nordvpn app restricts access to nas

128bit

Regular Contributor
i recently retired my ac86u for the ax86u. ran stock for a few days then upgraded to the latest merlinware. much like the stock version, i cannot access my nas (usb plugged into ax86u) if nordvpn is running. with few exceptions, it doesn't matter if the vpn is enabled or not.

3 wired/wireless win10 devices run the app and it is configured to launch at startup. when disabled from running at startup, i can access the nas fine and see its hostname in file explorer. the nord folks were not very helpful but i did learn this, if i use the nas' dotted decimal (e.g., \\192.168.4.4) in file explorer, i can access the nas provided i enter the router's userid/pswd; keep in mind, when not running nordvpn, a secure login is not required. seems like a names problem. wondering if i could explicitly define it somewhere - do we still use the hosts file?
 

Tech Junky

Very Senior Member
When you use Nord on the client devices it forces l traffic into the tunnel so you don't leak info. If you move the VPN to the router then it works as expected. If the router is advertising the USB samba share as a name it won't reach the clients while connected to a VPN. If you want LAN access while connected you need to enable split tunneling.
 

eibgrad

Part of the Furniture
When connected to the NordVPN app, presumably it has changed the client's DNS server to its own, so you lose local name resolution w/ DNSMasq on the router. It's still accessible by IP because then you're NOT relying on DNS to reach the NAS. But you've probably bound your public/private keypairs only to the router by name, and NOT its ip, so it prompts for the username/password.

A local hosts file would override *any* DNS server, so that may be the best solution.
 

ColinTaylor

Part of the Furniture
@128bit In the NordVPN app Advanced Settings do you have Invisibility on LAN enabled? If so disable it.
 

128bit

Regular Contributor
When connected to the NordVPN app, presumably it has changed the client's DNS server to its own, so you lose local name resolution w/ DNSMasq on the router. It's still accessible by IP because then you're NOT relying on DNS to reach the NAS. But you've probably bound your public/private keypairs only to the router by name, and NOT its ip, so it prompts for the username/password.

A local hosts file would override *any* DNS server, so that may be the best solution.
it worked!

man, i likely haven't edited a hosts file since the 90s. had lots network training but never got to work on those devices so it all went poof.

this is the fix, i can see the nas whether connected or not.

. . . much appreciated
 

128bit

Regular Contributor
When you use Nord on the client devices it forces l traffic into the tunnel so you don't leak info. If you move the VPN to the router then it works as expected. If the router is advertising the USB samba share as a name it won't reach the clients while connected to a VPN. If you want LAN access while connected you need to enable split tunneling.
not very familiar with a vpn on the router and it would effect my firesticks. so i use their app.
 

ColinTaylor

Part of the Furniture
He doesn't lack LAN access. It works based on IP. The problem is the choice of DNS server.
It didn't sound like a DNS issue because he didn't say he was entering a hostname anywhere. Samba (v2) access from File Explorer is done with SSDP not DNS. When I use the NordVPN app I have no problem accessing my router's shares from File Explorer even though it's hostname is not resolvable in DNS.
 

eibgrad

Part of the Furniture
It didn't sound like a DNS issue because he didn't say he was entering a hostname anywhere. Samba (v2) access from File Explorer is done with SSDP not DNS. When I use the NordVPN app I have no problem accessing my router's shares from File Explorer even though it's hostname is not resolvable in DNS.

Hard to be sure exactly what the OP was doing. I inferred the use of a hostname given his mentioning an explicit IP worked. Perhaps the Samba server is only configured for SMB1, or the client is using SMB1 (XP?). Who knows. But clearly local name resolution was an issue, so I have to assume something along those lines.

P.S. Good point about SMB2 behavior.
 

Tech Junky

Very Senior Member
not very familiar with a vpn on the router and it would effect my firesticks. so i use their app.
This is where split tunneling / VPN director (asus) comes into play by excluding certain devices from the tunnel. Amazon does get picky about VPN IP's and restricts content when connected for certain things but, allows you to spend money no matter what IP you come to their site from. Go figure. Nord does a good job though with cycling IPs on their servers to avoid some of this nonsense but, yeah it's still an issue sometimes.

The issue with Asus though is OVPN is slow by 50% vs Nordlynx /wireguard that will run at wire speed on the clients.
 

ColinTaylor

Part of the Furniture
Perhaps the Samba server is only configured for SMB1, or the client is using SMB1 (XP?). Who knows.
But even with SMBv1 name resolution is done with NetBIOS (which is broadcast traffic) not DNS.

But clearly local name resolution was an issue, so I have to assume something along those lines.
Indeed.
 

128bit

Regular Contributor
Hard to be sure exactly what the OP was doing. I inferred the use of a hostname given his mentioning an explicit IP worked. Perhaps the Samba server is only configured for SMB1, or the client is using SMB1 (XP?). Who knows. But clearly local name resolution was an issue, so I have to assume something along those lines.

P.S. Good point about SMB2 behavior.
sorry for the delay, guys. it seems like a dns issue to me as file explorer displays these as hostnames. it would display the router's name under "network infrastructure" and the nas under "computer" but was unable to resolve the nas name to see its file structure. that was weird as it did resolve the router and they're the same address but likely a different port. still, one entry in the hosts file fixed all of that. i may add another entry for my printer which can be flakey when she wants to print. (she wants to print everything so when it fails, it saves a ton on ink money).

with merlinware, both smb v1 & v2 are the defaults and i left them like that.

in my spare time, i rebuilt my rig and that's been challenging. it was supposed to be a simple cpu upgrade with a larger fan but i got sloppy and didn't ground myself. when put back together had lots of issues. so a new m-board later, i'm down to one - crashing after waking from sleep.

i'll try to be more vigilant here

. . . just changed to smb v2 only.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top