Unfortunately, as of now, there is still no native integration of the WireGuard protocol for the Synology NAS series. However, it is possible to retrofit this feature.
WireGuard is a modern VPN protocol known for its simplicity and high performance. It was designed to be faster, simpler, and more streamlined than existing VPN solutions like IPSec and OpenVPN. WireGuard employs advanced cryptography and runs as a kernel module, meaning it operates directly within the operating system’s core, thus providing enhanced performance. Its design is so minimalist that the entire codebase is only a fraction of the size of other VPN protocols, facilitating security vulnerability checks. Additionally, WireGuard is distinguished by its straightforward configuration and management, making it a popular choice for private users and businesses seeking a secure and efficient VPN solution.
In my case, I want to integrate the Synology NAS into my Wireguard VPN network to enable backups and other functions through the VPN connection, without exposing the Synology to external risks.
Requirements:
- SSH access to the Synology NAS
- Client configuration (.conf file)
Create/Install and Start a WireGuard System Extension as an SPK
The first step is to create an SPK application that contains the actual WireGuard module, thereby retrofitting it onto the DSM system.
- Create the folder „/volume1/docker/synowirespk72“ or change it accordingly in the Shell Command.
- Adjust parameters: <NAS-Architecture>: The corresponding architecture can be found on the Synology website: https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have DSM_VER: Please select according to the installed DSM version.
- Run SPK Build Command:
„sudo docker run –rm –privileged –env PACKAGE_ARCH=<NAS-Architecture> –env DSM_VER=7.2 -v /volume1/docker/synowirespk72:/result_spk blackvoidclub/synobuild72“
This process takes some time! - Install the generated SPK Package (not the ‚*_debug.spk‘) manually via the DSM Web interface (Try not to run directly) 5. Synology SSH: „sudo /var/packages/WireGuard/scripts/start“
Starting WireGuard as a Client
- Synology SSH: Create Config Directory „sudo mkdir /etc/wireguard“
- Copy your client-name.conf WireGuard configuration file as „wg0.conf“ into the /etc/wireguard directory
- Start WireGuard Synology SSH: wg-quick up wg0
Additional Commands:
- Start connection: wg-quick up wg0
- Stop connection: wg-quick down wg0
- Connection status: sudo wg show wg0
- Enable automatic system start: sudo wg-autostart enable wg0
- Disable automatic system start: sudo wg-autostart disable wg0