Synology Connector Install


Synology NAS. Agilicus Connector.

Synology SSH Enable


The Agilicus Connector can install on an embedded NAS product such as Synology. The devices (usually) have either an Intel or an Arm processor. The instructions are the same for each, but the link is different. The instructions below are for a Synology NAS but will be similar on other devices.

No changes are needed to your firewall. No VPN is needed. You can administer users via their Active Directory or Apple, Google, Linkedin accounts.

The high level steps are:

  1. Enable SSH on your NAS
  2. Create a Connector (Agilicus admin interface)
  3. SSH to the NAS
  4. Run the given command

after this, the Agilicus Connector will be entirely automatic, and controlled via the Agilicus admin interface. You may uninstall it at any time with

Enable SSH

In order to install the Agilicus Secure Exposed Agent Connector on your Synology NAS, you will first need to enable SSH. We can do this from the Control Panel, select “Terminal & SNMP” under Applications.

Synology SSH Enable

Create Agilicus Connector

First we will create a Connector. This logical endpoint allows reverse inbound connectors to safely occur.

We give the connector a name. This is used for statistics and diagnostics purposes.

You will now be presented with some download instructions. Copy the command line given for Linux.

SSH to your NAS. Run ‘sudo -i’. Now paste the command line

user@ds120: $ sudo -i
root@ds120:~# which curl && (curl -sSL > /tmp/ || (wget -O - > /tmp/; sh /tmp/ -c JhtPxw9GVXXXXXX -s yw6XXXX

OS: <Linux>, Machine: <aarch64>, END: <le>
Fetching into /tmp/agilicus-agent-arm64
-rwxr-xr-x 1 root root 46268416 Jul  8 11:37 /tmp/agilicus-agent-arm64
+ /tmp/agilicus-agent-arm64 client --install --challenge-id JhtPxw9GXXXXX --challenge-code ywXXXX
INFO[2023-07-08T11:37:53-05:00] Starting connector - version v0.211.3
INFO[2023-07-08T11:38:08-05:00] Check if the agilicus connector is already running as a service. If so stop it
INFO[2023-07-08T11:38:08-05:00] Create file /usr/bin/
INFO[2023-07-08T11:38:08-05:00] Create file /etc/systemd/system/agilicus-agent.service
INFO[2023-07-08T11:38:08-05:00] Will install to / -> {/usr/bin/ -rwxr-xr-x <nil>}
INFO[2023-07-08T11:38:08-05:00] Will install to /agilicus-agent.service -> {/etc/systemd/system/agilicus-agent.service -r--r--r-- 0xd97540}
INFO[2023-07-08T11:38:08-05:00] Create a directory at /opt/agilicus/agent/tufmetadata/latest
INFO[2023-07-08T11:38:08-05:00] Create a directory at /opt/agilicus/agent/tufmetadata/stable
INFO[2023-07-08T11:38:18-05:00] Create a user and group named Agilicus to run the agilicus-agent service
INFO[2023-07-08T11:38:18-05:00] Copy executable to /opt/agilicus/agent
INFO[2023-07-08T11:38:18-05:00] Set permissions to Agilicus on /opt/agilicus/agent
INFO[2023-07-08T11:38:18-05:00] Create symlink from /usr/bin/agilicus-agent to /opt/agilicus/agent/agilicus-agent-arm64
INFO[2023-07-08T11:38:18-05:00] creating connector instance
INFO[2023-07-08T11:38:19-05:00] Join a connector cluster
INFO[2023-07-08T11:38:19-05:00] Start agilicus-agent service
INFO[2023-07-08T11:38:21-05:00] Installation Complete

At this stage we are complete.

Sample First Share

Let’s assume we have a Share existing on our Synology called ‘tmp’. On the filesystem this is in /volume1/tmp. Once we have completed the above steps, we can create a new Share in the Agilicus admin interface (https://admin.YOURDOMAIN).

Next we will be asked for two parameters (web uri path prefix, name). The first will appear in an http path, e.g. if you say “bobcat”, the URI your users will see is https://files.YOURDOMAIN/bobcat. The second is a name which will show up in the audit log. Normally these are the same (unless you have the same share name on multiple hosts).

Share Name

Now we will indicate the path on the Synology. In our example (The synology has a share called tmp, this will be in /volume1/tmp)

Share Path

At this stage you will be given the option to test this in the administrative interface, and, your users may navigate to https://profile.MYDOMAIN to get their own mount instructions for their desktops.