Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Windspeed36

NAS - Remote Access

Recommended Posts

Posted · Original PosterOP

So, you want to access your NAS/internal storage shares when you're out of the office or away from home? Well there's two ways of doing this.

 

Bring the network to you

or

 Put yourself in the network

Bring the network to you

 

This quite simply is allowing you to remote into the network without being a part of it. The common way of doing this is having a web page such as mystorage.myhomenetwork.com with a login page. You'll simply be able to go to that site, put in a username and password then download or upload whatever content you want. You'll see this quite commonly with services like Google Drive, Dropbox and OneDrive but it's not limited to that. QNAP and Synology alongside most NAS manufacturers as well as certain versions of Windows Server allow this. For example, QNAP call this feature 'Web File Manager' and more info on their implementation can be found here.

What do you need to do this?

  • You need a NAS setup that supports such an application - as mentioned, almost all NAS manufacturers do and most versions of Windows Server do as well - in server it is known as RWA or Remote Web Access. More info here.
  • You need to allow this process through router and local machine firewalls & forward the ports.
    • For the firewall, it'll depend on your device. You simply need to allow either the UDP or TCP (depending on connection type) through the device's firewall. I know QNAP will do this automatically when you enable the WFM.
    • You'll need to forward the ports as well - a guide on port forwarding for your router can be found here.
      • What this does is means that requests made to a specific port number, eg 8080 via your external IP eg, 144.55.26.62 are forwarded to an internal address. What you'll then be able to do is access http://144.55.26.62:8080 via a browser and be presented with the web interface for either the immediate file share or your NAS's remote management page depending on the OS & hardware you're using.
  • A lot of NAS manufacturers also support mobile apps to access content. They'll also need certain ports to be forwarded so they can communicate with the NAS.

Why do you need to forward ports?

Ports are closed by default for security so that people can't simply hack through basic login pages and gain access into your network.

 

Put yourself in the network

This means using a VPN connection to put yourself inside your network without physically being there. This is a really good option if you don't want the world to have immediate access to any open port rules or if you need to share quite a lot with the outside world. Eg, remote desktop, samba shares, terminal server ect.

 What does a VPN actually do?

A PPTP VPN (when setup on a device to forward all traffic) will put your device as a part of the same subnet that the VPN server is running on. Eg if you have a VPN server setup internally to assign an IP in the range of 192.168.1.100-192.168.1.120, you'll be put in the network and be able to access the rest of the network as if you were running at home. Any traffic sent from your device will first go through the VPN server then out to the wide world.

 What's the downside of running a VPN server?

If you've setup the client to send all traffic through this VPN server, you'll be limited by the speed of the internet connection on the VPN server. Eg this is fine if you're like me and have 100/100 fibre however if you're stuck with 10/1 ADSL or similar, this might be a problem and you'll want to reconsider the entire concept of file sharing from home if you can't get a better internet speed. Hence why Dropbox/Google Drive are so popular.

What do you need to do this?

  • A VPN server. Yep, that's it.
  • More specifically, most routers these days support running their own PPTP VPN server. Some more advanced units are able to comply with more advanced VPN types that are much more secure however I'm not going to delve too much into that - chances are if you understand them, you don't need this guide.

Why do you need a VPN?

Once you've got the VPN running and you're inside the same network that the NAS is, you'll be able to access everything as if you were there. Samba shares through file explorer and similar will all act as if you were right there next to it.

But putting in my IP in the browser or as the VPN doesn't always work? It used to connect and now it doesn't??!?

This is because you've got what is known as a dynamic IP. What this means is that your IP is changed randomly, normally on reboot of your modem or based on a lease expiry time by your ISP. However this doesn't mean that you're doomed = enter dynamic DNS.

To understand how this works, you need to understand what a DNS is. DNS is a domain name server, it's where you translate a host name: google.com into an IP address that is used to route packets. You can't really go to your router and say Hey, I'm a packet and I want to go to google.com  - a DNS server is contacted by your PC or router (depending on the PC's DNS settings) and says Hey, I want to go to google.com, what is that IP address - Oh, that IP for google is xx.xx.xx.xx

A dynamic DNS works by having an account with a dynamic DNS provider like DYNDNS - you put your account credentials into your router and regularly the router will contact DYNDNS saying Hey, my account is ABC and my external IP is 123.

When you then access your external domain such as http://mydomain.dyndns.org, the device your on will lookup what the IP for that is through a DNS server and get back your current external IP.

You can use this dynamic DNS process for anything where you need your external IP such as VPN server or the remote file access via a web browser. You'll simply need to put a port number on the end: eg mydomain.dyndns.org:8080

Keep in mind that not all routers support DYNDNS however those that do normally also support their own VPN server and it's becoming more and more common these days.

 

Hopefully this helps clear a few things up. Keep in mind that you will be limited by the upload and download speeds of the internet where the server is.

Link to post
Share on other sites

Helpful to point out that you don't need dyndns on the router, and most routers support a very small amount of providers. You can run a client on your PC, and if you own your own domain or get a free one from freenom, you can configure dyndns with cloudflare and subdomains.


Comb it with a brick

Link to post
Share on other sites
5 hours ago, .:MARK:. said:

Helpful to point out that you don't need dyndns on the router, and most routers support a very small amount of providers. You can run a client on your PC, and if you own your own domain or get a free one from freenom, you can configure dyndns with cloudflare and subdomains.

This is a good option, but having it run on the router itself - if suitable - in my opinion is a better option, since the router is always connected, and can update the IP instantly. If your IP changes while your client PC is turned off, but say you're out on vacation and need to access some files, you won't be able to run home and turn the PC on. If you're running it on a PC that is never shut off, for example, a server, then that might work, but I personally tend to favour letting the Router handle it.


For Sale (lots of stuff):

Spoiler

[FS] [CAD] Various things

 

 

* Intel i7-4770K * ASRock Z97 Anniversary * 16GB RAM * 750w Seasonic Modular PSU *

* Crucial M4 128GB SSD (Primary) * Hitachi 500GB HDD (Secondary) *

* Gigabyte HD 7950 WF3 * SATA Blu-Ray Writer * Logitech g710+ * Windows 10 Pro x64 *

 

Link to post
Share on other sites

Just a note on PPTP VPNs, they're not really secure. The MS-CHAPv2 protocol that they very frequently use for authentication is no longer secure and even Microsoft themselves recommends the use of a different VPN protocol. While PPTP may be fine for normal, everyday, home use, if you need to access confidential or sensitive data please do not use PPTP. Your best option would be to use OpenVPN or L2TP/IPsec as they are far more secure than PPTP.


15" MBP TB

Serenity: Intel 4960x | ASUS X79-E WS | ASUS DCUII 770 | Corsair 750D || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

What Drive Should You Get?

Have a question? Please, don't hesitate to ask me over PM or on Twitter @Bladeof_Grass

Link to post
Share on other sites
4 hours ago, dalekphalm said:

This is a good option, but having it run on the router itself - if suitable - in my opinion is a better option, since the router is always connected, and can update the IP instantly. If your IP changes while your client PC is turned off, but say you're out on vacation and need to access some files, you won't be able to run home and turn the PC on. If you're running it on a PC that is never shut off, for example, a server, then that might work, but I personally tend to favour letting the Router handle it.

Totally agree, I was saying for those that can't do it on the router or don't want to use stupid services like no-ip. Where no-ip or dyndns is usually the only options.


Comb it with a brick

Link to post
Share on other sites

While I agree with @Blade of Grass that PPTP is insecure, in this instance it's the perfect protocol. It's extremely easy to setup, it has very little overhead, and is supported by basically every OS/device out there. I have both PPTP and L2TP setup on my home router, but I use PPTP more often than L2TP simply because it's faster and I don't need security. A good example of when you want to use PPTP over OpenVPN/L2TP is streaming content. If I connect to a PPTP VPN I can stream Netflix in HD just fine but I'm limited to SD over L2TP (even if the latency is nearly the same). I tried about half a dozen different VPN servers (both with PPTP and L2TP installed, some even in the same state) and there was absolutely no way for me to stream Netflix in HD. Now of course this is just an example, but imagine if you want to stream your 1080p home movies off your NAS while you're at your grandparent's house? Stick with PPTP unless you don't trust their network.


All aboard the Floatplane!

 

Gaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Flare X 32GB (16GBx2) | NVIDIA GTX 1080 8GB FE | Fractal Design Node 202 | Samsung 860 EVO 1TB M.2 SSD

Streaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Aegis X 8GB (4GBx2) | ASRock Phantom Gaming Radeon RX 550 | Fractal Design Node 202 | Mushkin Enhanced Source 500GB M.2 SSD

 

Daily Driver: ODroid H2 | Intel Celeron J4105 | G.SKILL Ripjaws 16GB (8GBx2) | HardKernel Type 2 Case | Intel SSD 600p 128GB NVMe SSD

Link to post
Share on other sites

One thing to also note, if you use a service like DynDNS or No-IP to setup a DNS address to your home IP you should triple check that your router doesn't allow remote access by default, this can allow some really bad stuff even if you don't use the default login and password.


All aboard the Floatplane!

 

Gaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Flare X 32GB (16GBx2) | NVIDIA GTX 1080 8GB FE | Fractal Design Node 202 | Samsung 860 EVO 1TB M.2 SSD

Streaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Aegis X 8GB (4GBx2) | ASRock Phantom Gaming Radeon RX 550 | Fractal Design Node 202 | Mushkin Enhanced Source 500GB M.2 SSD

 

Daily Driver: ODroid H2 | Intel Celeron J4105 | G.SKILL Ripjaws 16GB (8GBx2) | HardKernel Type 2 Case | Intel SSD 600p 128GB NVMe SSD

Link to post
Share on other sites
On April 7, 2016 at 10:33 PM, KuJoe said:

One thing to also note, if you use a service like DynDNS or No-IP to setup a DNS address to your home IP you should triple check that your router doesn't allow remote access by default, this can allow some really bad stuff even if you don't use the default login and password.

This is true regardless of whether or not you have a domain name pointed to your router. The people who try to hack into open routers are usually just using a script, possibly in a botnet, to scan thousands of IPs per second.


Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to post
Share on other sites
11 minutes ago, brwainer said:

This is true regardless of whether or not you have a domain name pointed to your router. The people who try to hack into open routers are usually just using a script, possibly in a botnet, to scan thousands of IPs per second.

This is very true, I just figured if people are setting up a DNS they might be sharing the DNS with friends/family so it's more likely to be targeted compared to random scans.


All aboard the Floatplane!

 

Gaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Flare X 32GB (16GBx2) | NVIDIA GTX 1080 8GB FE | Fractal Design Node 202 | Samsung 860 EVO 1TB M.2 SSD

Streaming PC: AMD Ryzen 7 1700 | AMD Wraith Stealth | ASRock Fatal1ty AB350 Gaming-ITX/ac | G.Skill Aegis X 8GB (4GBx2) | ASRock Phantom Gaming Radeon RX 550 | Fractal Design Node 202 | Mushkin Enhanced Source 500GB M.2 SSD

 

Daily Driver: ODroid H2 | Intel Celeron J4105 | G.SKILL Ripjaws 16GB (8GBx2) | HardKernel Type 2 Case | Intel SSD 600p 128GB NVMe SSD

Link to post
Share on other sites

Random side note: I actually do something kind of different with this. If I want internal access to my network, which is primarially composed of Linux machines, I'll SSH into my host machine and access my network through there. This involves you setting up openSSH servers on each machine (which is .. really not hard to do) and probably isn't as simple as what the OP has here, but it's what I do. To access files, I'll use SFTP, which is fairly safe. All of my data is stored on a single machine (the machine I connect to), so I don't suffer many problems. It's just a faster option if you're using Linux.

 

It's my way of being lazy around setting up an OpenVPN server, honestly. >.> Plus, I use a VPN to elsewhere when I'm out and about.

Link to post
Share on other sites
On 15/05/2016 at 4:38 AM, Lildirt said:

Random side note: I actually do something kind of different with this. If I want internal access to my network, which is primarially composed of Linux machines, I'll SSH into my host machine and access my network through there. This involves you setting up openSSH servers on each machine (which is .. really not hard to do) and probably isn't as simple as what the OP has here, but it's what I do. To access files, I'll use SFTP, which is fairly safe. All of my data is stored on a single machine (the machine I connect to), so I don't suffer many problems. It's just a faster option if you're using Linux.

 

It's my way of being lazy around setting up an OpenVPN server, honestly. >.> Plus, I use a VPN to elsewhere when I'm out and about.

SFTP is great, but natively, the throughput of OpenSSH is slow.


Comb it with a brick

Link to post
Share on other sites
On 5/14/2016 at 10:38 PM, Lildirt said:

Random side note: I actually do something kind of different with this. If I want internal access to my network, which is primarially composed of Linux machines, I'll SSH into my host machine and access my network through there. This involves you setting up openSSH servers on each machine (which is .. really not hard to do) and probably isn't as simple as what the OP has here, but it's what I do. To access files, I'll use SFTP, which is fairly safe. All of my data is stored on a single machine (the machine I connect to), so I don't suffer many problems. It's just a faster option if you're using Linux.

 

It's my way of being lazy around setting up an OpenVPN server, honestly. >.> Plus, I use a VPN to elsewhere when I'm out and about.

So that I understand, you use key pairs for the ssh connection and supply the port for directing your router to whichever linux server you wish to access? and you also supply either  the WAN (routers external) IP or use a DNS in the ssh connection string?

Link to post
Share on other sites

hi guys newbie here. so new and such a noob that i have spent many house following many so called guides on manufacturer websites and got nowhere close to being able to set up a ftp server.

 

My goal at the end is this: To be able to setup my d link sharecenter as a ftp server and be able to have myself and a cousin access it over the internet. So far all i managed to do the first time around was to have my nas disappear from my network devices list and get it back somehow. Now the second time around after buying a Nighthawk x6 i changed some setting for the router and the sharecenter, forwarded some ports and created some Dynamic DDNS via some free account in the netgear  UI. Apparently i did it over here but had trouble verifying it in my sharecenter UI.

 

It says in my sharecenter UI that i have a FTP server running. I have no idea what that even means. I have no clue how to access it. It gives me some IP address there which is different from the IP my router says which is my sharecenter then there is the IP address which the DDNS IP address which is god knows used for what.

 

So i understand that i am very far away. Maybe you guys can get me closer. Or maybe in the correct direction with a noob friendly + idiot proof youtube guy/video or online guide.

 

Appreciate all the help i can get

IMG_20161230_053238.jpg

Link to post
Share on other sites

Since this is a sticky, and there seems to be a general difficulty when setting up OpenVPN servers (as some have said, don't use PPTP), take a look on this free OpenVPN management panel: https://pritunl.com/

 

It's free, really easy to setup and supports, 2-factor authentication, tons of configurations, everything handled from the web GUI.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×