What is the best/secure way to access Synology files outside the network?
I’m thinking of just using Synology Drive Client.
But Webdav allows me to create mapped drives to be accessed from anyhere. However, it requires a port to be opened on the firewall.
What do you guys suggest?
Thank you
A vpn may be the best solution. What’s at the edge of your network? Enterprise firewall or domestic router?
Pfsense/Netgate Firewall.
I’m trying to make it easy for the “non computer literate” users
I think a VPN would be most suitable. OpenVPN, it pretty simple to use. Not worth opening webdav ports… Sacrificing security for ease of use, which isn’t a good idea.
I use OpenVPN on my pfsense in parallel with duo security. Works a dream, and very simple to use.
I agree with @ajrbservices. You should never expose a file sharing protocol to the internet. A remote access VPN to get to the network with the files is the best solution.
How about using Synology Drive Client?
If you have to open a port on the firewall for it to work, I wouldn’t do it. When you require a remote access VPN connection you can better secure it with centralized and multifactor authentication.
It’s pretty much as @FredFerrell says. As for
it requires a substantial investment of time and effort. In my experience those who have made it, will use a VPN, those that have not, are not that concerned with security. Personally I have given up advocating basic levels of security unless the individual is willing to invest.
VPN is the best way to go, any thing else is not secure.
Less secure alternate is to use online storage (like Google Drive etc) and back those drive using Cloud Station to Synology.
Easy and secure don’t always go together, but in this case, VPN just isn’t that complicated.
-MB
Have you looked at Synology QuickConnect? It’s under Control Panel, System, QuickConnect. No need to open ports. Works well for just fetching files. I wouldn’t use it to stream videos but I use it when I need to grab a file remotely.
It’s easy to turn on and off as well.
I would not like Synology QuickConnect, even though we dont open a specific port in firewall QuickConnect will have a port open for it to connect to Diskstation. Which is not under your control and that is a big problem, I would rather have port open under my control.
I use File Station over HTTPS with 2 factor authentication and a certificate from Letsencrypt. Also, I have allowed access on firewall only for my country. For any other country the HTTPS port is closed. This is one of the features that I love in Synology!
If you can’t whitelist to a specific IP you are still opening yourself up to being compromised.
do you have a resource on how you got the Duo configured? I would like to have that also.
Feel free to PM me and I can help if needed. You do need a Windows server running AD though… at least I think you do!