How to Set Up Twingate on a Synology NAS

Install a connector on a Synology NAS device to enable remote access to your network

Synology NAS devices, despite their name (“network attached storage”) aren’t only for adding shared storage on a network. Synology NAS devices are actually servers that can provide a variety of different services beyond file sharing - and this includes hosting a Twingate connector!

Installing a Twingate connector on a Synology NAS allows you to make the Synology, and any other device on the same network (e.g. computers, webcams, network-connected printers), remotely accessible in a manner that’s more secure and easy than other options, like setting up a VPN server or port forwarding on a router.

Synology DiskStation and RackStation devices run on an operating system called Synology DiskStation Manager (DSM), which is based on Linux. Below is how to install and provision a connector on a Synology NAS.*

  1. If you do not have a Remote Network set up, you can add one on the Network page of the Twingate admin console.
  1. Add a new connector in the details page for the applicable Remote Network.

  2. Click Provision next to the new connector, authenticate, and a screen should pop up showing some connector installation commands. Keep this page open for future reference.

  3. While connected to the same network your Synology NAS is on, sign into the DSM web admin interface with a new browser tab or window. This is typically found at https://X.X.X.X:5001 by default (where X.X.X.X is the IP address of your NAS).

  4. Install Docker on your NAS (the connector runs as a Docker container):

    1. Open Package Center

    2. Search for “Docker”

    3. Locate the entry for Docker and click “Install” to start the Docker installation process. If Docker is already installed the button will say “Open”, in which case click "Open" and skip to step 7.

  5. Go to the DSM launcher (top left of screen) and open Docker.

  6. In the sidebar, click Registry and search for “Twingate”.

  7. Double click on “twingate/connector” (not on the blue icon next to it).

  8. In the Choose Tag box that appears, ensure “latest” is selected in the dropdown and click “Select”.

  1. In the sidebar, click Image.

  2. Double click on the entry for “twingate/connector:latest” (not the blue icon next to it), which will launch the Create Container wizard.

  3. You may give the container a new name or leave it as the default. We suggest giving the container the same name that’s given to it in the Twingate admin console.

  4. Click Advanced Settings, and fill out the fields as follows:

    1. Under the Advanced Settings tab, check Enable auto-restart

    2. Under the Environment tab, you will need to add three environmental variables. Click the “+” icon and enter the following variable and value pairs:

      1. TENANT_URL / <tenant url value>
      2. ACCESS_TOKEN / <access token value>
      3. REFRESH_TOKEN / <refresh token value>
    3. You can find the values above by going back to the browser tab in Step 3. Copy the relevant values in between the quote marks (not including those quote marks) and paste them into the appropriate “value” field in DSM. The access token and refresh token values are lengthy, so you will need to scroll to the right to select them completely. See the example below:

docker run -d
    --env TENANT_URL="https://yourorgname.twingate.com"
    --env ACCESS_TOKEN="VERYLONGSTRINGOFNUMBERSANDLETTERS123"
    --env REFRESH_TOKEN="VERYLONGSTRINGOFNUMBERSANDLETTERS123"
    --name "homenetworkinstance298"
    --restart=unless-stopped
    twingate/connector:latest
  1. Click Apply.

  2. Click Next.

  3. Ensure “Run this container after the wizard is finished” is ticked and then click Apply.

  4. In the sidebar, click Container.

  5. Ensure that the container is running. If it is not, click the on/off toggle on the right:

  1. To verify the connector is working, view the connector status in the applicable Remote Network page in your Twingate admin console. If its status is “Provisioned”, it’s working!

You can now access your NAS with a device that has a Twingate client installed and is signed into an account that is authorized to access the NAS. The NAS can be reached at the IP address you would use to access it when you are directly connected to the local network it’s on.

*Twingate connectors only currently work on Synology NAS units with x86 CPUs and do not currently support those with ARM-based CPUs.


Did this page help you?