Next step on the Synology journey
Discussion
My journey with my new Synology NAS is generally going well, with everything set up as per Synology’s guidance and with help from https://www.wundertech.net/synology-nas-initial-se... . I’m now at the stage of trying to use OpenVPN to enable me to access the NAS remotely and I've followed section 4.1.1 in the linked article but can’t get it to work. When I try to connect from my iPhone (or a remote Mac) I keep getting “Connection Timeout” errors saying that the connection failed to establish within the given time.
I’m using Synology DDNS and have forwarded port 1194 on the router and opened the port on the Synology NAS firewall. As far as I can tell, no external connection is reaching the NAS. I’m afraid that I’m lost when it comes to networking - please can anyone guide me as to how to diagnose where the fault is?
I’m using Synology DDNS and have forwarded port 1194 on the router and opened the port on the Synology NAS firewall. As far as I can tell, no external connection is reaching the NAS. I’m afraid that I’m lost when it comes to networking - please can anyone guide me as to how to diagnose where the fault is?
Check the port is open, https://www.yougetsignal.com/tools/open-ports/
Check that the DDNS is up to date with your public IP. (you could use an alternative DDNS if synology's service is not keeping up)
I don't think cgNAT is likely, but worth a check, https://www.purevpn.com/blog/how-to-check-whether-...
Check that the DDNS is up to date with your public IP. (you could use an alternative DDNS if synology's service is not keeping up)
I don't think cgNAT is likely, but worth a check, https://www.purevpn.com/blog/how-to-check-whether-...
Having fallen foul of a few gotchas on a Netgear NAS...
Is it on the same network? Mine had its own IP address, not automatic DHCP. Shift the LAN cable from PC->router to PC->NAS and bobs your uncle.
Is there user-level security? Mine needed to be on a MS workgroup (yes it's old) and also to allow any local connections.
Do you actually have the right IP address? Sometimes I resort to doing a port scan. If there is a web or app UI for the NAS that's helpful in finding out the network details.
Is it on the same network? Mine had its own IP address, not automatic DHCP. Shift the LAN cable from PC->router to PC->NAS and bobs your uncle.
Is there user-level security? Mine needed to be on a MS workgroup (yes it's old) and also to allow any local connections.
Do you actually have the right IP address? Sometimes I resort to doing a port scan. If there is a web or app UI for the NAS that's helpful in finding out the network details.
78Pace said:
My journey with my new Synology NAS is generally going well, with everything set up as per Synology’s guidance and with help from https://www.wundertech.net/synology-nas-initial-se... . I’m now at the stage of trying to use OpenVPN to enable me to access the NAS remotely and I've followed section 4.1.1 in the linked article but can’t get it to work. When I try to connect from my iPhone (or a remote Mac) I keep getting “Connection Timeout” errors saying that the connection failed to establish within the given time.
I’m using Synology DDNS and have forwarded port 1194 on the router and opened the port on the Synology NAS firewall. As far as I can tell, no external connection is reaching the NAS. I’m afraid that I’m lost when it comes to networking - please can anyone guide me as to how to diagnose where the fault is?
I connect to mine without using a VPN. Probably not ideal but there we have it.I’m using Synology DDNS and have forwarded port 1194 on the router and opened the port on the Synology NAS firewall. As far as I can tell, no external connection is reaching the NAS. I’m afraid that I’m lost when it comes to networking - please can anyone guide me as to how to diagnose where the fault is?
Edited by thebraketester on Saturday 7th January 07:13
Thanks everyone for your replies. Sorry for not providing an update sooner but I spent most of the weekend trying to sort this out. Some things seemed to make progress, while others didn’t. As my requirement is to remotely access the NAS, I wish to do it securely via VPN. I’ve now changed from using a Synology DDNS to a No-IP one. That seems to work well with the BT Smart Hub 2 and I can ping it from an external location using the DNS name, which I couldn’t get to work before. Unfortunately I’m still getting the same connection error message when trying to establish the OpenVPN connection from outside and have today found that port 1194 is not open, despite having set the port forwarding in the hub. That’s where I’m up to now and am stuck as to how to fix it. I’m pretty confident with everything else now, having checked and re-checked it all several times.
Have you set port forwarding for both TCP and UDP on 1194? OpenVPN uses both protocols.
It’s also a very good idea to set a static IP on your NAS when setting up port forwarding, that way you’re sure to always be forwarding to the right IP
Another thing to check is the firewall setting on Synology, ensure that you’re allowing
Source - any
Protocol - any
Destination port - 1194
It’s also a very good idea to set a static IP on your NAS when setting up port forwarding, that way you’re sure to always be forwarding to the right IP
Another thing to check is the firewall setting on Synology, ensure that you’re allowing
Source - any
Protocol - any
Destination port - 1194
Edited by Timmay0 on Monday 9th January 22:03
Timmay0 said:
Have you set port forwarding for both TCP and UDP on 1194? OpenVPN uses both protocols.
It’s also a very good idea to set a static IP on your NAS when setting up port forwarding, that way you’re sure to always be forwarding to the right IP
Another thing to check is the firewall setting on Synology, ensure that you’re allowing
Source - any
Protocol - any
Destination port - 1194
I didn't realise that OpenVPN used both protocols so have now made that change, but still getting the timeout error. I do already have a static IP address for the NAS and the Synology firewall settings are as per yours.It’s also a very good idea to set a static IP on your NAS when setting up port forwarding, that way you’re sure to always be forwarding to the right IP
Another thing to check is the firewall setting on Synology, ensure that you’re allowing
Source - any
Protocol - any
Destination port - 1194
Edited by Timmay0 on Monday 9th January 22:03
durbster said:
Why are you not using Synology's built-in remote access?
My logic was to keep my environment as secure as possible by choosing a 3rd party VPN solution rather than keeping everything within the one supplier. As an end user I've used OpenVPN for years at work with no issue and so thought I'd go with that. Despite following all the instructions to the letter, it's proven harder that I expected (and I'm a career IT'er
. There is always the fallback of Synology's solution, but I don't like being beaten once I've hit a challenge. It does seem that the main issue may concern the port forwarding on my BT router not working properly so that's now my area of focus.xeny said:
Can you connect to that static IP from inside your home LAN with the VPN client? That way you at least know if the issue is the router port forwarding or the NAS config.
I thought you couldn't connect with VPN across your home LAN and that you had to be external (presumably because the traffic needs to come via the firewall in the router? I've been using my iPhone as a client device not connected to the network purely for this testing.Having dug around looking at the devices on the LAN, I think I'm starting to see something that could be causing the problem. For some reason that I do not understand my work laptop has (had?) the same address (192.168.1.220) as my NAS and the port forwarding is flagged to both. I cannot understand why the IP address for my work laptop has been assigned that but.....my work laptop uses an OpenVPN client to connect into various corporate systems, while I'm trying to host an OpenVPN server on my NAS. It seems like the port forwarding rule might actually be working and sending all OpenVPN traffic to my work laptop which then rightly is rejecting my incoming connection.
If I'm on the right track then I need to somehow force the work laptop to use a different IP address to the NAS, or else possibly configure my OpenVPN server to use a different port from 1194 so that my NAS traffic is distinct from the work OpenVPN traffic (if that makes sense!)
78Pace said:
I thought you couldn't connect with VPN across your home LAN and that you had to be external (presumably because the traffic needs to come via the firewall in the router? I've been using my iPhone as a client device not connected to the network purely for this testing.
you often can't connect from inside to the router's "outside" address. The NAS is listening on the VPN ports inside the LAN, so you should find you can connect to its actual LAN IP address (i,e. the one you're port forwarding to).78Pace said:
Yay - that has worked within the LAN - thank you so much for the suggestion! So is that now saying that the port forwarding on the Smart Hub is where the problem is?
Port forwarding or dynamic DNS. I'd be tempted to go to whatsmyip.org from at home, and then try connecting to that IP from outside to confirm if it is the DDNS service or the port forward.DDNS appears to be working fine as I can ping that from an external location. Re accessing the OpenVPN logs, the client that I've been testing with is an iPhone and I'm struggling to find the logs - any pointers would be most welcome :-)
In the meantime it's back to the port-forwarding I think.....
In the meantime it's back to the port-forwarding I think.....
78Pace said:
DDNS appears to be working fine as I can ping that from an external location. Re accessing the OpenVPN logs, the client that I've been testing with is an iPhone and I'm struggling to find the logs - any pointers would be most welcome :-)
In the meantime it's back to the port-forwarding I think.....
Top right of the app's home screen is an icon that looks like a scroll of paper with "<>" on it, that gives the logs.In the meantime it's back to the port-forwarding I think.....
78Pace said:
My logic was to keep my environment as secure as possible by choosing a 3rd party VPN solution rather than keeping everything within the one supplier. As an end user I've used OpenVPN for years at work with no issue and so thought I'd go with that. Despite following all the instructions to the letter, it's proven harder that I expected (and I'm a career IT'er. There is always the fallback of Synology's solution, but I don't like being beaten once I've hit a challenge. It does seem that the main issue may concern the port forwarding on my BT router not working properly so that's now my area of focus.
I admire you determination, but I had the remote access on my Synology NAS up and running in 20 mins using their Quickconnect protocols, and i know 2/10s of bugger all about IT . There is always the fallback of Synology's solution, but I don't like being beaten once I've hit a challenge. It does seem that the main issue may concern the port forwarding on my BT router not working properly so that's now my area of focus.Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff