Hi, I’ll preface this by saying I don’t know what I’m talking about.
I’ve got a Synology DS220j with a 500GB Seagate HDD which I am using to make a video system. I’m using Jellyfin and I want this to behave as my own private Netflix alternative.
I’ve made some progress by just googling around - the NAS hosts the Jellyfin webpage which is accessible through a wired connection on my network (not accessible from my phone, don’t know why, not bothered). I want to make it accessible from outside of the network to me and anyone else that I approve. I’m aware that portforwarding is a security risk, so apparently I can use a self-hosted VPN. My question is, how does this work? What does a piece of software such as OpenVPN literally do - how does it change the way that my devices communicate?
My current understanding is as follows (please correct me if I’m wrong): if I get OpenVPN up and running on my NAS, I can connect my phone to it, and then when my phone wants to communicate on the internet, it sends traffic to my NAS, and it tells my NAS what it wants it to do with that traffic. My NAS obeys and when it receives a response it sends it back to my phone. This also allows me to access my NAS from my phone since all the traffic is going through the NAS anyway. What I don’t understand is how this is any more secure than alternative - surely the only additional measure is that somebody would have to know my OpenVPN login in order to access my NAS, when they already have to know the DSM login to access it anyway?
Thanks for any help, and if I’m posting this in the wrong place please let me know.
(they stumble upon a DSM login page / Jellyfin login page) - an open invitation saying “come try and hack your way in, jackpot inside”
(they stumble upon an open port universally known to have an OpenVPN server behind) - standard protocol and code that has been tested to death to be free of loopholes, and protected with certificates and keys that are virtually impossible to forge - meaning only those you allow will ever get through. Better look elsewhere.
What you are talking about is one of the ways that VPNs work.
Security and convenience are opposites. And VPNs are primarily concerned with security. It’s not that VPNs are absolutely incapable of having vulnerabilities. However, the mainstream VPN protocols have undergone numerous audits, making them relatively more trustworthy.
So there’s greater risk of there being loopholes with the DSM login? Is it simply that OpenVPN is concerned primarily with security where DSM isn’t, therefore OpenVPN is more trustworthy?
I detected that you might have found your answer. If this is correct please change the flair to “Solved”. In new reddit the flair button looks like a gift tag.