Scott Hanselman

Setting up a VPN and Remote Desktop back into your home with a Synology (from an iPhone)

April 2, '15 Comments [27] Posted in Hardware | Open Source | Win8
Sponsored By

It's amazing that I can basically be my own IT Department. The kinds of things we can do in our homes as individuals with off-the-shelf hardware would have needed an IT Dept of a dozen just 10 years ago, ya know? Amazing.

I wanted to be able to VPN into my home and remotely access my machines and files. I do very much realize there are a lot of different options to do this, and have been for years. From GoToMyPc to Hamachi, again, there's dozens of ways. I wanted a VPN solution I could use on my iPhone/iPad and Surface. I wanted it to be standards-based and not require any additional software installations.

I have a a Synology 1511+ NAS appliance and I love it. It's not just a file server, it's an everything server, in my house. I use it for Plex, it hosts my files and photos, it manages my surveillance cameras and acts as a camera DVR, it runs a Minecraft Server, it's a Git server, it even runs Docker.

The Synology will act as my VPN server as well.

Here's how I set up four things. The Synology, my Router, my iOS device, and my Windows PC/Surface.

The result is I can now remote into my home and manage things from any device I own.

Setting up a Synology for L2TP VPN

First, in the Synology Package Manager, ensure that you've got the Synology VPN Server package installed and running.

Adding VPN Server on Synology

You should give some though as to which VPN technique you want to use. I decided on L2TP, although there is some concern the NSA has weakened it. Benefits are that it's on all major platform, it's generally considered secure, and it's easy to setup.

Select L2TP (or whatever you want), and Enable it. Notice also that I selected my INTERNAL DNS server. I found this worked best for me when trying to access internal resources. You can also setup a hosts file if you want to just hit a few things inside your house.

L2TP in Synology

Now click on Privilege. Just give the minimum privileges to the user that needs them. NO need to give VPN access to users who won't use it.

VPN Server in Synology

Setup your Router for VPN (L2TP)

My router is a Linksys WRT1900ac that I like very much. It supports port forwarding, and the Synology can often talk directly to a router and request open ports. However, there's something to be said for handling things yourself. It lets you know exactly what's going on, and it can be less of a "black box."

Login to your router and in this case of L2TP, forward UDP ports 1701, 500, and 4500. On my Linksys, it's under Security, Apps and Gaming.

The Device IP is the internal IP address of your Synology. It's best to have your Synology use a Static IP address, or at least have a DHCP reservation so this IP doesn't change and things stop lining up.

Port Forwarding in a Router

Also, ensure that your Router is passing L2TP traffic as well. I changed this under Security.

L2TP Passthrough

At this point, you should be able to at least try to connect to your house via VPN. I did this as a quick test by taking my iPhone off the wireless networking (thereby being on the open internet) and VPN'ing back in.

If you succeed, you should be able to see yourself in the VPN Server | Connection List area on our Synology.

VPN Server

Here's what I did on my iDevice to setup VPN.

Setting up iOS/iPhone/IPad for VPN

From the iOS Settings app, go General | VPN. Touch Add VPN Configuration. I selected L2TP and put in my Server name or IP and named the account "home."

NOTE: If you don't want to use your IP address, you can use the dynamic DNS feature built into your Synology, or any one of many dynamic DNS systems that will give you a nice domain like "" or whatever. You can also, if you like, setup a CNAME with your own domain and point it to that dynamic domain. So could be your server, if you wanted.

With L2TP you'll need your username and password, as well as a Shared Secret. That's like another password. Specifically the Secret text box in iOS is the "pre-shared key" from your Synology L2TP VPN setup.

Add VPN in iOS

At this point you'll get a nice VPN option on your Settings app under Personal Hotspot that wasn't there before. You can turn it on and off now, easily.

VPN Connecting in Settings

Once I'm VPN'ed in I can see a [VPN] indicator in the top status bar. I've installed the FREE Microsoft Remote Desktop Client for iOS.

RD Client on an iPhone - Remote Desktop

And here's me VPN'ed into my home PC from my iPhone. This of course, can be done on Android and Windows Phone as well.

Remoted into my desktop at home with RDP

It looks small, but in reality it's very usable, especially from an iPad with a Bluetooth Keyboard.

Setting up L2TP VPN on Windows 8.1

Now I'll setup VPN back to home on my Windows 8.1 machine. For some reason this was super easy in Windows 7, but in Windows 8.1 there isn't a clear way to just add a L2TP VPN. You can add other simpler (or Vendor) VPNs in a straightforward manner, but not L2TP.

Just hit the Windows key (or Start Menu) and type "Add VPN." When you get to the VPN management screen, you'll see this and can fill it out.

Adding VPN

But L2TP VPN setup with a pre-shared key requires some more work. If you know of a simpler way, let me know. I can see about three different ways to get to the same result.

Go ahead and create a new VPN connection with the menu above. Select Microsoft as the VPN type and put in your server address and optionally name and password. This will create the VPN connection.

Pay attention now. Go back to the Start Menu and type "Network Connection." You want the first item called "View Network Connection" (a classic control panel, not a fullscreen 'metro' one).

Opening Network Connections

From there, you'll open a classic control panel and see your VPN connection. Right click and click Properties.

Network Connections with VPN

Click Security, make sure L2TP is set, then click Advanced Settings.

L2TP VPN in Windows 8'

Put your pre-shared key there.

Setting a preshared key

Connect to your home VPN and have fun

Of course, please do remember to use strong passwords, strong pre-shared keys, and change them. Don't be lazy.

At this point you can connect to your home/office and work to your heart's content.

VPN Connection in Windows 8

For some of you this is "duh" or old hat, but for me it was something I just never got around to doing. Mostly laziness prevented. But just last week I had to drive 30 miles back to my house from a dinner in order to move a file from my Desktop into Dropbox. I'm pretty sure I'm not the only reasonably smart techie with a story like that. This VPN setup would have meant I could do that from my phone and it would have saved me a big hassle and over an hour of my time.


About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Refresh Your PC in Windows, AppData, and my missing Minecraft worlds

January 8, '15 Comments [32] Posted in Win8
Sponsored By

I thought I lost everything today. Well, not really, I have a very regular Backup Strategy (stop reading this blog post NOW and back your stuff up!) so I could get stuff back if I really needed to.

But a laptop died today. It just wouldn't start up and I had to run "Refresh my PC," a very cool feature of Windows that basically mostly reinstalls Windows without reinstalling. It promises not to lose your files. And it's (99%) true, because when I got Windows back up later my Documents and Desktop were just as I left them, untouched by the this major operation.

Refresh your PC - Windows 8.1

Fortunately I used Boxstarter, Chocolately, and a list of the programs I have installed as a Gist and was able to get my Windows machine with all my desktop programs back up and running in a few hours. All my files were backed up to the cloud and every file was where I left it.

Except the most important ones. ;)

I launched Minecraft, and saw this. And almost died.

My minecraft worlds are missing!

Where's my Minecraft save games/worlds?

I thought Windows promised to not change my files!? Well, sadly Minecraft doesn't save worlds in "My Documents\Minecraft," where it should. It puts them instead in c:\Users\YOURNAME\AppData\Roaming\.minecraft\saves which is basically like a temp folder of sorts for config data.

Fortunately after my initial freak out, even these files aren't lost, they are in C:\Windows.old\users\YOURNAME\AppData\Roaming\.minecraft\saves along with all your other AppData stuff including the npm-cache, .emacs.d, and other config data you might want.

Move them back, and you're (I'm) all set!

To the (Minecraft) Cloud!


Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

The real and complete story - Does Windows defragment your SSD?

December 3, '14 Comments [69] Posted in Win7 | Win8
Sponsored By

There has been a LOT of confusion around Windows, SSDs (hard drives), and whether or not they are getting automatically defragmented by automatic maintenance tasks in Windows.

There's a general rule of thumb or statement that "defragging an SSD is always a bad idea." I think we can agree we've all heard this before. We've all been told that SSDs don't last forever and when they die, they just poof and die. SSDs can only handle a finite number of writes before things start going bad. This is of course true of regular spinning rust hard drives, but the conventional wisdom around SSDs is to avoid writes that are perceived as unnecessary.

Does Windows really defrag your SSD?

I've seen statements around the web like this:

I just noticed that the defragsvc is hammering the internal disk on my machine.  To my understanding defrag provides no value add on an SSD and so is disabled by default when the installer determines the disk is SSD.  I was thinking it could be TRIM working, but I thought that was internal to the SSD and so the OS wouldn’t even see the IO.

One of the most popular blog posts on the topic of defrag and SSDs under Windows is by Vadim Sterkin. Vadim's analysis has a lot going on. He can see that defrag is doing something, but it's not clear why, how, or for how long. What's the real story? Something is clearly running, but what is it doing and why?

I made some inquiries internally, got what I thought was a definitive answer and waded in with a comment. However, my comment, while declarative, was wrong.

Windows doesn’t defrag SSDs. Full stop. If it reports as an SSD it doesn’t get defraged, no matter what. This is just a no-op message. There’s no bug here, sorry. - Me in the Past

I dug deeper and talked to developers on the Windows storage team and this post is written in conjunction with them to answer the question, once and for all

"What's the deal with SSDs, Windows and Defrag, and more importantly, is Windows doing the RIGHT THING?"

It turns out that the answer is more nuanced than just yes or no, as is common with technical questions.

The short answer is, yes, Windows does sometimes defragment SSDs, yes, it's important to intelligently and appropriately defrag SSDs, and yes, Windows is smart about how it treats your SSD.

The long answer is this.

Actually Scott and Vadim are both wrong. Storage Optimizer will defrag an SSD once a month if volume snapshots are enabled. This is by design and necessary due to slow volsnap copy on write performance on fragmented SSD volumes. It’s also somewhat of a misconception that fragmentation is not a problem on SSDs. If an SSD gets too fragmented you can hit maximum file fragmentation (when the metadata can’t represent any more file fragments) which will result in errors when you try to write/extend a file. Furthermore, more file fragments means more metadata to process while reading/writing a file, which can lead to slower performance.

As far as Retrim is concerned, this command should run on the schedule specified in the dfrgui UI. Retrim is necessary because of the way TRIM is processed in the file systems. Due to the varying performance of hardware responding to TRIM, TRIM is processed asynchronously by the file system. When a file is deleted or space is otherwise freed, the file system queues the trim request to be processed. To limit the peek resource usage this queue may only grow to a maximum number of trim requests. If the queue is of max size, incoming TRIM requests may be dropped. This is okay because we will periodically come through and do a Retrim with Storage Optimizer. The Retrim is done at a granularity that should avoid hitting the maximum TRIM request queue size where TRIMs are dropped.

Wow, that's awesome and dense. Let's tease it apart a little.

When he says volume snapshots or "volsnap" he means the Volume Shadow Copy system in Windows. This is used and enabled by Windows System Restore when it takes a snapshot of your system and saves it so you can rollback to a previous system state. I used this just yesterday when I install a bad driver. A bit of advanced info here - Defrag will only run on your SSD if volsnap is turned on, and volsnap is turned on by System Restore as one needs the other. You could turn off System Restore if you want, but that turns off a pretty important safety net for Windows.

One developer added this comment, which I think is right on.

I think the major misconception is that most people have a very outdated model of disk\file layout, and how SSDs work.

First, yes, your SSD will get intelligently defragmented once a month. Fragmentation, while less of a performance problem on SSDs vs traditional hard drives is still a problem. SSDS *do* get fragmented.

It's also worth pointing out that what we (old-timers) think about as "defrag.exe" as a UI is really "optimize your storage" now. It was defrag in the past and now it's a larger disk health automated system.

Used under CC. Photo by Simon WüllhorstAdditionally, there is a maximum level of fragmentation that the file system can handle. Fragmentation has long been considered as primarily a performance issue with traditional hard drives. When a disk gets fragmented, a singular file can exist in pieces in different locations on a physical drive. That physical drive then needs to seek around collecting pieces of the file and that takes extra time.

This kind of fragmentation still happens on SSDs, even though their performance characteristics are very different. The file systems metadata keeps track of fragments and can only keep track of so many. Defragmentation in cases like this is not only useful, but absolutely needed.

SSDs also have the concept of TRIM. While TRIM (retrim) is a separate concept from fragmentation, it is still handled by the Windows Storage Optimizer subsystem and the schedule is managed by the same UI from the User's perspective. TRIM is a way for SSDs to mark data blocks as being not in use. Writing to empty blocks on an SSD is faster that writing to blocks in use as those need to be erased before writing to them again. SSDs internally work very differently from traditional hard drives and don't usually know what sectors are in use and what is free space. Deleting something means marking it as not in use. TRIM lets the operating system notify the SSD that a page is no longer in use and this hint gives the SSD more information which results in fewer writes, and theoretically longer operating life. 

In the old days, you would sometimes be told by power users to run this at the command line to see if TRIM was enabled for your SSD. A zero result indicates it is.

fsutil behavior query DisableDeleteNotify

However, this stuff is handled by Windows today in 2014, and you can trust that it's "doing the right thing." Windows 7, along with 8 and 8.1 come with appropriate and intelligent defaults and you don't need to change them for optimal disk performance. This is also true with Server SKUs like Windows Server 2008R2 and later.


No, Windows is not foolishly or blindly running a defrag on your SSD every night, and no, Windows defrag isn't shortening the life of your SSD unnecessarily. Modern SSDs don't work the same way that we are used to with traditional hard drives.

Yes, your SSD's file system sometimes needs a kind of defragmentation and that's handled by Windows, monthly by default, when appropriate. The intent is to maximize performance and a long life. If you disable defragmentation completely, you are taking a risk that your filesystem metadata could reach maximum fragmentation and get you potentially in trouble.

Related Links

* photo by Simon Wüllhorst, used under CC BY 2.0.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Video: My non-technical partner tries Windows 10 for the first time

October 23, '14 Comments [23] Posted in Win10 | Win8
Sponsored By

You may have watch my YouTube series on being an effective user of Windows 8 and 8.1. I've made a short URL for you to give to your friends and family It'll take you to a YouTube Playlist that includes all my best tips and tricks on using Windows. The most popular is "Learning Windows 8 in 3 minutes" but if you're looking to get yourself, or perhaps non-technical Dad and Mom up to date on Windows 8, I recommend they check out "Windows 8: The Missing Instruction Manual." It's calmly paced and explains everything they'll need to know.

A lot of people say "Windows 8 isn't intuitive." That's up for debate, I think, as there's a big difference between unfamiliar and unintuitive. A few minutes of your time and you'll feel a lot more "intuitively" about Windows.

That said, Windows 10 is coming. If you have an extra machine you can sign up for the Preview here. It's very early and I would not put this on your primary machine.

I thought it would be interesting to show my very smart, but rather non-technical wife Windows 10 for the first time. Here's an uncut video of her experience running the first build of the Windows 10 Technical Preview.

I encourage you to watch it, it's rather interesting the way that she discovers "new" features, but also learns about existing features from as far back as Windows 7. If you've ever do a usability test you'll find the interactions fascinating.

And again, do check out and share

Sponsor: Big thanks to my friends at Octopus Deploy. They are the deployment secret that everyone is talking about. Using NuGet and powerful conventions, Octopus Deploy makes it easy to automate releases of ASP.NET applications and Windows Services. Say goodbye to remote desktop and start automating today!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Fixing the Touch Screen in Windows 8.1 on my old HP TouchSmart with NextWindow Drivers

August 8, '14 Comments [16] Posted in Win8
Sponsored By

HP TouchSmartWe've got an older HP TouchSmart all in one computer that we use as the "Kitchen PC." It's basically a browsing, emails, YouTube, and recipes machine. It's lovely machine, really. I've actually seen them at Goodwill, in fact, for cheap. If you can pick one up inexpensively, I recommend it.

Mine was starting to get sick so I opened it up (a challenge, but OK if you count all the screws) and replaced the Hard Drive. It comes with a 500gig 5400RPM full size SATA drive as I recall, but that was on its last legs. I happen to have a first gen 64G Intel laptop SSD around, so I use some 3M Command double-sided tape and basically taped this tiny hard drive to the inside of the thing and reinstalled Windows. This time, however, instead of the Windows Vista that it came with, I put on Windows 8.1.

You'd think I'd be asking for trouble. In fast, it's amazing. Literally everything worked, first try, with ZERO third party drivers. Blueooth, wireless, graphics, everything. Worked and worked immediately. Nothing was banged out in Device Manager. Even the touch screen worked, but only with 1 point of touch. That meant no pinch to zoom in browsers or maps. Cool, but I wanted to see if I could fix it.

These HP TouchSmarts had touch screens made by a New Zealand company called NextWindow, except they recently went out of business. Their website includes a few drivers, but not the one I needed.

I've mirrored them here because I don't trust that their website will be around long.

Here's the actual driver I needed for the TouchScreen. It doesn't appear to be available anywhere else, so I'm mirroring it here, as-is. It's the "HID Driver" (Human Interface Device) driver for the NextWindow 1900 TouchScreen. It's version 1.4 from May 24th, 2012. It works with NextWindow 2150 and 2700 touchscreens as well and it works under Windows XP, Vista, Windows 7, and now Windows 8 and 8.1!

This completely brought my HP TouchSmart new life with proper multitouch. It's paved completely with a new Windows 8.1 installation and just one third party driver and NO HP crapware.

Hope this helps you, random internet visitor.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Page 1 of 6 in the Win8 category Next Page

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.