If you have a Synology NAS with Tailscale installed, you can turn it into two things: a private VPN to access your home devices from anywhere, and an exit node to route all your internet traffic through your home connection.
Not familiar with Tailscale? It’s a mesh VPN built on top of WireGuard. It creates a private network between your devices without needing to open ports or configure firewalls. Free for personal use.
Why This Is Useful
Most people think of VPNs as privacy tools for hiding your IP. But a Tailscale network on your home NAS gives you something more practical: remote access to your entire home network.
Install Tailscale on your MacBook, iPhone, or Android phone, and you can:
- Access your NAS from anywhere — browse files, stream media, or manage DSM as if you were on your couch
- Reach other home devices — printers, security cameras, Pi-hole, Home Assistant, or anything else on your LAN
- Use your home IP — some services (banking, streaming) behave differently based on your location. With your Synology as an exit node, you browse with your home IP even from a hotel in Tokyo
- Stay safe on public Wi-Fi — all traffic is encrypted through WireGuard and exits from your home connection, not the sketchy airport hotspot
No port forwarding on your router. No dynamic DNS. No exposing anything to the internet. Tailscale handles the NAT traversal and encryption automatically.
Install Tailscale on Synology
If you haven’t already:
- Open Package Center in DSM
- Search for Tailscale and install it
- Open the Tailscale package and sign in
Your NAS should now appear in your Tailscale admin console.
Enable Exit Node on Synology
- SSH into your Synology
- Run the following:
sudo tailscale up --advertise-exit-node- Go to the Tailscale admin console
- Find your Synology in the machine list
- Click the three dots menu → Edit route settings
- Toggle Use as exit node to approve it
Enable IP Forwarding on Synology
For the exit node to work, IP forwarding needs to be enabled:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pNote: DSM updates may reset these settings. You can add these commands to a scheduled task in DSM (Control Panel → Task Scheduler) that runs on boot.
Install Tailscale on Your Devices
For the private VPN to work, you need Tailscale on the devices you want to connect from.
MacBook
Download Tailscale from the Mac App Store or install via Homebrew:
brew install --cask tailscaleSign in with the same account you used on your Synology.
iPhone / Android
Install the Tailscale app from the App Store or Google Play. Sign in, and your phone is part of your tailnet.
Once signed in, your devices can already reach each other by their Tailscale IPs. You can access your NAS at its Tailscale IP (e.g. 100.x.y.z) from anywhere — no exit node needed for that. The exit node is the next step, for routing all your internet traffic through home.
Use the Exit Node
On your phone, laptop, or any device running Tailscale:
- Open Tailscale
- Select your Synology as the exit node
- All traffic now routes through your home network
On macOS
Click the Tailscale icon in the menu bar → Exit Node → select your Synology.
On iOS / Android
Open the Tailscale app → tap Exit Node → select your Synology.
That’s it. All your internet traffic now flows through your home connection. Toggle it off when you’re back on a trusted network.
