I'm new to Qnap and my device isn't setup yet. I was just doing some research and came upon a video claiming that going through my NAS for a VPN tunnel to my network may perform better than through my router. That surprised me, though perhaps it shouldn't.
I have a TP-Link Omada ER605 router and a Qnap TS-453D-4G NAS. THE NAS will have m.2 ssd cache and at least 8gb of RAM.
Any words of wisdom on what would provide the best VPN. Going through the NAS just seemed like an extra step, but perhaps not.
VPN Question
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: VPN Question
Never(!) put the VPN at the NAS (...deleted by order...)!
The router is the edge device to internet and this is the place to establish a VPN server.
There are ***may be*** some routers, which are slower with VPN setup than a NAS, but in that case consider to replace the router with a newer model, having more performance (read specs).
For security reasons, and that is exactly why VPN is recommened for accessing from outside, the VPN at NAS is not an good idea.
Use a dedicated host behind router for VPN (i.e. a raspberry Pi), if router does not meet the expectations and you cant replace it. "Best VPN" is also a very soft requirement. Is IPsec better than OpenVPN? Is Wireguard better than ...?
This depends to individual skills and expectations.
Wireguard i.e. is one of the fastest (or even the fasted) protocols I know for VPN, but at client site is does not provide an additonal layer of security. If someone can take and unlock your client, he is able to connect to your home LAN when running the Wireguard app from the client. IPsec requires an addional password for the connection. May be a weak argument, because you **can** setup an IPsec connection with a stored password too.
Regards
The router is the edge device to internet and this is the place to establish a VPN server.
There are ***may be*** some routers, which are slower with VPN setup than a NAS, but in that case consider to replace the router with a newer model, having more performance (read specs).
For security reasons, and that is exactly why VPN is recommened for accessing from outside, the VPN at NAS is not an good idea.
Use a dedicated host behind router for VPN (i.e. a raspberry Pi), if router does not meet the expectations and you cant replace it. "Best VPN" is also a very soft requirement. Is IPsec better than OpenVPN? Is Wireguard better than ...?
This depends to individual skills and expectations.
Wireguard i.e. is one of the fastest (or even the fasted) protocols I know for VPN, but at client site is does not provide an additonal layer of security. If someone can take and unlock your client, he is able to connect to your home LAN when running the Wireguard app from the client. IPsec requires an addional password for the connection. May be a weak argument, because you **can** setup an IPsec connection with a stored password too.
Regards
Last edited by FSC830 on Tue Nov 29, 2022 4:08 pm, edited 1 time in total.
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Experience counts
- Posts: 1791
- Joined: Tue May 29, 2018 3:02 am
- Location: Ottawa, Ontario, Canada
Re: VPN Question
Delete " if you can avoid it!"
- as mentioned, a VPN does not belong on the.NAS, it is the wrong device. Running it on your router gives you full access to all devices on the network, not just the NAS.
- qnap secure cannot be trusted?
- router is #1 choice, second is a raspberry pi (or similar) for $40 to run your VPN. 1000% better than using QVPN
QNAP TS-563-16G 5x10TB Seagate Ironwolf HDD Raid-5 NIC: 2x1GB 1x10GbE
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
QNAP TS-231P-US 2x18TB Seagate Exos HDD Raid-1
[Deadbolt and General Ransomware Detection, Prevention, Recovery & MORE]
-
- Experience counts
- Posts: 2043
- Joined: Thu Mar 03, 2016 1:11 am
Re: VPN Question
Better now?dosborne wrote: ↑Tue Nov 29, 2022 11:46 amDelete " if you can avoid it!"
- as mentioned, a VPN does not belong on the.NAS, it is the wrong device. Running it on your router gives you full access to all devices on the network, not just the NAS.
- qnap secure cannot be trusted?
- router is #1 choice, second is a raspberry pi (or similar) for $40 to run your VPN. 1000% better than using QVPN
A raid is never a substitute for backup! Never!
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
Deadbolt - READ 1st post!!!
Deadbolt - information
Deadbolt - find your OP_RETURN!
VPN=VPN? No!
How to clean up your NAS after malware attack
www.raidisnotabackup.com
-
- Starting out
- Posts: 22
- Joined: Mon Nov 28, 2022 2:56 pm
Re: VPN Question
Thanks for the confirmation. I was very surprised to hear the recommendation in the first place. The only thing that gave it any credibility was the idea that it would provide greater performance with the VPN encryption and since there was an AP for that on the NAS, I questioned my instincts, but it certainly seemed like putting the lock on the wrong side of the door.