WebVPN

WebVPN offers clientless VPN access to an organization's internal websites and web applications through a browser, without any need of additional client software.

General Management

In the sections below, the network administrator will know how to manage the WebVPN service and install certificates.

To set up WebVPN:

  1. Click Synology VPN on the left panel, and go to WebVPN.
  2. Select Enable WebVPN.
  3. Specify the settings below:
    • Custom WebVPN prefix: Enter a custom prefix for the VPN Plus web portal.
    • Self-owned domain name: Click Edit to configure the Domain Setting.
    • Self-owned domain name: Enter a registered domain name (e.g. vpn.company.com) to allow all its subdomains for WebVPN use:
      • You need to create a wildcard DNS record (e.g. *.vpn.company.com) on the DNS server. Incoming traffic to the domain and subdomains will be directed to the $_DSPRODUCTNAME_$ for WebVPN access.
      • Make sure the $_DSPRODUCTNAME_$ is suitable for handling traffic to the specified domain via WebVPN.
    • HTTPS port: Specify the port for WebVPN access over HTTPS.
    • Active licenses: See how many active licenses for the premium features are installed. To add licenses, go to License on the left panel.
    • Detect webpages with mixed contents: Detect if a webpage is identified by your browser to have mixed HTTP and HTTPS contents. Since WebVPN uses secured HTTPS connection, the webpage's HTTP contents may not display properly.
  4. Click Apply to finish the setup. A customized URL for the VPN Plus web portal will then appear for use.

Note:

To install a third-party certificate to the $_DSPRODUCTNAME_$:

The network administrator can purchase a wildcard certificate from a trusted third-party and install it to the $_DSPRODUCTNAME_$. After installation, all clients can smoothly access the WebVPN service without seeing browser alerts.

  1. Go to SRM Control Panel > Services > Certificate.
  2. Under the Action section, click Import certificate.
  3. Click Browse and provide the acquired private key and certificate.
  4. Click OK to finish the import.

To install the $_DSPRODUCTNAME_$ certificate to local devices:

If no trusted third-party certificate is available, the network administrator can create a self-signed certificate from the $_DSPRODUCTNAME_$, and install it to all client devices.

  1. Go to SRM Control Panel > Services > Certificate.
  2. Under the Action section, click Create certificate > Create self-signed certificate. Follow the wizard's instructions to create a certificate for the VPN Plus web portal.
  3. Under the Server certificate section, click Export certificate to download the self-signed certificate.
  4. Share this certificate with local users. Ask them to install it to their devices as instructed in the Usage Guide.

To manage WebVPN portals:

After WebVPN is enabled, the network administrator can manage this service and its portals. These portals can show up on the WebVPN page for easy access to websites.

  1. Click Synology VPN on the left panel, and go to WebVPN Portals.
  2. Manage WebVPN portals in ways below:
    • To add a portal: Click Add and specify relevant settings:
      • Show in default portals: Select to show this portal as a default portal to designated users.
      • Customize portal alias: Select to customize an alias for this portal for identification.
    • To edit a portal: Select a portal and click Edit to make relevant changes.
    • To remove a portal: Select a portal and click Remove.

To manage the address bar privilege:

The address bar is a convenient tool that allows normal users to visit websites not listed as portals. The network administrator can determine whether it is open to access from all/specific users and groups.

  1. Click Synology VPN on the left panel, and go to WebVPN Portals.
  2. Click Settings.
  3. To allow users access to the address bar, select Allow users to connect to web resources via the address bar.
  4. Specify which users/groups are allowed to use the address bar.
  5. Click OK.
  6. The address bar will appear to allowed users/groups when they use WebVPN.

Note:

To customize text replacement rules:

You can set up custom rules to replace specified texts by another ones. This helps to prevent incorrect display of some items on the visited websites.

  1. Click Synology VPN on the left panel, and go to WebVPN Portals.
  2. Click Custom Rule.
  3. Follow the steps below to customize text replacement rules:
    • To add a custom rule:
      1. Fill in the fields above Source Text and Destination Text respectively.
        Note: Any texts you put in the source text field will be replaced by the content in the destination text field.
      2. Click "+" to the right of the fields you just filled in.
    • To edit a custom rule:
      1. Double-click on the source text or destination text of any existing rule to edit the content.
      2. Press Enter when you finish the modification.
    • To delete a custom rule, click on the "X" to the right of such rule.
  4. When the setting is complete, click OK to save changes.

Note:

Usage Guide

In the sections below, you will know how to use the WebVPN service to reach websites and set up your favorite portals.

To connect to WebVPN:

  1. Acquire the URL for the VPN Plus web portal from the network administrator.
  2. Enter the URL in the URL bar of your web browser.
  3. Press Enter to connect to the VPN Plus web portal, and log in with your user credentials.

To manage personal WebVPN portals:

WebVPN portals are quick entries to specific websites. You can manage your personal portals in ways below:

  1. After you log in to the VPN Plus web portal, click WebVPN on the left panel.
  2. On the main page, you will find the sections:
  3. Use and manage your personal WebVPN portals in ways below:

Note:

To install a certificate to your device:

If no trusted third-party certificate is available on VPN Plus Server, you can download and install a self-signed certificate on your computer to avoid repeated browser alerts.

  1. Go to the VPN Plus web portal.
  2. Click the person icon on the top-right corner.
  3. Click Configurations.
  4. In the pop-up window, click Download to download the ca.crt certificate to your computer.

Follow the steps to install the certificate according to the computer platform.

For Windows

  1. Double-click the ca.crt file on your computer.
  2. Click Open > Install Certificate... > Next.
  3. Select Place all certificates in the following store.
  4. Click Browse and choose Trusted Root Certification Authorities.
  5. Click OK and follow the wizard's instructions to finish installation.
  6. Reopen the browser to make the certificate take effect.

For Mac

  1. Double-click the ca.crt file on your computer.
  2. Select System for Keychain, and click Add.
  3. Enter the user credentials and click Modify Keychain.
  4. Open Keychain Access on your Mac computer.
  5. On the left panel, select System under Keychains and then select Certificates under Category.
  6. Find and double-click the certificate.
  7. In the pop-up window, click Trust, and select Always Trust for When using this certificate.
  8. Close the pop-up and follow the instructions to finish installation.