OpenVPN on Asus Router: Synology NAS Fails to Update AntiVirus Definitions

[billybob2]

After much consideration decided to setup remote connection to my Synology NAS through my Asus AX11000 Router vs on NAS. I have the latest version (3004_388.5_0) of Merlin firmware installed. On the NAS, I enabled DDNS support and have a hostname (xxx.synology.me) registered to my account. I have set up OpenVPN on the router. Under the OpenVPN Client Settings_Network Settings, I have setup a server address (xxx.asuscomm.com) using port 1194. I'm using VPN Director (policy rules) to redirect internet traffic to my server ip address and using "Accept DNS Configuration" in Strict mode. Exported the OpenVPN Configuration File to my mobile devices. Using the mobile OpenVPN app, I can successfully connect to my Synology NAS and access media. I'm also able to access the NAS normally on my local network.

However when the router OpenVPN is turned on, my NAS can no longer receive automatic AntiVirus definition updates. I also get a warning email from Synology that connection to my NAS (xxx.synology.me) has been lost. If I disable router OpenVPN, then I get an email from Synology that connection to my NAS has resumed and get access to AntiVirus definitions.

So my question is whether it is normal that I should expect the above situation to happen as a consequence to enabling a VPN connection? If not normal, is there a misconfiguration in my NAS or Router that causes this to happen?

Further issue. With the router VPN server enabledd, when I enable the mobile OpenVPN connection to my router, I see I am connected on both the mobile device and on the router VPN server connection status. With the VPN server on the router still enabled, if I disconnect the mobile OpenVPN, I still see the Connection Status on my router as connected. Even after a refresh of the page. However on the mobile device, I can't connect to the NAS using Synology Audio, Photos, etc. So that is good. My conclusion here is Merlin or Asus has an issue in updating connection status. Also when I hit the Kill Switch (with mobile VPN connection still disabled) on the OpenVPN mobile device app, I immediately get a change in the VPN connection as being enabled and it shows a valid connection. If I hit the Kill Switch again, it disables the connection. So in essence, the Kill Switch seems to toggle the connection the same as the slider on/off button. That doesn't seem right to me. So maybe I don't understand the purpose of the Kill Switch. I hope I've explained this well.

Thanks so much for you help and guidance.

 

[ColinTaylor]

I have set up OpenVPN on the router. Under the OpenVPN Client Settings_Network Settings, I have setup a server address (xxx.asuscomm.com) using port 1194. I'm using VPN Director (policy rules) to redirect internet traffic to my server ip address and using "Accept DNS Configuration" in Strict mode. Exported the OpenVPN Configuration File to my mobile devices.

This doesn't seem to make any sense. Why are you setting up the router's VPN client when you should be using the VPN server?

 

[billybob2]

This doesn't seem to make any sense. Why are you setting up the router's VPN client when you should be using the VPN server?

Maybe it is my misunderstanding of how to properly configure the router openvpn and misinterpreting the guide I followed. I properly can re-find the guide if you need it.

Objective: When I want to enable a remote connection (let's say traveling), I only want the NAS to use the VPN connection. There may be others on the local network that don't want to be behind the router vpn. So to do this, I configured the VPN Client to redirect the vpn connection to the NAS only. Also in my research, I discovered there is an open source tool called x3mRouting if I ever wanted to more easily manage VPN connections to various devices/apps (AppleTV, Netflix, etc). This tool also describes configuring the VPN Client on the Asus Router.

So does this answer your question or am I still missing something. Thanks

 

[ColinTaylor]

You are getting confused between the VPN client and VPN server and making things unnecessarily complicated. You only want the VPN server running, not the client. So turn off the client.

Now, when you want to access the NAS remotely you enable the VPN client on your travelling device and connect to the NAS using it's LAN IP address.

 

[billybob2]

Your question made me do some rethinking, further testing, and you are right...my confusion. I turned off VPN Client with only the VPN Server enabled. Now AntiVirus Definitions can be updated and I still get a remote connection. Again thanks!

So can you explain the purpose of the VPN Client settings on the router?

So do I have this right. If I want a device to use, for example the NordVPN server, I could set that up in the VPN Client tab per NordVPN's router setup procedure. Does this mean a local device can connect to NordVPN while a remote device using OpenVPN can connect to my NAS? No conflicts?

 

[ColinTaylor]

The VPN client and VPN server are used for two separate purposes. They are not linked to each other.

Typically you would use the VPN server when you want remote access to devices on your LAN (like you do).

The VPN client is used to connect the router to a VPN server at some remote location. Traditionally this would be something like your employer's VPN server for remote working. However, it's most common use today is for connecting to a commercial VPN service like NordVPN. People want to do this to a) access geo-blocked content in other countries, or b) hide their (illegal) activity from their ISP or government agencies.

 

[billybob2]

Thank you for being so helpful and putting me on the right path.