Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

SSH to Synology NAS via Firewall Gold VPN

Follow
Avatar
Phil

Hi,

I purchased a Gold a couple of months ago and have been getting settled in with it. One thing I've been trying to get going is the VPN server functionality. It was pretty easy to setup and I was quickly getting into my home network and was able to confirm that it appeared I was browsing from the comfort of my home. Aside from securing public WiFi, I also want to gain secure access to my home systems on occasion. Overall, I've been successful with this, save being able to SSH into one of my systems, namely my Synology NAS. I can ssh into other devices like my raspberry pi and my Firewalla Gold, but when I try to get into my NAS, the SSH handshake never completes and quickly terminates with 'kex_exchange_identification: read: Connection reset by peer'. Without the VPN in play, it works just fine.

In the interim, I can certainly use my Gold or my Pi to hop into my Synology, but certainly not ideal in the end. I am SSH'ing from my MacBook.

I'm hoping someone else out there has run into and solved this, thanks in advance!

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    James Willhoite

    Haven’t had this problem myself, but are you using keys? Do you have ssh set up to only allow from a certain IP range? If you VPN in to the Gold the IP range is 10.57.44.0/24 (I think you can change this).

    0
    Comment actions Permalink
  • Avatar
    Phil

    Hi @James, thanks for the suggestion. I do have keys setup, but haven’t disallowed passwords yet. I’m not sure how to explicitly block IPs in the sshd, but I assume it’s potentially possible in its config. That said, I’m not sure if there’s a good way to tweak the ssh config outside of DSM. I feel like most config tweaking with Synology will be lost if you don’t use their official way. 

    Anyway, I did figure it out. I must have put this setting in a couple years ago and totally forgot about it since I hadn’t anticipated wanting to access it via an external IP or at least in appearance. I modified Control Panel > Security > Acount. Specifically I enabled “Auto Block” and within that I added my router’s IP to the block list. Even though OpenVPN establishes 10.x.x.x IP subnets, all traffic from the VPN appears to originate from the Gold. I’m not sure if that is an artifact from how OpenVPN works or just how Firewalla has configured it, but that definitely was unexpected.

    Anyway thank you for your response.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post