Knowledge Center

WebVPN

WebVPN offers clientless VPN access to an organization's internal websites and web applications through a browser, without any need of additional client software.

General Management

In the sections below, the network administrator will know how to manage the WebVPN service and install certificates.

To set up WebVPN:

  1. Click Synology VPN on the left panel, and go to WebVPN.
  2. Select Enable WebVPN.
  3. Specify the settings below:
    • Custom WebVPN prefix: Enter a custom prefix for the VPN Plus web portal.
    • Self-owned domain name: Click Edit to configure the Domain Settings.
    • Self-owned domain name: Enter a registered domain name (e.g. vpn.company.com) to allow all its subdomains for WebVPN use:
      • You need to create a wildcard DNS record (e.g. *.vpn.company.com) on the DNS server. Incoming traffic to the domain and subdomains will be directed to the Synology Router for WebVPN access.
      • Make sure the Synology Router is suitable for handling traffic to the specified domain via WebVPN.
    • HTTPS port: Specify the port for WebVPN access over HTTPS.
    • Active licenses: See how many active licenses for the premium features are installed. To add licenses, go to License on the left panel.
    • Detect webpages with mixed contents: Detect if a webpage is identified by your browser to have mixed HTTP and HTTPS contents. Since WebVPN uses secured HTTPS connection, the webpage's HTTP contents may not display properly.
  4. Click Apply to finish the setup. A customized URL for the VPN Plus web portal will then appear for use.

Note:

  • To set up WebVPN using the Synology DDNS service, see this article.
  • Enabling Detect webpages with mixed contents will affect the general WebVPN speed.
  • To always properly display HTTP contents in a detected mixed-content webpage, you can add these contents as WebVPN portals.

To install a third-party certificate to the Synology Router:

The network administrator can purchase a wildcard certificate from a trusted third-party and install it to the Synology Router. After installation, all clients can smoothly access the WebVPN service without seeing browser alerts.

  1. Go to SRM Control Panel > Services > Certificate.
  2. Under the Action section, click Import certificate.
  3. Click Browse and provide the acquired private key and certificate.
  4. Click OK to finish the import.

To install the Synology Router certificate to local devices:

If no trusted third-party certificate is available, the network administrator can create a self-signed certificate from the Synology Router, and install it to all client devices.

  1. Go to SRM Control Panel > Services > Certificate.
  2. Under the Action section, click Create certificate > Create self-signed certificate. Follow the wizard's instructions to create a certificate for the VPN Plus web portal.
  3. Under the Server certificate section, click Export certificate to download the self-signed certificate.
  4. Share this certificate with local users. Ask them to install it to their devices as instructed in the Usage Guide.

To manage WebVPN portals:

After WebVPN is enabled, the network administrator can manage this service and its portals. These portals can show up on the WebVPN page for easy access to websites.

  1. Click Synology VPN on the left panel, and go to WebVPN Portals.
  2. Manage WebVPN portals in ways below:
    • To add a portal: Click Add and specify relevant settings:
      • Show in default portals: Select to show this portal as a default portal to designated users.
      • Customize portal alias: Select to customize an alias for this portal for identification.
    • To edit a portal: Select a portal and click Edit to make relevant changes.
    • To remove a portal: Select a portal and click Remove.

To manage the address bar privilege:

The address bar is a convenient tool that allows normal users to visit websites not listed as portals. The network administrator can determine whether it is open to access from all/specific users and groups.

  1. Click Synology VPN on the left panel, and go to WebVPN Portals.
  2. Click Settings.
  3. To allow users access to the address bar, select Allow users to connect to web resources via the address bar.
  4. Specify which users/groups are allowed to use the address bar.
  5. Click OK.
  6. The address bar will appear to allowed users/groups when they use WebVPN.

Note:

  • Through the address bar, allowed users/groups can reach all web resources behind this Synology Router. To avoid undesired access, check and modify the permission settings at Permission > Block List.

To customize text replacement rules:

You can set up custom rules to replace specified texts by another ones. This helps to prevent incorrect display of some items on the visited websites.

  1. Click Synology VPN on the left panel, and go to WebVPN Portals.
  2. Click Custom Rule.
  3. Follow the steps below to customize text replacement rules:
    • To add a custom rule:
      1. Fill in the fields above Source Text and Destination Text respectively.
        Note: Any texts you put in the source text field will be replaced by the content in the destination text field.
      2. Click "+" to the right of the fields you just filled in.
    • To edit a custom rule:
      1. Double-click on the source text or destination text of any existing rule to edit the content.
      2. Press Enter when you finish the modification.
    • To delete a custom rule, click on the "X" to the right of such rule.
  4. When the setting is complete, click OK to save changes.

Note:

  • The same source texts cannot be set in different rules.
  • Usability of WebVPN may be affected by this function. Please contact Synology Support Team when you encounter any issues.

Usage Guide

In the sections below, you will know how to use the WebVPN service to reach websites and set up your favorite portals.

To connect to WebVPN:

  1. Acquire the URL for the VPN Plus web portal from the network administrator.
  2. Enter the URL in the URL bar of your web browser.
  3. Press Enter to connect to the VPN Plus web portal, and log in with your user credentials.

To manage personal WebVPN portals:

WebVPN portals are quick entries to specific websites. You can manage your personal portals in ways below:

  1. After you log in to the VPN Plus web portal, click WebVPN on the left panel.
  2. On the main page, you will find the sections:
    • The address bar (optional): The address bar is available only to privileged users/groups, and allows them to access websites not listed as portals.
    • Default: Default portals are set by the network administrator for regular use, and cannot be deleted by normal users/groups.
    • Starred: Starred history entries are listed here for regular use.
    • History: Websites visited via WebVPN are listed here.
  3. Use and manage your personal WebVPN portals in ways below:
    • To access a listed website: Click the corresponding portal or the history entry.
    • To access an unlisted website: Enter the URL in the address bar and click Connect.
    • To remember a history entry: Click the star sign to add the website as a starred portal.
    • To delete a history entry: Click the cross sign.
    • To log out: Click the person icon on the top right corner.

Note:

  • WebVPN is particularly designed for remote access to an organization's internal websites and applications. This service also allows access to Internet websites, but elements in these websites may not be properly displayed due to their complex design. To ensure these websites' full functionality, we recommend other VPN services (e.g. Synology SSL VPN) for use.
  • When you reach a website via WebVPN, WebVPN may not allow you to access resources in a different domain/subdomain from the current website. You can add those domains/subdomains as default portals for resolution.

To install a certificate to your device:

If no trusted third-party certificate is available on VPN Plus Server, you can download and install a self-signed certificate on your computer to avoid repeated browser alerts.

  1. Go to the VPN Plus web portal.
  2. Click the person icon on the top-right corner.
  3. Click Configurations.
  4. In the pop-up window, click Download to download the ca.crt certificate to your computer.

Follow the steps to install the certificate according to the computer platform.

For Windows

  1. Double-click the ca.crt file on your computer.
  2. Click Open > Install Certificate... > Next.
  3. Select Place all certificates in the following store.
  4. Click Browse and choose Trusted Root Certification Authorities.
  5. Click OK and follow the wizard's instructions to finish installation.
  6. Reopen the browser to make the certificate take effect.

For Mac

  1. Double-click the ca.crt file on your computer.
  2. Select System for Keychain, and click Add.
  3. Enter the user credentials and click Modify Keychain.
  4. Open Keychain Access on your Mac computer.
  5. On the left panel, select System under Keychains and then select Certificates under Category.
  6. Find and double-click the certificate.
  7. In the pop-up window, click Trust, and select Always Trust for When using this certificate.
  8. Close the pop-up and follow the instructions to finish installation.
General Management
Usage Guide