Set up Synology L2TP IPSEC VPN for Windows

In this tutorial, IT Block assists you in setting up an L2TP over IPSec VPN access to your Synology NAS server and connect with your Windows Computer.

Set up Synology L2TP IPSEC VPN for Windows

L2TP over IPSec is a much more secure connection protocol, especially in comparison to PPTP.

Please note the prerequisites:

You require a static IP address for this to work. If you do not, a great workaround would be to set an account at no-ip.com. It is thus allowing you to more affordably point your L2TP over IPSec connection request to a hosted domain name that can follow the changes to your non-static IP, preserving the integrity of your remote connections. In all honesty, it is much less troublesome to get a static IP, but the much lower cost of using no-ip.com is also a significant factor to consider. It can also be helpful to have a router that is no-ip.com compatible.

Set up Synology L2TP IPSEC VPN for Windows

Step 1: Launch VPN server application in Synology DSM

Set up Synology L2TP IPSEC VPN for Windows

From your Synology DSM, run "Package Center" and search the 'VPN server' and install it. Once the installation is complete, run 'VPN server', and click on 'Overview' on the left-hand tab. In Overview, you see all of the VPN server options available, now let's focus on setting up your L2TP IPSEC VPN server.

Step 2: Set up and launch L2TP over IPSec VPN server in Synology DSM

Set up Synology L2TP IPSEC VPN for Windows

Set up Synology L2TP IPSEC VPN for Windows

To start, click on 'L2TP/IPSEC' on the left-hand column and click 'Enable L2TP/IPSEC VPN server' to initiate. You could keep the settings as is, but for security reasons, you might want to change the Dynamic IP address to something less conventional. Changing it from '10.0.0~' to '10.22.0~' is much more secure; the idea is to stay away from default settings. You are required to use a pre-shared key, which we recommend the use of alphanumerics, symbols and capitalize letters since this key is shared by all who are attempting to connect to your Synology VPN server.


You can leave the rest of the settings as is, make sure the authentication set to 'MS-CHAP v2'. You can also improve security by controlling the number of maximum connections with the same user account.


Click 'Apply'. You have now successfully launched an L2TP over IPSec VPN server in your Synology NAS! Do take note of the port numbers your Synology NAS has indicated you keep open, which are 1701, 4500 and 500. Now let's show you how to connect to your VPN with your Mac OS computer.


Step 3: Setting up your Windows computer and connecting to your Synology L2TP over IPSec VPN server

Set up Synology L2TP IPSEC VPN for Windows

Set up Synology L2TP IPSEC VPN for Windows

In the Windows search bar type 'VPN' and click on 'VPN settings' as shown in the image above.

Set up Synology L2TP IPSEC VPN for Windows

Next thing you would do is to click 'Add a VPN connection', this brings out a blue window where you input the required fields, enabling a direct connection to your L2TP over IPSec VPN server in your Synology NAS.


Reminder: The purpose of this tutorial is to allow connection to your already mapped drives. Which means if you did not have any drives mapped in the first place, the point of this tutorial is not relevant.


Refer to this tutorial if you have not done so: Easy way to connect to Synology NAS on Windows

Set up Synology L2TP IPSEC VPN for Windows

Once you see the blue window here, set the VPN provider to 'Windows (built-in)'. Connection name can be any name of your preference.

Server name or address has to be the exact static IP or domain name of your local environment—the same local environment where your NAS lives.


VPN type has to set to 'L2TP/IPsec with pre-shared key' for this to work. Do note, this is different than 'L2TP/IPsec with certificate'.

Enter your Pre-shared key and proceed to type in your Synology sign-in info. Your username and password are the very same you have set for yourself to access Synology NAS. Your L2TP over IPsec Synology VPN server uses the same credentials to authenticate your connection request.

Set up Synology L2TP IPSEC VPN for Windows

And finally, to connect to your Synology's L2TP over IPSec VPN server from your Windows computer, click on the 'WIFI' icon at the bottom left of your screen. In the case of an ethernet connection, you can also click on the same icon. And at the very top of the list of connections available, you see the Windows VPN icon.


Click on the name of the VPN connection you named earlier to reveal the 'connect' button. And click on it. If everything is working as it should, you are now able to open your NAS drives from virtually anywhere. Congratulations!


L2TP/IPsec Synology troubleshooting:


If you have set up two-factor authentication, you may have first to connect and authenticate there. After which you can attempt to connect.


If you are doing this on behalf of a large organization, and the connections are not stable, you may need to upgrade the RAM of your Synology NAS.



Thank you for reading 'Set up Synology L2TP IPSEC VPN for Windows' by IT Block. IT Block is an IT support services provider based in SIngapore and we love sharing our IT expertise and knowledge, in this case our Synology DSM knowledge with the world. #itblock #synology #l2tp #ipsec #vpn #server #dsm #IT #support #singapore #services

IT Support Knowledge

Singapore IT Company