Skip to main content
Version: TOS 7

VPN Server

VPN Server offers an easy-to-use VPN solution, enabling you to configure a TNAS device as a VPN server. This setup allows remote devices to securely connect to TNAS through a private channel, ensuring secure data communication. Multiple connected devices form an interconnected local network. TerraMaster VPN Server supports PPTP, OpenVPN, and L2TP/IPSec protocols to meet diverse business needs.

For detailed instructions on using VPN Server, please refer to How to use VPN Server?

Overview Module

The Overview module provides a summary of the VPN Server application's activation status. Here, you can monitor the status of PPTP, OpenVPN, and L2TP/IPSec for VPN Server, including whether the VPN service is enabled, the dynamically assigned IP address of the VPN server, the number of connected clients, and network throughput.

PPTP

PPTP establishes secure encrypted tunnels over TCP/IP networks to protect data privacy and confidentiality during transmission.

Starting the PPTP VPN Server

  1. Open "VPN Server" and navigate to PPTP in the left panel.
  2. Check the "Enable PPTP VPN Server" box.
  3. Specify the virtual IP address for the VPN server in the "Static IP Address" field, along with the IP pool size and port number.
  4. Choose a VPN client-to-server authentication method from the "User Authentication" dropdown menu:
    • PAP: Authentication without encryption.
    • MS-CHAP v2: Authentication using Microsoft CHAP v2 protocol.
  5. Select a "Data Encryption" method.
  6. Set the MTU (Maximum Transmission Unit) to limit data packet size transmitted over the VPN.
  7. Optionally enable "Use Manual DNS" and specify the DNS server's IP address. If not enabled, TNAS's current DNS server will be used.
  8. Click "Apply" to save the PPTP VPN server settings.
Note
  1. Ensure VPN client authentication and encryption settings match those of the VPN Server to establish a successful connection.
  2. Default MTU value is 1300 for compatibility with common PPTP clients (Windows, Mac OS, iOS, Android). Adjust MTU for complex network environments or unstable connections.
  3. Verify TCP port 1723 is open on TNAS and your router via port forwarding rules and firewall settings.
  4. Disable any built-in PPTP VPN services on routers using TCP port 1723 to avoid conflicts. Ensure routers support VPN pass-through, as older models may block the GRE protocol (IP protocol 47), causing VPN connection issues.
  5. If clients connect successfully but cannot access VPN Server's local network resources, verify LAN gateway and DNS server settings in Control Panel > Network Settings > Network Interface.

OpenVPN

OpenVPN is an open-source virtual private network (VPN) tool that utilizes industry-standard SSL/TLS protocols to establish secure network extensions at OSI layer 2 or 3.

Starting the OpenVPN Server

  1. Open "VPN Server" and navigate to the OpenVPN section in the left panel.
  2. Check the "Enable OpenVPN Server" box.
  3. Specify the static IP pool range, including "Static IP Pool Start" and "IP Pool Size."
  4. Set the "Port" to designate the VPN server's port number (default OpenVPN port is 1194).
  5. Configure the "Protocol" by selecting the VPN communication protocol.
  6. Choose the "User Authentication" method for VPN client authentication with the server.
  7. Enable VPN Compression by checking the corresponding box if you wish to compress data during transmission, improving speed at the expense of system resources.
  8. Check "Allow Clients to Access Server's LAN" to grant clients access to the server's network.
  9. Click "Apply" to finalize the OpenVPN server configuration.
Note
  1. Ensure TCP/UDP port 1194 is open on both TNAS and your router by configuring port forwarding rules and firewall settings.
  2. On Windows systems running OpenVPN GUI with User Account Control (UAC) enabled, use "Run as administrator" to allow OpenVPN GUI to establish connections.
  3. If clients connect successfully but cannot access VPN Server's local network resources, verify LAN gateway and DNS server settings in Control Panel > Network Settings > Network Interface.

L2TP/IPSec

L2TP/IPSec combines two commonly used technologies in virtual private networks (VPNs), ensuring high data transmission security during network communication.

Starting the L2TP/IPSec VPN Server

  1. Open "VPN Server" and navigate to the L2TP/IPSec section in the left panel.
  2. Check the box labeled "Enable L2TP/IPSec VPN Server."
  3. Specify the static IP pool range, including "Static IP Pool Start" and "IP Pool Size."
  4. Configure the "User Authentication" method to determine how VPN clients authenticate with the server.
  5. Set the MTU (Maximum Transmission Unit) to limit the size of data packets transmitted via the VPN.
  6. Optionally, enable "Use Manual DNS" and enter the IP address of the DNS server. If disabled, TNAS's current DNS server will be used.
  7. Set the "Pre-Shared Key" and confirm the pre-shared secret.
  8. Click "Apply" to finalize the L2TP/IPSec VPN server configuration.

Settings

Administration Settings

This page allows you to manage the network interface used for VPN connections and configure automatic blocking to prevent unauthorized VPN login attempts.

  • Network Interface.
  • Account Type.
  • Enable Automatic Blocking: By activating automatic blocking, you can configure settings under "Settings" to specify the number of allowed failed login attempts within a defined period and the duration of subsequent blocking.

Displays a list of all connected devices, enabling users to manage them through the interface.

Permissions

Sets the network communication protocols allowed for the selected account to be used as a login credential on various clients.

Logs

Managing Logs

In the logs page, you can view logs for all server operations such as startup and shutdown, and you can also select specific tasks to view their logs. Additionally, you can configure the following settings for the logs:

  • Search: Search for events within the logs.
  • Refresh: Refresh the logs.
  • Export: Export the logs.
  • Delete: Delete logs; you can delete all logs or specific logs.
  • Settings: Configure the log retention policy. Logs that do not meet the policy will be automatically deleted.