The following details how to setup WebDAV to access your files securely on a Synology Network Attached Storage device and be able to map it as a network drive. This means that over the Internet, you can access your Synology device as a mapped drive. This method is free and also provides a secure mapped drive connection via SSL certificate.

12-7-18 Update:  1) Added “Part 3”.  2) Reworked “Part 8” instructions to match a traditional local mapped drive look for the end user.

Benefits of this method:

Need Personalized Virus Removal Assistance?

Get expert help today.

If you're not already a VirusRepairNow.com customer, our Certified Virus Removal Experts are available to clean, optimize and secure your system. Call 1-855-868-4787 or click to schedule an appointment with VirusRepairNow.com today!

  • You will be able to “map a drive” to your Synology device over the Internet
  • No need for third party software like http://www.netdrive.net/
    (The advantage of using NetDrive is an easier and faster setup.)
  • No monthly or yearly fees for different services that some Synology WebDAV solutions have
  • A dedicated domain is not needed (but one can be used if desired)
  • A free SSL certificate is used which offers excellent security

This was accomplished in November 2018 using a DS213j and separately on a DS212j both using “DSM 6.2.1-23824 Update 1” at the time.

Don’t skip any steps unless specifically noted.

PART 1 – THINGS YOU NEED

1. External IP address of router
With a computer within the Diskstation network, Google “what is my ip”
2. Diskstation IP address
Diskstation –> Info Center –> Network
3. Diskstation MAC address (optional)
Diskstation –> Info Center –> Network
4. Ability to login to router

PART 2 – DISKSTATION

Why do this? Diskstation needs WebDAV on port 5006 running in order to map a drive to it securely.

1. Log in to your Diskstation locally at diskstation:5000 or if setup and desired, remotely via QuickConnect.
2. Package Center –> All Packages –> Find and install “WebDAV Server”.
3. Open WebDAV Server
4. WebDAV Server Settings
[ ] Enable HTTP (Can enable for quick port testing, and then disable)
[x] Enable HTTPS port 5006
[ ] Enable Anonymous WebDAV
[ ] Enable DavDepthInfinity
[x] Enable WebDAV log
[x] No speed limit
[Apply]
5. Close the WebDAV Server settings window.

PART 3 – USER OR GROUP PERMISSIONS

WebDAV Server access was not enabled by default for my “Group” or “User” level.  I don’t want all users to have WebDAV access, so I set this at the user level to grant only those users access that need it.  Instructions are provided for user or group.  Pick either User or Group.

To fix at the User level:

1. Diskstation –> Control Panel –> User –> Click a User –> [Edit] –>  Applications (tab)
2.  Find the WebDAV Server row and in this row put an [x] in the first column (Allow)
3. [OK] to save.

To fix at the Group level:

1. Diskstation –> Control Panel –> Group –> Click a Group –> [Edit] –> Applications (tab)
2. Find the WebDAV Server row and in this row put an [x] in the first column (Allow)
3. [OK] to save.

PART 4 – PORT FORWARDING

Why do this? Your router will block most ports until they are needed. This opens and directs the two ports that are needed. Port 5006 is needed for the “mapped drive” ability. Port 80 is needed for the secure certificate provided by Let’s Encrypt (setup later).

1. Log in to your router.
2. Forward port 5006 to the diskstation IP.
3. Forward port 80 to the diskstation IP.
4. Using a computer within the diskstation network, check your work at http://canyouseeme.org
If any problems, check that all steps above have been done. Usually the problem is regarding the ports being forwarded. Some routers do better being restarted and test again. You must have success here in order to continue.

PART 5 – NO DOMAIN IP

Why do this? Your “mapped drive” needs to know where to find your diskstation online. This provides that ability and no domain is needed. You will be using an existing, free domain (dns-cloud.net) and adding your own custom subdomain to it (for example “yourcompany”), thus forming your own unique domain (yourcompany.dns-cloud.net).

WISH TO USE A DOMAIN? If you have a domain that you want to use, visit your domain registrar and make the noted changes in Step 5 to your domain. Remember, a domain is not needed, just follow the steps below.

Note 1: The URL is CLOUD NS not CLOUD DNS. I mention this because I made this mistake originally.
Note 2: The SSL certificate (setup later) can only be setup so many times under the same email address. If you are setting this up for yourself, on one device, you can optionally and safely skip steps 6, 7, and 8.
If however, you are setting this up on multiple devices, perhaps for clients, you can’t keep using the same email address to setup the secure certificate. Steps 6, 7 and 8 creates a virtual unique receiving email that receives email, and then will forwarded to your actual email address. If you have more than one device, do steps 6, 7, and 8 and have no worries about an email address limit.
Note 3: I chose this vendor based on a Google search and they are free and easy to setup. If you have a favorite “no IP” domain provider, please use them.

1. Visit https://www.cloudns.net/ and sign up for a free account.
2. DNS Zones –> Add New
3. Free zone
4. In the “Domain name:” box, put something unique, maybe the business name. Avoid spaces or special symbols. Keep it all lower case.
Example: mybusiness
This is the “magic” of forming your own unique domain without having to own a domain. In my example, this will make my domain name mybusiness.dns-cloud.net
[REGISTER]
5. Add new record
Type: A
Host: (leave this empty/blank)
Points to: The router’s external IP address
[SAVE]
6. Add new record
Type: MX
Host: (leave this empty/blank)
Priority: 5
Points to: mailforward33.cloudns.net
[SAVE]
7. Add new record
Type: MX
Host: (leave this empty/blank)
Priority: 10
Points to: mailforward34.cloudns.net
8. Click the “Mail Forwards” square button –> Add new forward
Mail box: admin
@: (leave this empty/blank)
Forward to: Put in your actual email address
[SAVE]
You now have an email address of admin@mybusiness.dns-cloud.net (replace “mybusiness” with what you named it in Step #4 above) and any emails sent to it will be forwarded to your actual email address.

PART 6 – SSL Secure Certificate

Why do this? This adds a secure certificate to your diskstation that will work with the “Map to Drive” functionality. The built in Synology certificate won’t work for this.

1. Diskstation –> Control Panel –> Security –> Certificate
2. Add –> Add a new certificate –> [Next]
3. [x] Get a certificate from Let’s Encrypt –> [Next] (DON’T choose “set as default certificate”)
4. Certificate info
Domain name: mybusiness.dns-cloud.net (replace “mybusiness” with what you chose)
Email: admin@mybusiness.dns-cloud.net (replace “mybusiness” with what you chose)
Subject Alternative Name: (leave empty / blank)
[Apply]

Wait until success message (or you see your certificate appear along with synology.com’s default certificate). If you have any errors, fix any noted problems and attempt to get the certificate again.

PART 7 – WebDAV Secure Certificate

Why do this? Your SSL Certificate for WebDAV is Synology’s which won’t work. Let’s fix that.

1. Diskstation –> Control Panel –> Security –> Certificate
2. Click on the new certificate –> [Configure]
3. Change WebDAV Server from synology.com to mybusiness.dns-cloud.net (replace “mybusiness” with what you chose)
4. [OK]

PART 8 – Map Drive

Why do this? This is the moment you’ve been waiting for…

1. To find the “Map network drive” button…
2. Start Windows/File Explorer
3. In the left column click “This PC” or “Computer
4. Now click the “Map network drive” button.
You can map the network drive here, but short of registry edits, you are unable to apply a short name of the mapped drive.  A short name will be similar to a locally mapped drive name.  Users tend to like the short name.
5. Click “Connect to a Web site that you can use to store your documents and pictures.
6. [Next]
7. Click “Choose a custom network location
8. [Next]
9. In the “Internet or network address:
https://mybusiness.dns-cloud.net (replace “mybusiness” with what you chose)
TIP:  If you want the user to start within a specific folder, include the folder(s) in the box such as:  https://mybusiness.dns-cloud.net/FOLDERNAME
10. [Next]
11. When prompted for username and password, use the u/p for a user on the diskstation.
12. [x] Remember my credentials.
13. [OK]
14. Type a name for this network location.  Instead of “mybusiness.dns-cloud.net” I change it to reflect either the FOLDERNAME or company name, etc.  Avoid spaces and symbols.
15. [NEXT]
16. [Finish]

You’re done!

Under “Computer” or “This PC” you will see the “MyBusiness” mapped folder.  Congratulations!

The “Map Network Drive” window will still be on your screen.  Click [Cancel] as you completed the steps already.

When you restart your computer, the remote mapped drive may show red or get a notice that you didn’t reconnect to all network drives. No worries. When you try to access it, it will take a few moments to authenticate you, but it will work fine.

PART 9 – Clean Up

1. Reserve the Diskstation IP in the router.
2. Disable WebDAV HTTP 5005 if you enabled it for any reason.
3. Make sure all diskstation accounts use challenging passwords.
4. Consider creating a new account that has admin rights and disabling the default “admin” account for security reasons.  If you setup “Dropbox” under your “admin” account, it will fail when you disable the “admin” account.  Simply set up Dropbox under the new account using the exact settings you used for “admin”.  Doing it this will means no files will need to be uploaded but it will take some time to re-verify.
More info: https://originwww.synology.com/en-us/knowledgebase/DSM/tutorial/General/How_to_add_extra_security_to_your_Synology_NAS
5. Consider disabling the “guest” account.
6. Consider enabling auto block: Diskstation –> Security –> Account (tab)

Resources
https://forum.synology.com/enu/viewtopic.php?t=121882
https://serverfault.com/questions/754175/how-to-point-dns-to-machine-behind-router
https://www.synology.com/en-us/knowledgebase/DSM/tutorial/File_Sharing/How_to_access_files_on_Synology_NAS_with_WebDAV
https://www.youtube.com/watch?v=yajoUSlivYw
https://www.youtube.com/watch?v=rXOsSuzVrtE
https://www.reddit.com/r/synology/comments/5gx6jp/map_drive_remotely/
https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/What_network_ports_are_used_by_Synology_services
https://help.dreamhost.com/hc/en-us/articles/216473357-Accessing-WebDAV-with-Windows
https://www2.le.ac.uk/offices/itservices/ithelp/my-computer/files-and-security/work-off-campus/webdav/webdav-on-windows-10

Roger Whittaker

Roger Whittaker

Head Computer-Virus-Removal-Expert-Dude at VirusRepairNow.com
My name is Roger and I run a small family owned expert virus removal company.

We serve computer users anywhere in the US that have virus infections using a remote connection over the Internet for immediate service.

I enjoy delivering expert quality and value to all my customers. In fact, I work extra hard so every virus removal is a 5 star experience!
Roger Whittaker