OpenVPN dysfunctional on my Synology DS118 NAS


CSharpDev said:
So for instance thru the browser? Like, if I was going to log into DSM via Edge by typing in the NAS' IP address?
Click to expand...
Let's go back to some basics. You have a modem/router. The WAN side of that router is connected to your Internet Service Provider - the internet - and has an IP address assigned by the ISP. For example, mine is currently 24.21.69.xx. The router has a Network Address Translation firewall which separates the WAN (internet) side from your local (LAN) network side. All of the devices on your local network get IP addresses assigned by the router in the form of 192.168.1.xx (or 192.168.0.xx, 10.0.0.xx, or something similar). My NAS is always 192.168.1.15. Every device on your local network with an IP address in the range of your LAN such as 192.168.1.xx will be able to communicate with every other device on your LAN within the same range of IP addresses, without going through a VPN. This communication can be via web browser, SMB, FTP, just about any protocol, it does not matter.

Communication from a device on your local LAN to the internet is initiated by the device on your local network opening a port through the NAT firewall in the router. Once the requested communication is completed, that port is closed again. I told you the IP address of my NAS is always 192.168.1.15 - but you cannot communicate with my NAS at that IP address because that IP address is behind the NAT firewall in my router and only the devices on my local network can communicate with my NAS using that IP address. In order to communicate with my NAS remotely - from outside my local network, usually over the internet, you need to things. One, you need to know the public IP address assigned to the WAN side of my router by my ISP, which will be 24.21.69.xx. Second, you need an open port through the NAT firewall on my router through which to access my local network.

The VPN server (mine is in my router, yours in your NAS) serves only one purpose. It provides the open port through the NAT firewall to allow outside connections to your local network. It also guards this port with passwords, certificates, and encryption so that only a device that is authorized can be let in. When I connect to my VPN server from the Internet with a device with the matching VPN client and authorization, using the public IP address of 24.21.69.xx, that device gets attached to my local network by the VPN server. The VPN client on the remote device gets a local network address from my router in the form of 192.168.1.xx which is within the same range as all the other devices on my local network. Now I can access my NAS at IP address 192.168.1.15 because the network traffic flows between the VPN client and server using local network addresses, not the public WAN side IP address.

Think of your local network where you NAS is on as an island surrounded by toxic, boiling water. Nobody can get to your island by crossing the water. The water is the NAT firewall in your router. But there is one bridge across the water to the mainland with a guard on it. The guard will let people from your island go off your island to the mainland and bring stuff back. That is the normal communication between the your local network and the internet - it starts with a device on your network and only the expected responses back are let through. But, if someone from the mainland knows the secret password to give to the guard, he will them through and grant them access to the island. That is what your VPN server does. It allows a connection to your LAN that did not start from your LAN. No traffic that stays on your island needs to go across the bridge.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    AMD Ryzen 7 3800XT
    Motherboard
    ASUS ROG Crosshair VII Hero (WiFi)
    Memory
    32GB
    Graphics Card(s)
    EVGA GeForce GTX 1080 Ti
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 7773
    CPU
    Intel i7-8550U
    Memory
    32GB
    Graphics card(s)
    Nvidia Geforce MX150
    Sound Card
    Realtek
    Monitor(s) Displays
    17"
    Screen Resolution
    1920 x 1080
    Hard Drives
    Toshiba 512GB NVMe SSD
    SK Hynix 512GB SATA SSD
    Internet Speed
    Fast!
NavyLCDR said:
Let's go back to some basics. You have a modem/router. The WAN side of that router is connected to your Internet Service Provider - the internet - and has an IP address assigned by the ISP. For example, mine is currently 24.21.69.xx. The router has a Network Address Translation firewall which separates the WAN (internet) side from your local (LAN) network side. All of the devices on your local network get IP addresses assigned by the router in the form of 192.168.1.xx (or 192.168.0.xx, 10.0.0.xx, or something similar). My NAS is always 192.168.1.15. Every device on your local network with an IP address in the range of your LAN such as 192.168.1.xx will be able to communicate with every other device on your LAN within the same range of IP addresses, without going through a VPN. This communication can be via web browser, SMB, FTP, just about any protocol, it does not matter.

Communication from a device on your local LAN to the internet is initiated by the device on your local network opening a port through the NAT firewall in the router. Once the requested communication is completed, that port is closed again. I told you the IP address of my NAS is always 192.168.1.15 - but you cannot communicate with my NAS at that IP address because that IP address is behind the NAT firewall in my router and only the devices on my local network can communicate with my NAS using that IP address. In order to communicate with my NAS remotely - from outside my local network, usually over the internet, you need to things. One, you need to know the public IP address assigned to the WAN side of my router by my ISP, which will be 24.21.69.xx. Second, you need an open port through the NAT firewall on my router through which to access my local network.

The VPN server (mine is in my router, yours in your NAS) serves only one purpose. It provides the open port through the NAT firewall to allow outside connections to your local network. It also guards this port with passwords, certificates, and encryption so that only a device that is authorized can be let in. When I connect to my VPN server from the Internet with a device with the matching VPN client and authorization, using the public IP address of 24.21.69.xx, that device gets attached to my local network by the VPN server. The VPN client on the remote device gets a local network address from my router in the form of 192.168.1.xx which is within the same range as all the other devices on my local network. Now I can access my NAS at IP address 192.168.1.15 because the network traffic flows between the VPN client and server using local network addresses, not the public WAN side IP address.

Think of your local network where you NAS is on as an island surrounded by toxic, boiling water. Nobody can get to your island by crossing the water. The water is the NAT firewall in your router. But there is one bridge across the water to the mainland with a guard on it. The guard will let people from your island go off your island to the mainland and bring stuff back. That is the normal communication between the your local network and the internet - it starts with a device on your network and only the expected responses back are let through. But, if someone from the mainland knows the secret password to give to the guard, he will them through and grant them access to the island. That is what your VPN server does. It allows a connection to your LAN that did not start from your LAN. No traffic that stays on your island needs to go across the bridge.
Click to expand...
So why is it that even tho I am connected to my NAS via the VPN client on the client device, in File Explorer, I cannot "see" my NAS under "Network" in File Explorer when I'm not on my LAN? Only if I create a shortcut pointing to the IP address of my NAS on the desktop or somewhere else in File Explorer?
 

My Computer

System One

  • OS
    Win11
Since you have a 2018 Model NAS I am assuming you have DSM 7 installed. The steps below will be similar in DSM 6, but WS-Discovery is found on the Advanced tab in File Services.

Open DSM and then open Control Panel and click on File Services. Then on the SMB tab, click on Advanced Settings. Make sure your Advanced Settings look like this on the General tab:
1704995861286.png
Click on Save. You can ignore the other tabs for now.

When that is done close the Advanced Settings window and then while still on the SMB tab scroll down to the very bottom of the window and make sure WS-Discovery is enabled.
1704996050232.png

This next step is not entirely necessary, but I like to do it, just in case, go to Windows Search on the taskbar and type in Windows Features. The first result (top left) should be the correct one, click on it.

Then scroll down to SMB 1.0/CIFS File Sharing Support and enable all of the options there, as shown below:
1704996258528.png

Then reboot the NAS and then reboot the PC.

Now the NAS should show up in File Explorer under Network. It can be slow to show up sometimes, so be patient.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 3900X
    Motherboard
    ASUS ROG Strix X570-E Gaming
    Memory
    G-Skill RipjawsV F4-3600C18 (16GB x 2)
    Graphics Card(s)
    Gigabyte RX 5700 XT Gaming OC
    Sound Card
    Realtek ALC1220P
    Monitor(s) Displays
    ASUS VE278 (x 2)
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 850 Pro 256GB
    Samsung 970 Pro NVMe 512GB (x 2)
    ST10000VN0004 10TB (x 2)
    ST10000VN0008 10TB (x 2)
    ST4000VN000 4TB (x 2)
    PSU
    Corsair HX1000
    Case
    Corsair Carbide 400R
    Cooling
    AMD Wraith Prism (Stock)
    Keyboard
    Logitech G213
    Mouse
    Logitech G502
    Internet Speed
    100Mbps down / 40Mbps up
    Browser
    Firefox - Chrome - Edge
    Antivirus
    Windows Defender - Clamwin
CSharpDev said:
So why is it that even tho I am connected to my NAS via the VPN client on the client device, in File Explorer, I cannot "see" my NAS under "Network" in File Explorer when I'm not on my LAN? Only if I create a shortcut pointing to the IP address of my NAS on the desktop or somewhere else in File Explorer?
Click to expand...
That answer I do not know. I have found network discovery to always be iffy in Windows. I try to use static IP addresses for everything, assigned by my router using its IP reservation list. All my devices are still set to DHCP, but they always get the same IP address from my router every time. That seemed to help with network discovery. And if I can't get to my NAS using Server1 name, I know it is always at 192.168.1.15.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    AMD Ryzen 7 3800XT
    Motherboard
    ASUS ROG Crosshair VII Hero (WiFi)
    Memory
    32GB
    Graphics Card(s)
    EVGA GeForce GTX 1080 Ti
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 7773
    CPU
    Intel i7-8550U
    Memory
    32GB
    Graphics card(s)
    Nvidia Geforce MX150
    Sound Card
    Realtek
    Monitor(s) Displays
    17"
    Screen Resolution
    1920 x 1080
    Hard Drives
    Toshiba 512GB NVMe SSD
    SK Hynix 512GB SATA SSD
    Internet Speed
    Fast!
NavyLCDR said:
That answer I do not know. I have found network discovery to always be iffy in Windows. I try to use static IP addresses for everything, assigned by my router using its IP reservation list. All my devices are still set to DHCP, but they always get the same IP address from my router every time. That seemed to help with network discovery. And if I can't get to my NAS using Server1 name, I know it is always at 192.168.1.15.
Click to expand...
Network discovery is iffy, especially since Windows disabled SMB 1. A lot of older devices rely on SMB 1 in order to be discoverable, this is why I always enable it.

The naysayers out there will scream 'Your computer will explode if you enable SMB 1', but I say piffle to that ... lol

Using DHCP reservation or a Static IP address is very important if you stream video remotely and it is something I always recommend and it is nice to know that your network devices are always found at the same IP addresses.

BTW: I liked your island analogy, that summed things up pretty well. :-)
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    Ryzen 9 3900X
    Motherboard
    ASUS ROG Strix X570-E Gaming
    Memory
    G-Skill RipjawsV F4-3600C18 (16GB x 2)
    Graphics Card(s)
    Gigabyte RX 5700 XT Gaming OC
    Sound Card
    Realtek ALC1220P
    Monitor(s) Displays
    ASUS VE278 (x 2)
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 850 Pro 256GB
    Samsung 970 Pro NVMe 512GB (x 2)
    ST10000VN0004 10TB (x 2)
    ST10000VN0008 10TB (x 2)
    ST4000VN000 4TB (x 2)
    PSU
    Corsair HX1000
    Case
    Corsair Carbide 400R
    Cooling
    AMD Wraith Prism (Stock)
    Keyboard
    Logitech G213
    Mouse
    Logitech G502
    Internet Speed
    100Mbps down / 40Mbps up
    Browser
    Firefox - Chrome - Edge
    Antivirus
    Windows Defender - Clamwin
You must log in or register to reply here.

Similar threads

Solved Does my mother need a VPN client?
Replies
15
Views
1K
CSharpDev
C
OpenVPN keeps not connecting to NAS
Replies
0
Views
360
CSharpDev
C
VPN client connection works on one machine but not the other
Replies
14
Views
2K
zebal
zebal
Net Use hang with OpenVPN & Win11
Replies
0
Views
753
pokeefe0001
P
Which DNS server to use for OpenVPN clients?
Replies
9
Views
429
Sgt Oddball
Sgt Oddball

Latest Support Threads

Latest Tutorials

Back
Top Bottom