sat-nas

Starlink and Synology NAS

Learn how Agilicus AnyX can enable inbound remote access to environments with no public IP (Starlink, Mobile, etc), and how this can work ideally with a Synology NAS.

See a more general overview of the problem, and an FAQ. Or, learn more about how to use with Synology Surveillance Station with your cameras.

Overview

A common home or small office environment is a Synology NAS, and Starlink for Internet access. The only downside? If you are not at home, on your home network, you cannot access your files or access other services on the NAS (or through it). Or can you?

In Starlink Port Forwarding we discussed how Carrier-Grade NAT (CGNAT) works, and how Agilicus AnyX can be used to connect through the Starlink into an internal environment, even though there is no public IP.

In this article we describe how a user setup their Starlink and Synology with Agilicus AnyX, achieving anywhere secure access, from any device, despite the CGNAT limitation. They can access their files from anywhere, including their home surveillance video through Starlink and Synology NAS.

Data Flow

The high-level data flow is shown at the right. A managed SaaS system (Agilicus AnyX) acts as the intermediary. A program installed on the Synology (Agilicus Connector) makes an outbound connection, thus overcoming the limitation of the NAT.

User-based authentication via Single-Sign-On and End-To-End Encryption round out the feature set of getting the User to their Data without caring about the network.

The Setup: Starlink and Synology NAS

The setup is super simple. Its all self-served.You can view the pricing and Signup and try along. The high-level steps to configure Starlink and Synology NAS are:

1. Signup. Create your Account

The signup process asks you what you want to call your account. You then have the option of using your own domain-name (so your share and web-applications will be something like https://my-app.mydomain), or one of ours. The Signup process is very simple, detailed instructions are here.

2. Install. Install the Connector on the Synology

In the Agilicus Admin UI, create a Connector. Give it a name (e.g. my-nas). It will give you a command line to paste into the Synology. You are now done. For more information see the Synology Connector Install instructions.

3. Configure. Create a Share

At its heart the Synology is a file server. So naturally the first thing to try is a Share. Detailed instructions here. You will be able to use this share via a web interface (Profile), or mount it directly on your desktop (the S: drive).

4. Configure. Create a Web Application

The Synology has a web interface. Create a web application in Agilicus Admin interface, referencing ‘127.0.0.1’ as the ‘upstream host’ and port 5000 (this is the internal port of the synology for admin). This will proxy you, after proving your identity, to the Synology NAS. From anywhere.

5. Explore

Open https://profile.MYDOMAIN, sign in. Try your share. Try the admin interface of the Synology. Now, do this from a network that is not at your home (e.g. LTE, a Cafe). Observe it works without regard to where you are. No VPN.
Feel free to try additional services, e.g. a VNC or RDP remote desktop to your Mac, Linux, Windows machine. Connect to your home Building Management System. SSH to the synology (web or command line) from remote, whatever works for you.

FAQ

Category: Starlink

No, we are not in anyway affiliated with SpaceX / Starlink.

Agilicus connector on an Apple Mac. There is no Apple server, so this is usually not needed, however, can be run under Docker.

Category: Starlink

No, Apple does not provide a server platform since the XServe. The connector is supported on Linux, Windows, various embedded platforms like Synology, pfSense, Mikrotik, etc. To run the connector on an Apple Mac, you may use the Docker instructions (see Install Docker Desktop on Mac).

If you are an enthusiast, consider running the connector under Docker on your Mac.

Category: Starlink

Yes, via Agilicus AnyX.

Category: Starlink

No. The Agilicus AnyX is a SaaS solution, cloud based. In order to work with your Starlink network, you will install a small piece of software on a single device you already own.

Category: Starlink

The Agilicus AnyX platform is almost entirely cloud SaaS. In order to work with your Starlink network, you will be installing the Agilicus Connector on a device you already have. This software will facilitate the incoming network traffic.

Category: Starlink

Yes, the end user can use the web-based profile as well as the desktop based launcher. The desktop-based launcher requires OSX 11 (last supported version by Apple) or later.

Category: Starlink

You can see an animated diagram on the Agilicus Connector page. But in general, this works the same way e.g. a Google Nest thermostat works. Something inside your home network makes a persistent outbound connection to our cloud. When you are away, you will connect to our cloud, it will confirm your identity, and bridge you across these two outbound connections.

Category: Starlink

Agilicus AnyX is an implementation of Zero Trust, a security best practice. You will use single-sign-on authentication via your Google or Microsoft account (there are no passwords). You can optionally enable multi-factor authentication. All traffic is encrypted with TLS 1.3 HTTPS. You can configure firewall rules in this system for e.g. geo-ip based access, as well as other more complex rules. You will have a full audit trail of who used what when.

Category: Starlink

You can see the pricing here. If you have only 2 users there will be no ongoing cost.

Category: Starlink

Certainly! Please either open the chat icon in the lower-left, fill in the form, or email us (info @ agilicus.com) and our team would be happy to discuss further with you.

Category: Starlink

Agilicus AnyX is an industrial, business product. The large set of features may make it too complex for a consumer environment.

Category: Starlink

Agilicus AnyX is an excellent solution for web applications, for SSH (e.g. command line access), for a Share (e.g. file access), and for remote desktop (Microsoft Remote Desktop, VNC). If you have complex networking needs that require layer-3 routing this is probably not the right solution for you.

Category: Starlink

The Agilicus Connector supports many device types. Windows, Linux, OpenWRT, Synology. You can see more information on the product guide page. In general, the machine will need about 100MB of storage, 20MB of ram to operate.

It is very unlikely the Agilicus Connector will install on your camera.

Category: Starlink

We do not recommend using the RTSP feature of your camera with Agilicus AnyX. Instead we recommend using the HTTP interface.

Category: Starlink

Many security cameras have a web interface. If you have a URL you can use from your browser at home, then you can use it while away with Agilicus AnyX.

In most cases, if you have an NVR, this will work. If your camera supports ONVIF, we have specific support for some NVR with that.

Many people use Synology Surveillance Station or Shinobi NVR with Agilicus AnyX.

Sample setups for generic ONVIF cameras are here.

A sample setup for an older Hikvision is here.

Ready To Learn More?

Agilicus AnyX Zero Trust enables any user, on any device, secure connectivity to any resource they need—without a client or VPN. Whether that resource is a web application, a programmable logic controller, or a building management system, Agilicus can secure it with multi-factor authentication while keeping the user experience simple with single sign-on.

9f758437 agilicus logo horizonta

info@agilicus.com, +1 ‪519 953-4332‬

300-87 King St W, Kitchener, ON, Canada. N2G 1A7

partner

info@partner.com, +1 ‪555 555-5555

1 Main Street, Townsville, ON, Canada. POST-CODE