and 3) have nothing to do with 1). If you want to do what you describe, 2) and 3) won’t help you.
You need 1). Now it depends on your equipment, and your willingness to learn and set it up yourself.
If you want it quick and secure, use Tailscale.
If your router has a build in VPN server, it is done simple and fast as well.
If you need to setup a server on your network yourself, you need to learn how to install it safely, and you need to admin it constantly. But you will learn the most from doing it yourself.
I use PiVPN/Wireguard on the same Pi that runs PiHole on my home network. It works perfectly, totally free and open source, and everything runs in-house so I’m 100% certain my data stays private.
TailScale is the way to go. I’ve set up Synology VPN with router NAT for myself and similar setups for clients in the past. But if it’s mostly just you connecting then nothing beats it’s simplicity and ability to connect from anywhere without any router, NAT, or firewall configs.
I run four different container instances of cloudflared that do various VPNish things. One instance gives me SSH access. Another allows remote access to my traefik reverse proxy. Yet another allows remote access to my private IP range as if I was local. It’s an amazing program.
Very much this - easy and weirdly fast connection, or efficient (compared to using Teamviewer or AnyDesk from my offhsore location to a land based computer or NAS)
Your options 2 and 3 are not for connecting to your NAS externally. Those are for connecting to the internet via a third party server (eg you want to access some website as though you’re in a different country).
To access NAS externally here are roughly the options:
Use QuickConnect from Synology
Use VPN - either installed from Synology, router, or another machine in your network.
You know the difference between a client and a server ?
In 2) and 3) you buy access to a VPN server operated by somebody else. These service providers usually offer a world wide network that allows to exit the VPN server structures in another country. This can be useful to get around geoblocking (somebody said „Netflix“ now … ?).
It means as well that traffic between you and the server is encrypted, your ISP will not know what you are using. And anybody tracking you will get the IP of the exit server where you enter the internet.
Downside: You can’t access your home network (With the DS) through it. And basically you entrust your security and confidentallity in an anonym provider maybe registered in a place like the Caymans. Try sue them ….
In case 1) you install and run your own VPN server. You install access on your devices as clients, with a key you have created yourself and nobody knows. You own the VPN network, don’t need to entrust access to anybody but yourself.
Downside: You can call home securely, but when going from there to the internet, it carries your regular home IP. And no avoidance of geoblocking.
Paid vpns are clients on your devices that connect to their server not yours. You want a vpn running on either your nas or router. I would suggest your router but depends on the limitations of your connecting devices
Sure - just comparing how responsive it is once connected ( on top of the ease of setup ). I’m very impressed how good the response is on screen in use over a slow, flaky internet connection.
If your talking about the synology menu then that is likely correct, I’ve never set it up on a synology before seemed to me you had to open or forward ports which i didnt want to do. But make sure that what ever mobile device your going to use also supports the same vpn. For example our router is a ubiquiti USG it only supports L2TP, only apple phones currently support L2TP Android removed this type.