How to set up a VPN on Synology NAS

If you use a Synology NAS (Network Attached Storage) to store important files, keeping it secure should be your top priority. One of the easiest ways to safeguard your NAS is to set up a VPN (Virtual Private Network), as it protects your data and makes remote access more secure.

In this guide, I’ll walk you through the step-by-step setup of Surfshark’s OpenVPN on your Synology NAS, so follow along.

Why set up a VPN on your Synology NAS?

Before we get into the setup process, let’s talk about why you should do it in the first place. Setting up a VPN on your NAS gives you multiple layers of protection:

• Encrypted connections that block cybercriminals. When you use a VPN, your internet traffic is encrypted. Without a decryption key, that data looks like gibberish. So, your files will be protected when you upload them to Synology, and if any unauthorized party tries to intercept, they won’t be able to read it;
• Protection against IP and DNS leaks. When your Synology connects to the internet, your IP (Internet Protocol) address tells websites where your NAS is located, and its DNS (Domain Name System) requests tell your internet provider services or domains your NAS is accessing. A reputable VPN hides all that by routing your NAS traffic and DNS lookups through a secure server;
• Added privacy for NAS-internet communication. Your NAS connects to the internet more than you might think — for backups, cloud sync, updates, and apps. A VPN encrypts that traffic, helping to keep your online activity more private.

How to set up Surfshark OpenVPN on a Synology NAS

For the setup, you’ll need your Surfshark account, an OpenVPN configuration file, and a few minutes in Synology’s settings.

Step 1 — Get your Surfshark VPN credentials

You can’t use your regular Surfshark account email and password for Synology VPN connections. It requires a special set of login credentials that you can generate with Surfshark specifically for OpenVPN.

Here’s how to get them:

1. Log in to your Surfshark account on the website.
2. Go to VPN > Manual setup > Router > OpenVPN.
3. Open the Credentials tab.
4. Click Generate credentials.
5. Keep the tab with the generated credentials open or save them — you’ll need them during the setup.

Step 2 — Download an OpenVPN server configuration file

Next, your NAS needs a configuration file. This file tells your NAS how to connect to a specific Surfshark server. It includes settings for encryption, protocols, and routing.

1. Open the Locations tab.
2. Pick the server location you want to use. If you’re unsure, choose the Fastest server or the Nearest country, as these options will provide you with the most optimal speeds.
3. Click the Download icon next to your chosen location.
4. Select Download UDP (UDP is recommended because it’s faster and usually more stable).
5. Save the .ovpn file on your computer.

Step 3 — Configure the OpenVPN client on Synology NAS

Now that you have your credentials and .ovpn file ready, it’s time to configure the VPN connection on your Synology NAS:

1. Log in to your Synology NAS and, depending on the version, navigate to Control Panel or Settings.
2. Select Network > Network Interface.
3. Click Create/Add > Create VPN profile/Create VPN.
4. Select OpenVPN > Next.
5. Fill in fields:

• Profile name: Surfshark;
• Username/Account: Surfshark service username you generated earlier;
• Password: Surfshark service password you generated earlier;
• Import .ovpn file/Import file(s): Upload the OpenVPN configuration file you downloaded in Step 2.

6. Click Next.
7. Check all available options and select Apply (Synology 6.2 NAS).
8. Select the created profile > Connect.

Your Synology NAS should now connect to Surfshark’s VPN network. If the connection was successful, the profile’s status will change to Connected.

Step 4 — Check if the VPN connection works correctly

It’s always a good idea to verify that everything is actually working. Here’s what you should check:

• Perform an IP leak test. On a computer connected to the same network as your NAS, go to an IP-checking website. If everything is working, the IP address location should match the Surfshark server’s location you chose;
• Run a DNS leak test. On a computer connected to the same network as your NAS, run a DNS leak test online. If the VPN is working properly, there should be no DNS leaks detected.

If both tests look good, your Synology NAS is now securely connected to Surfshark.

Additional tips and troubleshooting

If something doesn’t work right away or if you want to optimize your connection, these tips can help.

Choose the right VPN protocol

While Synology supports several protocols, I recommend using OpenVPN:

• It’s the most modern one out of the supported protocols;
• It provides the best combination of security and speed;
• It’s widely supported;
• It offers strong encryption;
• It works well on Synology.

Consider performance impacts

A VPN adds encryption, which means your NAS has to work a bit harder. Depending on how old your NAS model is, you might notice some slowdown. However, this is normal — not a sign of misconfiguration.

Here are some tips on how to manage that:

• Limit simultaneous connections. If you have multiple devices using the NAS at the same time, consider reducing the load by limiting heavy tasks while the VPN is active;
• Adjust the MTU (Maximum Transmission Unit). Sometimes the default MTU (packet size) can cause connection drops. You can try lowering it (e.g., from 1500 to 1472 or 1400) to improve stability.

Check the router, firewall, and required ports

OpenVPN needs access to its port to function properly. If your router or firewall is blocking traffic, the VPN won’t connect.

The typical OpenVPN port is UDP 1194.

Make sure this port isn’t blocked on your router or any firewall you’re using.

Use your Synology NAS with Surfshark effectively

Once your Synology NAS is connected to Surfshark’s network, you can enjoy several advantages. These aren’t just nice to have — they genuinely improve your privacy and safety:

• Encrypted file transfers — whenever your NAS syncs files or performs backups, the transfers are now protected from snooping;
• Protection against ISP (Internet Service Provider) monitoring — your internet provider can’t track what your NAS is doing when it’s connected to a VPN;
• Proper DNS routing to avoid leaks — Surfshark’s DNS leak protection ensures no unencrypted DNS requests leak outside the VPN tunnel.

Here are some maintenance tips to keep things running smoothly:

• Check DNS settings to make sure that all DNS requests are routed through the VPN server;
• Monitor active VPN connections to ensure your traffic remains encrypted;
• Keep firewall rules and ports updated, and if your router updates or changes settings, re-allow the necessary OpenVPN port if needed.

Final thoughts: a more secure Synology NAS experience

Using Surfshark with your Synology NAS is one of the simplest and most effective ways to increase your privacy and security. In just a few steps, your NAS traffic becomes private, secure, and shielded from snooping.

Protect your NAS and secure your remote access

With Surfshark’s fast, reliable VPN

Get Surfshark