Recently we've acquired a QNAP TS-453A NAS system for storing our larger datasets. This does offer quite a few other nifty tricks though, such as the relatively easy configuration of a VPN. However it does take a few tricks to get this working properly in Windows 10. We will be using a L2TP/IPSec connection. There are other options in the QNAP VPN app: PPTP and OpenVPN. PPTP is considered insecure nowadays, while OpenVPN should be even more secure than L2TP/IPSec. However we did chose the latter because it is more easily supported by different kinds of devices.
Configuring your QNAP
- Open your Control Panel in your QNAP browser window, go to Applications and select VPN Server.
- Scroll down to the L2TP/IPSec Setting section and check the Enable L2TP/IPSec VPN Server checkbox.
- The default IP range settings should do for more environments.
- Set a Preshared key to your liking.
- Click Advanced and make sure to set Authentication to MS-CHAPv2.
Create the VPN connection
Onto Windows 10 then. It's actually quite easy to add a VPN connection in Windows 10, aside from 1 slightly more complicated change required in the Windows 10 registry.
- Open the Action Center (you can do this by just clicking on the right most icon in your task bar) and click the VPN icon.
- Click Add a VPN connection
- Set VPN provider to Windows (built-in).
- Choose a Connection name
- The Server name looks like .myqnapcloud.com. This does imply that you enabled MyQNAPCloud on your NAS though. You can always configure your own domain via DNS records, but this is out of scope for this guide.
- Set VPN type to L2TP/IPsec with pre-shared key and enter your Pre-shared key in the input field below.
- Finally fill in your User name and Password. This is your user account that you use to log in to your QNAP.
Editing your Windows 10 registry
And this is where the magic fails... If we want to use our brand new VPN connection and if our NAS is behind a NAT-enabled device (which I guess is the case for most SME's/home offices). Luckily, Microsoft has this knowledge base article to help us out.
- Press Windows+R, type regedit and press Enter.
- Find the HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent key.
- On the Edit menu, point to New, and then click DWORD (32-bit) Value.
- Type AssumeUDPEncapsulationContextOnSendRule, and then press Enter.
- Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
- In the Value Data box, type 2.
A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
- Click OK, close the registry editor and then reboot your system.
After all these steps you should be able to connect properly to your QNAP VPN server from your Windows 10 machine.