- Local time
- 11:50 PM
- Posts
- 1,719
- OS
- Windows 11
Let's go back to some basics. You have a modem/router. The WAN side of that router is connected to your Internet Service Provider - the internet - and has an IP address assigned by the ISP. For example, mine is currently 24.21.69.xx. The router has a Network Address Translation firewall which separates the WAN (internet) side from your local (LAN) network side. All of the devices on your local network get IP addresses assigned by the router in the form of 192.168.1.xx (or 192.168.0.xx, 10.0.0.xx, or something similar). My NAS is always 192.168.1.15. Every device on your local network with an IP address in the range of your LAN such as 192.168.1.xx will be able to communicate with every other device on your LAN within the same range of IP addresses, without going through a VPN. This communication can be via web browser, SMB, FTP, just about any protocol, it does not matter.So for instance thru the browser? Like, if I was going to log into DSM via Edge by typing in the NAS' IP address?
Communication from a device on your local LAN to the internet is initiated by the device on your local network opening a port through the NAT firewall in the router. Once the requested communication is completed, that port is closed again. I told you the IP address of my NAS is always 192.168.1.15 - but you cannot communicate with my NAS at that IP address because that IP address is behind the NAT firewall in my router and only the devices on my local network can communicate with my NAS using that IP address. In order to communicate with my NAS remotely - from outside my local network, usually over the internet, you need to things. One, you need to know the public IP address assigned to the WAN side of my router by my ISP, which will be 24.21.69.xx. Second, you need an open port through the NAT firewall on my router through which to access my local network.
The VPN server (mine is in my router, yours in your NAS) serves only one purpose. It provides the open port through the NAT firewall to allow outside connections to your local network. It also guards this port with passwords, certificates, and encryption so that only a device that is authorized can be let in. When I connect to my VPN server from the Internet with a device with the matching VPN client and authorization, using the public IP address of 24.21.69.xx, that device gets attached to my local network by the VPN server. The VPN client on the remote device gets a local network address from my router in the form of 192.168.1.xx which is within the same range as all the other devices on my local network. Now I can access my NAS at IP address 192.168.1.15 because the network traffic flows between the VPN client and server using local network addresses, not the public WAN side IP address.
Think of your local network where you NAS is on as an island surrounded by toxic, boiling water. Nobody can get to your island by crossing the water. The water is the NAT firewall in your router. But there is one bridge across the water to the mainland with a guard on it. The guard will let people from your island go off your island to the mainland and bring stuff back. That is the normal communication between the your local network and the internet - it starts with a device on your network and only the expected responses back are let through. But, if someone from the mainland knows the secret password to give to the guard, he will them through and grant them access to the island. That is what your VPN server does. It allows a connection to your LAN that did not start from your LAN. No traffic that stays on your island needs to go across the bridge.
My Computers
System One System Two
-
- OS
- Windows 11
- Computer type
- PC/Desktop
- Manufacturer/Model
- Homebuilt
- CPU
- AMD Ryzen 7 3800XT
- Motherboard
- ASUS ROG Crosshair VII Hero (WiFi)
- Memory
- 32GB
- Graphics Card(s)
- EVGA GeForce GTX 1080 Ti
-
- Operating System
- Windows 11 Education
- Computer type
- Laptop
- Manufacturer/Model
- Dell Inspiron 7773
- CPU
- Intel i7-8550U
- Memory
- 32GB
- Graphics card(s)
- Nvidia Geforce MX150
- Sound Card
- Realtek
- Monitor(s) Displays
- 17"
- Screen Resolution
- 1920 x 1080
- Hard Drives
- Toshiba 512GB NVMe SSD
SK Hynix 512GB SATA SSD
- Internet Speed
- Fast!