Applicable Products
Software
- QuWAN Orchestrator 2.9 and later versions
- QVPN Service 3.3 and later
Hardware
Overview
QuWAN Express allows a QNAP NAS to join the QuWAN network quickly with minimal configuration. It provides secure connectivity for remote access and inter-device communication without requiring manual port forwarding or complicated VPN setup.
When a QNAP router (hub) is available, the NAS automatically establishes an IPSec tunnel with the hub to support secure, high-performance data transfer within the organization.
If a hub is not deployed, you can use the Super Node service. Super Node is a cloud gateway that provides an IPSec tunnel for the NAS, assigns a public IP and port for secure external access, and enables NAS-to-NAS communication inside the QuWAN virtual network.
Note
- Super Node is designed for environments without a QuWAN hub router and supports up to three edge NAS devices for remote access. If additional devices need to connect, you can update the allowed NAS list in the QuWAN Orchestrator cloud platform.
- The service includes a monthly free data transmission limit of 15 GB. After this limit is reached, transmission speed is reduced, and you can upgrade your license plan in the QNAP Software Store if more capacity is needed.
Key features
- QuWAN Express allows you to join the QuWAN network with a single click in QVPN Service, and the system automatically handles network configuration on your behalf.
- It enables secure remote access to NAS data from any location by routing traffic through the QuWAN overlay network.
- The Super Node service provides cloud-based connectivity that ensures reliable external access and seamless communication between NAS devices, even when a hub router is unavailable.
- The service assigns a virtual IP address to the NAS so it can communicate with other QuWAN devices without exposing internal network details.
Prerequisites
- Update the NAS firmware and QVPN Service to the versions listed in Applicable Products.
- Ensure the NAS has an active internet connection.
- Disable the L2TP/IPSec server on the NAS before enabling QuWAN Express.
- Sign in to the NAS with a QNAP ID so it can register with QuWAN Orchestrator.
- Make sure the hub router you plan to use supports QuWAN configuration and is registered to the same QuWAN organization that you will select when configuring the QuWAN Express settings.
Procedure
This section describes how to configure access QuWAN Express on QVPN Service, configure device information, and register the NAS as an edge device in QuWAN Orchestrator.
Configure QuWAN Express on your QNAP NAS
- Log in to your NAS as an administrator.
- Open QVPN Service.
- Go to QuWAN > QuWAN Express.
- Click Join.
- Click Start to run prerequisite checks.
QVPN Service verifies the following:- The NAS must have an active internet connection for the check to pass.
- The check confirms whether the L2TP/IPSec server is disabled because it must be turned off before you continue.
- The check verifies that the NAS is signed in with a QNAP ID and prompts you to log in when necessary.
When all prerequisite checks complete successfully, QVPN Service displays the Device Information. - Optional: Configure the QuWAN organization and region settings.
- Click
.
The Edit Device Information window appears.
- Optional: Select the QuWAN Organization from the dropdown.
If your QNAP ID is a member of multiple organizations, select the organization that will manage this NAS. - Optional: Select an option to determine the region where the NAS establishes its QuWAN connection:
- Auto (Recommended): QVPN Service automatically chooses the best region. It prioritizes regions where a hub router exists for your organization. If a hub is unavailable, it falls back to a Super Node region.
- Super Node: Force connection to the QuWAN Super Node cloud endpoint.
Note
Use when there is no hub in your organization or when you want immediate cloud endpoint access. When using Super Node, the NAS receives a cloud-assigned public IP and port for external connectivity without port forwarding.
- Custom Region: Manually select a region when you want the NAS to join a particular segment of your QuWAN organization.
- Click Apply.
QVPN Service updates the device registration settings locally and prepares to register the device with QuWAN Orchestrator.
- Click Join QuWAN Orchestrator.
The NAS is registered to QuWAN Orchestrator and becomes an edge NAS.
Once the NAS successfully joins the QuWAN organization, the following actions occur automatically:
- The QuWAN Orchestrator assigns a Virtual IP address to the NAS inside the QuWAN overlay network.
- If a hub router exists in the assigned region, the NAS will automatically establish an IPSec tunnel with that hub.
- If connected to a Super Node, the NAS will receive a public IP address and port assigned by the cloud endpoint enabling secure external access without manual port forwarding.
- Wait until the connection status updates to Connected on the QuWAN Express page.
Once connected the NAS is reachable via the QuWAN virtual network by other edge devices and by users who have appropriate QuWAN access (for example, remote clients or other NAS devices).
- Optional: Verify the NAS appears in QuWAN Orchestrator.
- Log into QuWAN Orchestrator.
- Select your organization.
- Go to QuWAN Device.
- Locate the NAS by the device name.
- Under Topology Status, check if the status is Connected.
Manage Super Node connections
- Log in to QuWAN Orchestrator.
- Select your organization.
- Go to QuWAN Topology > Super Node (QuWAN Express) > Status.
- Click Manage Super Node Connections.
- Select between 1 to 3 edge NAS devices.
- Click Apply.
QuWAN Orchestrator updates the Super Node connections.
Modifying the virtual IP address of the edge NAS
- Log in to your edge NAS.
- Open QVPN Service.
- Go to QuWAN > QuWAN Express.
- Click
.
The Edit Virtual IP window appears. - Enter a different virtual IP address.
- Click Check.
QVPN Service checks the virtual IP address. - Click Apply.
Accessing the NAS remotely via QuWAN Express
- From another QuWAN edge device or routed network, use the assigned Virtual IP address to connect to services on the NAS (e.g., SMB, AFP, HTTP(S), SSH) depending on your NAS access rules and port configuration.
- When using a hub, traffic between NAS and hub-connected devices remains within the IPSec tunnels and private networks, providing lower latency and better throughput for in-organization transfers.
Troubleshooting
- Network connection check failed
- Verify that the NAS has a working internet connection.
- Make sure the DNS settings are correct, because incorrect DNS configuration can cause the NAS to appear offline to QuWAN services.
- L2TP/IPSec conflict check failed
- Disable any local L2TP/IPSec server instance in QVPN Service before activating QuWAN Express, since both services cannot run simultaneously.
- QNAP ID verification failed
- Log in with a QNAP ID that belongs to the organization you want to use, then try joining again. Also confirm that the NAS system date and time are accurate so the authentication tokens can be validated.
- Edge shows "Connecting" but never "Connected"
- Verify that the NAS and the router have working internet connections.
- Check the firewall rules on both your network and the NAS. IPSec and NAT traversal ports, such as UDP 500 and 4500, must be allowed for outbound traffic.
Further Reading
适用产品
软件
- QuWAN Orchestrator 2.9 及更高版本
- QVPN VPN 服务器 3.3 及更高版本
硬件
概述
QuWAN Express 允许 QNAP NAS 以较少的配置快速加入 QuWAN 网络。它提供安全的远程访问和设备间通信连接,无需手动端口转发或复杂的 VPN 设置。
当有 QNAP 路由器(中心)时,NAS 会自动与中心建立 IPSec 隧道,以支持组织内的安全高性能数据传输。
如果没有部署中心,您可以使用 Super Node 服务。Super Node 是一个云网关,为 NAS 提供 IPSec 隧道,分配公共 IP 和端口以实现安全的外部访问,并在 QuWAN 虚拟网络内启用 NAS 到 NAS 的通信。
注意
- Super Node 专为没有 QuWAN 中心路由器的环境设计,支持较多三个端点 NAS 设备进行远程访问。如果需要连接更多设备,您可以在 QuWAN Orchestrator 云平台中更新允许的 NAS 列表。
- 该服务每月包含 15 GB 的免费数据传输限额。达到此限额后,传输速度会降低,如果需要更多容量,您可以在QNAP 软件商店中升级您的许可证计划。
主要功能
- QuWAN Express 允许您在 QVPN VPN 服务器中一键加入 QuWAN 网络,系统会自动为您处理网络配置。
- 它通过 QuWAN 覆盖网络路由流量,使您可以从任何位置安全地远程访问 NAS 数据。
- Super Node 服务提供基于云的连接,确保即使在没有中心路由器的情况下,也能可靠地进行外部访问和 NAS 设备之间的无缝通信。
- 该服务为 NAS 分配一个虚拟 IP 地址,使其能够与其他 QuWAN 设备通信,而无需暴露内部网络细节。
先决条件
- 将 NAS 固件和 QVPN VPN 服务器更新到适用产品中列出的版本。
- 确保 NAS 具有有效的互联网连接。
- 在启用 QuWAN Express 之前,禁用 NAS 上的 L2TP/IPSec 服务器。
- 使用 QNAP ID 登录 NAS,以便它可以注册到 QuWAN Orchestrator。
- 确保您计划使用的中心路由器支持 QuWAN 配置,并注册到您在配置 QuWAN Express 设置时将选择的同一 QuWAN 组织。
步骤
本节介绍如何在 QVPN VPN 服务器上配置访问 QuWAN Express,配置设备信息,并将 NAS 注册为 QuWAN Orchestrator 中的端点设备。
在您的 QNAP NAS 上配置 QuWAN Express
- 以管理员身份登录您的 NAS。
- 打开QVPN VPN 服务器。
- 转到QuWAN > QuWAN Express。
- 点击加入。
- 点击开始 以运行先决条件检查。
QVPN VPN 服务器验证以下内容:- NAS 必须具有有效的互联网连接才能通过检查。
- 检查确认 L2TP/IPSec 服务器是否已禁用,因为在继续之前必须关闭它。
- 检查验证 NAS 是否已使用 QNAP ID 登录,并在必要时提示您登录。
当所有先决条件检查成功完成时,QVPN VPN 服务器显示设备信息。 - 可选:配置 QuWAN 组织和区域设置。
- 点击。
出现编辑设备信息窗口。 - 可选:从下拉菜单中选择QuWAN 组织。
如果您的 QNAP ID 是多个组织的成员,请选择将管理此 NAS 的组织。 - 可选:选择一个选项以确定 NAS 建立其 QuWAN 连接的区域:
- 自动(推荐):QVPN VPN 服务器自动选择较佳区域。它优先考虑您的组织中存在中心路由器的区域。如果没有中心,则回退到超级节点区域。
- 超级节点:强制连接到 QuWAN 超级节点云端点。
注意
在您的组织中没有中心或您希望立即访问云端点时使用。使用超级节点时,NAS 接收一个云分配的公共 IP 和端口,以便在无需端口转发的情况下进行外部连接。
- 自定义区域:当您希望 NAS 加入 QuWAN 组织的特定部分时,手动选择一个区域。
- 点击应用。
QVPN VPN 服务器本地更新设备注册设置,并准备将设备注册到 QuWAN Orchestrator。
- 点击加入 QuWAN Orchestrator。
NAS 被注册到 QuWAN Orchestrator 并成为一个端点 NAS。
一旦 NAS 成功加入 QuWAN 组织,以下操作将自动发生:
- QuWAN Orchestrator 为 NAS 分配一个虚拟 IP 地址,位于 QuWAN 覆盖网络内。
- 如果在分配的区域中存在中心路由器,NAS 将自动与该中心建立 IPSec 隧道。
- 如果连接到超级节点,NAS 将接收由云端点分配的公共 IP 地址和端口,启用安全的外部访问,无需手动端口转发。
- 等待连接状态更新为已连接 在 QuWAN Express 页面上。
连接后,NAS 可以通过 QuWAN 虚拟网络被其他端点设备和具有适当 QuWAN 访问权限的用户(例如,远程客户端或其他 NAS 设备)访问。
- 可选:验证 NAS 是否出现在 QuWAN Orchestrator 中。
- 登录到 QuWAN Orchestrator。
- 选择您的组织。
- 进入QuWAN 设备。
- 通过设备名称找到 NAS。
- 在拓扑状态下,检查状态是否为已连接。
管理超级节点连接
- 登录到QuWAN Orchestrator。
- 选择您的组织。
- 进入QuWAN 拓扑 > 超级节点 (QuWAN Express) > 状态。
- 点击管理超级节点连接。
- 选择 1 到 3 个端点 NAS 设备。
- 点击应用。
QuWAN Orchestrator 更新超级节点连接。
修改端点 NAS 的虚拟 IP 地址
- 登录到您的端点 NAS。
- 打开 QVPN VPN 服务器。
- 进入QuWAN > QuWAN Express。
- 点击。
出现编辑虚拟 IP窗口。 - 输入不同的虚拟 IP 地址。
- 点击检查。
QVPN VPN 服务器检查虚拟 IP 地址。 - 点击应用。
通过 QuWAN Express 远程访问 NAS
- 从另一个 QuWAN 端点设备或路由网络,使用分配的虚拟 IP 地址连接到 NAS 上的服务(例如,SMB、AFP、HTTP(S)、SSH),具体取决于您的 NAS 访问规则和端口配置。
- 使用中心时,NAS 与连接到集线器的设备之间的流量保持在 IPSec 隧道和私有网络内,从而为组织内传输提供较低的延迟和更好的吞吐量。
故障排除
- 网络连接检查失败
- 确认 NAS 具有正常的互联网连接。
- 确保 DNS 设置正确,因为错误的 DNS 配置可能导致 NAS 在 QuWAN 服务中显示为离线。
- L2TP/IPSec 冲突检查失败
- 在激活 QuWAN Express 之前,禁用 QVPN VPN 服务器中的任何本地 L2TP/IPSec 服务器实例,因为这两项服务不能同时运行。
- QNAP ID 验证失败
- 使用属于您想使用的组织的 QNAP ID 登录,然后重试加入。同时确认 NAS 系统日期和时间更贴合,以便验证身份验证令牌。
- 端点显示“连接中”但从未“已连接”
- 确认 NAS 和路由器具有正常的互联网连接。
- 检查您网络和 NAS 上的防火墙规则。必须允许 IPSec 和 NAT 穿越端口(如 UDP 500 和 4500)用于出站流量。
进一步阅读
