VPN server VS VPN service? Help me understand

Hi folks,
I’ve had a little difficulty researching this project I want to do, and I think a lot of my confusion comes from how VPN as a term is quite broad.

I want to do two different things with VPNs- one, to use the NAS as VPN server to allow me to connect to my services remotely without exposing multiple ports. There’s a bunch of stuff I would want to do- access portainer, access game servers, access all my docker images, and as I understand it, a VPN is the best way to limit that access to a single secure port. Got it- need to configure a VPN server locally.

At the same time, I need to use my VPN service! For maintaining torrents, moving regions, and generally for securing external traffic. My service of choice is express VPN after how great they worked from behind the Chinese firewall.

I can’t be the first person to stumble into this-how does it work? How can I utilize a VPN server to allow for secure remote access coming in to the drive, while also using a VPN service for outgoing traffic?

Can I configure both at the same time? Do I need to connect to the VPN service when trying to remote in to my home VPN? Am I missing something because I’m confused? Is this what reverse proxies are for? If I’m on the VPN service, and also have a VPN server configured, am I exposing my network to anyone on the VPN service?

Interested in hearing how other people get through this problem and what that setup looks like.

you need two vpns. one hosted by you at home and one hosted by some other company that you can use for torrents.

The VPN server part is simple enough. This can live on your router (if supported) or on your NAS, with an incoming VPN port exposed through your router.

For VPN client (obfuscating traffic from your ISP), you have a few options. 1) if your router has a VPN client config, you can set it up with your paid VPN service. 2) use a docker image that supports torrents and has a built in VPN client (for example, GitHub - haugene/docker-transmission-openvpn: Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel). The benefit here is that you don’t expose your NAS to the public internet, only the docker container. Also, many of these containers have a built in Privoxy server, allowing you to route any other NAS traffic through that VPN tunnel, so you only need that single VPN client running.

Option 3) Run a VPN client on your NAS. Don’t do this. :slight_smile:

u/BretG57 is correct. a little more expansion on that is:

if you want to connect to your stuff at home via your synology nas, you’ll need to get one of the software packages and set up your private vpn. there’s a lot more detail that goes into setting that up but you can find some info here:

setting up a vpn on your synology nas

if you want your synology nas to use a vpn service provided by another company, in your case express vpn, that would be in the networking setup of the synology nas:

connect your synology nas to a vpn server

that’s just some of the basics. it all depends on what your needs are.

You only need external VPN with Port forwarding service and configure your Nas or router to connect to internet thru it, even better if yours ISP put you behind a pool of shared volatile IPs.

This VPN service it’s more expensive but it’s the way infosec suggest.

In the cheap you can setup a VPN host and ddns and open just the port for vpn server at the router, your isp should provide unique non volatile IP this vpn I to reach your network from outside, you also need to install another torrent client than dsget as Transmission to safely download torrent w/o expositon (no need to change VPN cliente if you put all your network behind VPN with Port forwarding.

If you setup vpn with Port forwarding everything should be at your router to be safe, it maybe done at Nas but it’s requires experience to doit properly not just tutorials.

While I’m connected to the VPN client, how will I access my VPN server? Will all my remote traffic go through the client (expressVPN) first? This seems unnecessary.

Won’t the address of the server to connect to constantly be changing based on if the client VPN is running or not?