Starlink and Synology NAS

How to Enable Inbound Remote Access

Learn how Agilicus AnyX can enable inbound remote access to environments with no public IP (Starlink, Mobile, etc), and how this can work ideally with a Synology NAS.

See a more general overview of the problem, and an FAQ. Or, learn more about how to use with Synology Surveillance Station with your cameras.

sat-nas

Overview

A common home or small office environment is a Synology NAS, and Starlink for Internet access. The only downside? If you are not at home, on your home network, you cannot access your files or access other services on the NAS (or through it). Or can you?

In Starlink Port Forwarding we discussed how Carrier-Grade NAT (CGNAT) works, and how Agilicus AnyX can be used to connect through the Starlink into an internal environment, even though there is no public IP.

In this article we describe how a user setup their Starlink and Synology with Agilicus AnyX, achieving anywhere secure access, from any device, despite the CGNAT limitation. They can access their files from anywhere, including their home surveillance video through Starlink and Synology NAS.

Starlink and Synology NAS

Data Flow

The high-level data flow is shown at the right. A managed SaaS system (Agilicus AnyX) acts as the intermediary. A program installed on the Synology (Agilicus Connector) makes an outbound connection, thus overcoming the limitation of the NAT.

User-based authentication via Single-Sign-On and End-To-End Encryption round out the feature set of getting the User to their Data without caring about the network.

SSH Animated Data Flow

The Setup: Starlink and Synology NAS

The setup is super simple. Its all self-served.You can view the pricing and Signup and try along. The high-level steps to configure Starlink and Synology NAS are:

user-signup-icon
Signup. Create your Account
The signup process asks you what you want to call your account. You then have the option of using your own domain-name (so your share and web-applications will be something like https://my-app.mydomain), or one of ours. The Signup process is very simple, detailed instructions are here.
install-download
Install. Install the Connector on the Synology
In the Agilicus Admin UI, create a Connector. Give it a name (e.g. my-nas). It will give you a command line to paste into the Synology. You are now done. For more information see the Synology Connector Install instructions.
settings
Configure. Create a Share
At its heart the Synology is a file server. So naturally the first thing to try is a Share. Detailed instructions here. You will be able to use this share via a web interface (Profile), or mount it directly on your desktop (the S: drive).
settings
Configure. Create a Web Application
The Synology has a web interface. Create a web application in Agilicus Admin interface, referencing ‘127.0.0.1’ as the ‘upstream host’ and port 5000 (this is the internal port of the synology for admin). This will proxy you, after proving your identity, to the Synology NAS. From anywhere.
compass
Explore
Open https://profile.MYDOMAIN, sign in. Try your share. Try the admin interface of the Synology. Now, do this from a network that is not at your home (e.g. LTE, a Cafe). Observe it works without regard to where you are. No VPN.
Feel free to try additional services, e.g. a VNC or RDP remote desktop to your Mac, Linux, Windows machine. Connect to your home Building Management System. SSH to the synology (web or command line) from remote, whatever works for you.

FAQ

Many security cameras have a web interface. If you have a URL you can use from your browser at home, then you can use it while away with Agilicus AnyX.
The Agilicus AnyX platform is almost entirely cloud SaaS. In order to work with your Starlink network, you will be installing the Agilicus Connector on a device you already have. This software will facilitate the incoming network traffic.
The Agilicus Connector supports many device types. Windows, Linux, OpenWRT, Synology. You can see more information on the product guide page. In general, the machine will need about 100MB of storage, 20MB of ram to operate.
You can see an animated diagram on the Agilicus Connector page. But in general, this works the same way e.g. a Google Nest thermostat works. Something inside your home network makes a persistent outbound connection to our cloud. When you are away, you will connect to our cloud, it will confirm your identity, and bridge you across these two outbound connections.
You can see the pricing here. If you have only 2 users there will be no ongoing cost.
Agilicus AnyX is an excellent solution for web applications, for SSH (e.g. command line access), for a Share (e.g. file access), and for remote desktop (Microsoft Remote Desktop, VNC). If you have complex networking needs that require layer-3 routing this is probably not the right solution for you.
Agilicus AnyX is an implementation of Zero Trust, a security best practice. You will use single-sign-on authentication via your Google or Microsoft account (there are no passwords). You can optionally enable multi-factor authentication. All traffic is encrypted with TLS 1.3 HTTPS. You can configure firewall rules in this system for e.g. geo-ip based access, as well as other more complex rules. You will have a full audit trail of who used what when.
No. The Agilicus AnyX is a SaaS solution, cloud based. In order to work with your Starlink network, you will install a small piece of software on a single device you already own.
Certainly! Please either open the chat icon in the lower-left, fill in the form, or email us (info @ agilicus.com) and our team would be happy to discuss further with you.
Yes, the end user can use the web-based profile as well as the desktop based launcher. The desktop-based launcher requires OSX 11 (last supported version by Apple) or later.
No, Apple does not provide a server platform since the XServe. The connector is supported on Linux, Windows, various embedded platforms like Synology, pfSense, Mikrotik, etc. To run the connector on an Apple Mac, you may use the Docker instructions (see Install Docker Desktop on Mac).
We do not recommend using the RTSP feature of your camera with Agilicus AnyX. Instead we recommend using the HTTP interface.
Yes, via Agilicus AnyX.

Next Steps

In the case study above, the User’s objective was to use their Synology NAS from anywhere, without interference of the CGNAT of the Starlink.

The user can see a Share, ssh to the Synology, access Remote desktop to other machines on site, use the web interface of the Synology. From anywhere, on any device, with single-identity and single-sign-on, with multi-factor authentication.

about-agilicus