How to install Zerotier VPN on Synology NAS

Overview

The following article will showcase the steps how to install Zerotier VPN on Synology NAS. The procedure will be done step by step. The method we’ll be using to install, configure and deploy the VPN on the Synology is by running the Zerotier VPN using Docker, aka as a Docker container. This procedure will allow us to connect to our Synology more securely. The reason why we need Docker for this is because the DiskManager firmware from version 7 doesn’t allow apps to run as root anymore.

Zerotier have built a Docker version of their VPN client, which is great and this allows us to run Zerotier on our Synology with ease and to be able to connect to our Synology via VPN.

We’ll be following the steps from the Zerotier documentation.

What’s a Zerotier VPN?

Zerotier VPN(actually named Zerotier One) is a VPN solution with it’s protocol(they developed their own protocol) which runs on a P2P(peer-to-peer) and end-to-end encrypted endpoint connections. Zerotier combines VPN and SD-WAN technologies which enables easier network management and management of connected devices while trying to achieve as less latency as possible.

For and end user, on their client client devices, it requires only to install the Zerotier client and the rest is managed on the Zerotier dashboard. And that is we’ll be using to install Zerotier on Synology NAS. They provide a free tier plan where you can add uo to 50 client devices on one account.

Enable SSH access and prepare Synology for the Docker installation

NOTE - this process requires SSH root access, so be careful what commands you’re running and to minimize the errors - just copy and paste commands from the Zerotier documentation.

Log in to your Synology, navigate to the SSH settings from the Control panel and activate the SSH service:

install Zerotier VPN on Synology NAS

Once the service is activated, establish an SSH connection via terminal to your Synology and login(username and password should be the same as your main account you use when you login on the Synology web dashboard):

Once you logged in your Synology, switch to the root account, create a new script and make it executable. The commands are showcased bellow and also are provided in the Zerotier document:

sudo -i

echo -e '#!/bin/sh -e \\ninsmod /lib/modules/tun.ko' > /usr/local/etc/rc.d/tun.sh

chmod a+x /usr/local/etc/rc.d/tun.sh

/usr/local/etc/rc.d/tun.sh

ls /dev/net/tun
/dev/net/tun

install Zerotier VPN on Synology NAS

The command  “/usr/local/etc/rc.d/tun.sh” is required only to run it once. The commands we ran now are to create a new virtual TUN network interface that will be used for our VPN connection.

Install Docker on Synology

From the package center, search for docker and click on install.

install zerotier vpn on synology nas

After the docker installation, we need to return again to our Synology terminal and connect via SSH.

Install Zerotier Docker container on Synology

In the Synology terminal, run the following commands to install the Zerotier Docker container.

Create a directory for the Zerotier Docker container:

mkdir /var/lib/zerotier-one

Then deploy the Docker container with this command:

docker run -d \\
--name zt \\
--restart=always \\
--device=/dev/net/tun \\
--net=host \\
--cap-add=NET_ADMIN \\
--cap-add=SYS_ADMIN \\
-v /var/lib/zerotier-one:/var/lib/zerotier-one zerotier/zerotier-synology:latest

install Zerotier VPN on Synology NAS

You can double check if the Docker container is running properly with the following command and also you can see it in the Docker dashboard in Synology.

docker exec -it zt zerotier-cli status

install Zerotier VPN on Synology NAS

Add Synology on the Zerotier network and test the connection

Next step is to connect our Synology to our Zerotier network. We need to join our network and to do that, we need to the Network ID from the Zerotier dashboard.

And in the terminal again, run the following command with the network ID. This command will connect our Synology to our Zerotier network.

docker exec -it zt zerotier-cli join "zerotier-network-id-number"

After that command return to the Zerotier dashboard and allow Synology into the network so that it’ll be able to connect to the Zerotier network.

install zerotier vpn on synology nas

Test the connection outside of your network by trying to access the Synology address which Zerotier has provided or by a phone with the Zerotier VPN client and you should be able to access the Synology.

Summary

To summarize - we covered the steps how to install Zerotier VPN on Synology NAS. We installed Zerotier VPN with Docker on our Synology and have it running as Docker container. We also have added our Synology to our Zerotier network and that way enabled the VPN connection between our Synology, Zerotier network and other devices we have in Zerotier.

With this method, we can connect to our Synology more securely and have avoided exposing the Synology publicly with the benefit of easier management of our VPN network.

Thank you for your time…