you that you’ve connected to a new network. If you double-click the OpenVPN icon in the lower right icon area, you’ll see a status box. When you’re done, this is where to disconnect. Note that the PC has a local IP address of 10.1.0.6 on the QNAP OpenVPN subnet.
You now have secure access to the network your NAS box is connected to. Note the IP address in Windows Explorer.