Synology NAS external access setup on FWP VPN in router mode
Anyone figured out the correct end to end port settings to allow access to NAS from outside network via VPN, preferably using the iOS Files tool? I can access NAS just fine on internal wifi, but when connecting from outside using wireguard VPN, I can’t see the NAS. Here are the port settings: https://kb.synology.com/en-global/DSM/tutorial/What_network_ports_are_used_by_Synology_services
I have tried turning on Upnp in the FWP port forwarding to run the auto setup in Synology DSM - no joy.
I’ve tried forwarding the smb ports in FWP, no joy.
NAS does not recognize the FWP as a router (even with UPNP turned on in FWP), so can’t do any setup on the NAS automatically and I can’t figure out whether any is needed.
thanks for the help,
mike
I have tried opening the smb ports
-
I can connect to my SMB shares in iOS files outside my network as long as I am VPNed. I use wireguard, and have it set up to VPN in automatically when I leave my network. I still have access to my SMB shares .... I don't have synology NAS, I have a Windows Server 2012 that runs at my house, but does Synology have any type of blocking that restricts to only a local ip subnet? Since Wireguard is on a different subnet????
-
You can definitely use VPN and that would be more secure than just opening up a port to your Synology. If that isn't a deal breaker, I would recommend that. If it is essential that you have access without a VPN then you should be able to forward a port to your Synology and create a rule that allows ingress to your network.
-
Yep, all I’m trying to do is access it via the VPN. So I shoudl not have to do port forwarding in that case, even though I’m on a diff subnet with the VPN, right? Do not want or need access w/o the VPN. challenge is that when I come in from the VPN, i can see everything else in my network except the NAS. There must be some setting on the NAS that’s at issue, so I have a ticket into Synology.
I did find an old thread elsewhere that noted the DoS protection w/in the NAS would not allow you to connect from another subnet. I turned that off on the NAS, but i still get the same issue.
Thx. Mike
-
Michael,
Tried those rules (I think) but no joy. Here’s the context:
-I have a main a google mesh system so to do the workaround there, I have a Wifi Network (only the google mesh bits are on that) as well as a Main network and the Wireguard networks.
-I thought I could access my entire Main network from the WG VPN, but there are a few devices that I can’t now that I’ve searched them all. NAS was only one I cared about, but I also can’t see the printer or the Roku boxes (since not at home, who care). But that indicates its not a NAS problem and likely a VPN/FWP problem, correct?
-I have the VPN stock/default setup with no new or extra rules.
-Per your note above, I added a rule that Blocked all traffic from and to All Local Networks ON the Wireguard VPN.
-I added a rule that Allowed all traffic TO Main Network On Wireguard Network. ( I also tried traffic from and to Main)
-No ports forwarded on the FWP.
=I still can’T access the NAS or see the VPN, printer, etc.
Thanks,
mike
-
FWP is in router mode. It is setup per Solution 1 in the attached: https://help.firewalla.com/hc/en-us/articles/4416280723859-Google-Wifi-or-Nest-Wifi-Mesh-network-with-Purple-Beta-
All devices including NAS, printer, etc., are in the Main Network. Of course, the Wireguard network is another subnet when its active.
Please sign in to leave a comment.
Comments
10 comments