Separate local subnets on each locationĬonsidering that I am talking here about the VPN Plus Server solution it is clear that I will be focusing on Synology router products, as well their OS, Synology Router Manager (SRM).Public static IP address or a public FQDN name.Compatible site-to-site VPN router (it doesn't have to be Synology).What do I need to get this to work?Īs mentioned before there are certain prerequisites. This way you are minimizing attack vectors, and simplifying internal communication while increasing security. If it's not clear from the previous paragraph, you can use this setup in order to create a large local network over MAN/WAN layout so you do not have to expose each location to the Internet. Connect multiple points over a secure VPN tunnelĬommunication remains inside a site-to-site VPN "tunnel", so it is going over the Internet, but it is encrypted and all local subnets (more on this later), are talking to each other, well locally. By local here I mean that all services, devices, and apps, talk to each other by using their local IP addresses or their local domain names. Well, site-to-site VPN is a way to connect multiple sites (homes, business locations, etc), over the Internet but in such a way that the communication between sites remains "local". So what is a site-to-site VPN to begin with? When we talk about site-to-site VPN connections in the Synology eco-system, then you will have to have certain prerequisites in place in order to configure it. Now let's be clear, this is nothing groundbreaking new even in the Synology world, but it is also not so common unless you actually need it. Also, you have to allow access to those resources on your router in order to be able to access them in the first place, and that means, you are not the only one that can do that.īut what about when you have multiple locations that you want to have secure, remote access to but still have them configured in such a manner that the apps and services (including devices) are not exposed to the rest of the world?Įnter site-to-site VPN. The "problem" there is that you have to harden those services as best as possible or limit access if you want to increase security. There are ways that you can get to your data while you are away from your local network by publishing the services over revers proxy for example. How to get to my data safely over the Internet? Running your own services, or storing data but still being able to get to it all while away from your network is a common question. Nowadays, security is a top priority for almost everyone, especially businesses.
0 Comments
Leave a Reply. |