VPN Client on Synology - how to route all traffic through it?

Associate
Joined
1 Dec 2002
Posts
1,081
Location
Swindon
I've had a VPN client running on my NAS for a while expecting the traffic to go through it, rather than the LAN (wrong, it seems)..

So my question is this, apart from setting up (and connecting) the VPN connection as a network interface, what do I need to do to route all traffic on the NAS through VPN?
(I tried changing the "Default Gateway" to be VPN rather than LAN, but then I had no inbound traffic..?)
 
Soldato
Joined
3 Jun 2005
Posts
3,046
Location
The South
Is 'Use default gateway on remote network' checked within the VPN connection profile?
Similarly (this should be the default), once the tunnel is connected, make sure the VPN connection is 'top' within the Service Order (Manage > Service Order) list.

If this is for a single application, then (if possible) look at using a Docker with routing through OpenVPN - saves having to expose the entire Syno to your VPN provider.
 
Soldato
Joined
18 Aug 2007
Posts
9,689
Location
Liverpool
AES-128-GCM will run faster on a Synology device, as a general rule (especially a proper Intel one). That's something to check. While @visibleman has you covered, bear in mind that you shouldn't expect incoming connections - your VPN provider will (very likely) block them for security. You're asking for a cake-and-eat-it type scenario (possible on bare *nix with split routing, as I do on my x86 Linux router). On something like a DiskStation, you either route through the VPN or you don't...
 
Soldato
Joined
3 Jun 2005
Posts
3,046
Location
The South
'Virtual DSM' instances would be the "Synology" method of doing this, ie - dedicated instance of DSM for VPN applications. But you need to pay for a license and it's stupidly expensive.

Thank you very much @visibleman , that seems to have done the trick.. I will look at using a docker, as it does slow down the speed quite considerably.

No worries and definitely do look at Docker. However, in the interim (whilst you are exposing your Syno to your VPN provider) make sure you've got your Syno firewall setup and you've gone through 'Security Advisor' and completed any of the advisories, ie - don't use standard ports for the WebGui etc etc
 
Back
Top Bottom