What's new

Assistance with connecting to nas via vpn

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Dee dee

Regular Contributor
Hi all,

I am remote and have Asus merlin setup at home.

I I am connecting via VPN and have a IP of 10. 8. 0. 1.

While i am connected to the VPN I can connect to my router with the IP of 192. 168. 2. 1 as well as my NVR on .40

But when I try and connect to my Nas on 2.3 it spins forever and doesn't connect.

I tried adding a static route in the lan section and rebooting and still nothing anything else I can try because I'm not home?

I can post pictures if it would help.

Thank you for reading and any assistance you can apply.
 
Can you ping the NAS over vpn, ssh to your router: can you ping the NAS from the shell ?
Try a tracert to see if there is a route back.
 
May be this could help:
 
@GSpock

Yes, I can ping the NAS from the putty session over VPN to my router.

But i cant access the web ui in the router nor ping without SSH.

Do i need to put something here like this (unsure what to do) ?
 

Attachments

  • routing_Q.png
    routing_Q.png
    184.9 KB · Views: 406
  • ping.png
    ping.png
    29.6 KB · Views: 384
  • OpenVPN Credentials.png
    OpenVPN Credentials.png
    249.6 KB · Views: 384
For a start remove the static route as it is invalid and just confuses matters.

Check the firewall setting on the NAS.

EDIT: Can you clarify what your VPN client is please? Is that another router?
 
@GSpock

Yes, I can ping the NAS from the putty session over VPN to my router.

But i cant access the web ui in the router nor ping without SSH.

Do i need to put something here like this (unsure what to do) ?
As Colin Taylor said, did you check (or even enabled) firewall on the NAS ?
Why did you set "advertise DNS to clients" to No ? Also, "compression" should be set to disable (I read in another post this might introduce security issues)
 
Can you ping the NAS from the shell running on your remote client (10. 8. 0. 1)? Can you ping any other devices located in 192. 168. 2. x?

Also you may also check the security settings of your NAS. It is possible that it has a setting to allow connections to Web GUI only from 192. 168. 2. x.
 
@netware5 Since i am not home I cannot connect to the WEBUI of the NAS, Im sure it's a security setting,.

For the pinging question, No I cannot ping (192.168.2.3) from my computer when it's connected to the VPN(OpenVPN), but can ping my router and my NVR.

Also @GSpock since I cannot access the webui from my NAS ( I cannot check the firewall setting), If i enable advertise DNS to clients or disable compression will that need me to regenerate a new key and would cause issues with connecting to the VPN again?
 

Attachments

  • pingworking.png
    pingworking.png
    14.1 KB · Views: 358
Interesting,

Just for trial I enabled port 5000(custom port I used) on my router to port forward to NAS and opened the port on my Fios Router, and now i can access the webui.

I assume it's a security risk to pass this info over the web without authentication, but should i just log in and check my static routes and or firewall on my NAS and see if 10.8.0.0 is allowed to be access?
 
Is your NAS configured to only allow local connections? It may not recognize the 10.0.0.0 subnet as local.
 
Ok, so for security I temporarily disabled the port on my router so it's closed again.

What are the steps I need to to do to connect to my NAS only on the VPN via IP?

Do i need to go to the NAS and do either
1.enable static route and put in the following( I'm sorry if the IP's are wrong, I'm confused on this part):

In Destination Network, put in the NAS itself (192.168.2.3)
In Netmask, enter the netmask of your destination (255.255.255.0).
In Gateway, enter your destination's gateway address (10.8.0.0)(From OpenVPN).
In Interface, select your destination's interface(LAN).

2.do i need to go ahead and add a rule in the firewall to enable access from 10.8.0.0 ?

It's a Synology NAS if it helps? I'm sorry if this is off topic but I am stumped on why it's not working.

Thanks for reading,
David
 
Is your NAS configured to only allow local connections? It may not recognize the 10.0.0.0 subnet as local.
I think so I've only ever connected from my internal network.

any idea where i would look to see where that is?
 
I would start with basics and put the Synology port at 80 and see if that works.
 
I would start with basics and put the Synology port at 80 and see if that works.
Never mind. I see you're trying to connect to DiskStation Manager, which defaults to port 5000. Leave it at port 5000.

First thing I would check is that you can access it from the LAN directly.
 
I would also check the permissions for your user group to make sure there are no restrictions based on IP address.

 
@sbsnb Nope, I only have 1 user account and I don't see a restriction there based on IP.

For also accessing by LAN (I can when I am at home), but not when on VPN.

Is there something I need to write for the static routes to enable it on the NAS to allow from 10.8.0.0 as a local network?

The other 2 points you mentioned above don't apply( I think) as I can't even ping the device when connected to the VPN(noted earlier)
 
You don't need a static route. It's most likely a restriction on the NAS. The IP based restrictions in Synology aren't in the user account, but in the group's settings. Did you verify that whatever group your username belongs to doesn't have any restrictions set?

I have FreeNAS on my LAN and have no issues accessing from anywhere in the world via VPN with no special routes or port forwards.
 
@sbsnb You were right!!!!!!

I feel so stupid for wasting your time, I'm sorry.

It was in firewall on the allow I had to allow my internal VPN's subnet and boom worked!

I attached a pic.

Did I do this insecurely or is this correct?
 

Attachments

  • worksnow.png
    worksnow.png
    135.5 KB · Views: 442

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top