Gabiru wrote:Just a quick last two questions:
In terms of security, it's impossible for a network administrator to check my traffic? (It's not that I want to do anything illegal with it, but when I'm transferring a backup of my whole system, I don't want some campus geek to intercept it; also, some of the wifi networks on my university campus are maintained by computer geeks, I don't want them to be able to sniff through my internet traffic.)
The network admin will know you've made a connection to a PPTP VPN, but not be able to see the contents in the tunnel. To say PPTP isn't the best way to VPN is an understatement, but at least for now, it's all the DiskStation and iOS have in common. I use SSL (HTTPS) on all the connections going through the tunnel.
Gabiru wrote:Secondly, I have no idea if it makes any difference or not, but would it be better to make a VPN connection on my iPhone's 3G and then tether the connection to my laptop when I'm on the road; or should I tether the connection and establish the VPN tunnel on my laptop?
I've never done tethering, so my honest answer is, "I don't know." If the tethered connection is secure, it shouldn't matter, but if it will work, I'd try tethering first and creating the tunnel from the laptop.
Regarding security at home. Most bots that run vulnerability accessors, in fact, many professional companies that do that for you, don't scan all ports--it's not efficient for them. They scan the most used ones. SSH (port 22) is one of those and is often the target of brute force password attacks. The best way to run it at home is to have your inside router (your D-Link) port forward a high-numbered port to port 22 on the computer you wish to access. In fact, you can set up several different high-numbered ports (i.e. 22000+), one for each computer you wish to access on port 22. Port 5000 (uPnP) is another one. I wouldn't port forward that port (or any of the DiskStation 5xxx numbered ports) on the inside router to the DiskStation now that you have VPN working. If you must have access to these outside the VPN, I'd do the same thing with forwarding high-numbered ports to the 5xxx ports on the D-Link.
I have a setup similar to yours with an AT&T UVERSE router (slow networking) feeding an Apple AirPort Extreme. I don't get their TV service or VOIP phone though (still have my POTS line). My DS1512+ is too important to us to expose to the Internet as a web or mail server. For those, I'm going to get an "expendable" 1-bay DiskStation, put it in the DMZ (uses one of the outside router's IP addresses), port forward the needed ports on the outside router, and create differently named and passworded accounts on it (or alternatively, use keys).
Hope this helps.