Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup issues with Synology NAS

    Scheduled Pinned Locked Moved Firewalling
    18 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @Airone 0
      last edited by

      @Airone-0 Ok then just setup split dns, when your at home whatever fqdn your using points to your local IP. When your out and about and using public dns it points to your wan IP.

      Or setup nat reflection..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      A 1 Reply Last reply Reply Quote 0
      • A
        Airone 0 @johnpoz
        last edited by

        @johnpoz
        Thank you for the suggestion regarding the first question, but the main problem remains the second question:
        If I connect to a VPN from the NAS, although the local IP of the NAS remains unchanged, the PC (and the entire LAN2) is no longer able to access the NAS in any way even if it remains visible in the ARP Table. To restore the connection I have to connect the NAS directly to the PC and cancel the VPN connection set. Ideas about it?

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @Airone 0
          last edited by

          @Airone-0 Why would you be connecting to a vpn on the nas - if you want to use a vpn for whatever - then setup the vpn on pfsense and route whatever traffic you want via that vpn connection on pfsense.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          A 1 Reply Last reply Reply Quote 0
          • A
            Airone 0 @johnpoz
            last edited by

            @johnpoz
            Easy said, but not done. I don't know pfSense so well to be able to install a VPN on the Netgate and then route only NAS traffic. Can you help me or is there a step by step documentation to follow? And are you sure that this doesn't create problems for Split DNS?
            Thanks again.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Airone 0
              last edited by

              @Airone-0 yeah I am sure..

              What vpn service are you using? Or do you just want remote in to your network.. Most of the services have instructions for connecting to them. It really as simple as putting in your connection details and adding any certs etc.. to the config.

              Here is a vpn connection I run on pfsense to openvpn server I run on a vps of mine out on the internet.

              certs.jpg

              Notice the certs.. Those you would install into the cert manager on pfsense, and then you can just select them.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              A 1 Reply Last reply Reply Quote 0
              • A
                Airone 0 @johnpoz
                last edited by

                @johnpoz
                Thank you very much for these instructions, as soon as I have some time I will analyze them. However, I don't seem to see how to allow only the NAS to use this outgoing VPN. However, I hope it doesn't conflict with the OpenVPN of the Netgate which allows clients to access the NAS.
                As outgoing VPN I use Surfshark.

                I tried setting Host Override to use the DNS of the NAS from within LAN2, but something must be wrong because pinging from the PC fails to resolve the DNS address. This is the setting:
                Untitled-10.jpg

                Thank you.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @Airone 0
                  last edited by

                  @Airone-0 is your client using pfsense for dns?

                  Here as example..

                  host.jpg

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    Airone 0 @johnpoz
                    last edited by

                    @johnpoz
                    No, I use NAS for DNS.
                    Untitled-8.jpg

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @Airone 0
                      last edited by johnpoz

                      @Airone-0 Well than why would you think some entry you created on unbound would have anything to do with anything?

                      That is not "dns" - that is it registering your public IP with them.. So you installed the dns client server package, and are running that? And your clients point to your nas IP for dns?

                      if you create a host override in unbound, for that to work - it has to be asked.. Either directly by your client, or by some other dns you run on your network that forwards to unbound for dns, etc.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      A 1 Reply Last reply Reply Quote 0
                      • A
                        Airone 0 @johnpoz
                        last edited by

                        @johnpoz
                        Thank you for the help you are giving me, but in all this you are asking me to transfer both the SurfShark VPN and the DNS management from NAS to Netgate. The management of the SurfShark VPN I have verified that it is much more complex to do with pfSense rather than the NAS, so I would prefer to find a solution to the initial problem rather than complicate my life with something I don't know well. Even with DNS, isn't there a way for pfSense to handle an external address that hasn't been generated by itself? If I knew pfSense well, I would have no problems executing your very good suggestions, but having to enter parameters in screens not knowing what I'm doing honestly doesn't suit me. That's why I'd prefer to find a workaround to the two initial problems for now and leave the suggested changes in the future, when I have more experience with Netgate. If you could find a solution to the initial problems anyway I would be grateful. Thank you

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @Airone 0
                          last edited by johnpoz

                          @Airone-0 said in Setup issues with Synology NAS:

                          isn't there a way for pfSense to handle an external address that hasn't been generated by itself?

                          Yeah - but it has to be asked..

                          That is what an override is - you could make www.google.com resolve to some local IP. But its not going to do anything if its not asked for www.google.com

                          If you have some vpn setup on your nas - it prob blocking all access from any local anything even if you pointed some fqdn to its IP.

                          That vpn services has instructions for pfsense

                          https://support.surfshark.com/hc/en-us/articles/360010789259-How-to-set-up-pfSense-2-4-4-with-Surfshark

                          There are not really any changes in how you connect to a vpn from that version of pfsense to 2.7 version.

                          edit:
                          Not sure why anyone would trust these vpn services with anything - they can't even write coherent instructions. And tell the user to use the web config cert..

                          "Client certificate: webConfigurator default (59f92214095d8)(Server: Yes, In Use) (please note that the numbers on your machine could be different);"

                          Which sure and the F would never work.. But clearly they provide enough details to get you connected..

                          edit: why don't you disable the vpn on your nas.. And validate your override is working from a client pointing to pfsense for its dns. Again you showed just that your nas was updating its synology.me record via dynamic dns. Not that you were actually using your nas for your clients dns.

                          For clients to use your nas for dns - you would of had to install the dns server

                          server.jpg

                          here - I have dns running on my nas 192.168.9.10, it forwards to pfsense... See it resolves my host override just fine

                          dns.jpg

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          A 1 Reply Last reply Reply Quote 0
                          • A
                            Airone 0 @johnpoz
                            last edited by

                            @johnpoz

                            I just transferred the DDNS configuration from the NAS to the Netgate, but it doesn't seem to have solved the problem. I registered on duckdns and set the new address on pfSense:
                            Untitled-2.jpg

                            After that I set the new address to Host Overrides hoping then that the ping from PC would have answered me, but it didn't: where did I go wrong?
                            Untitled-3.jpg

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator @Airone 0
                              last edited by

                              @Airone-0 and again let is ask this very basic question. What are you clients using for dns? If they are not using pfsense then know they would never get that answer.. Browsers love to do doh, and would never ask pfsense.

                              Lets see your simple test of creating the record, and then using your fav dns client, nslookup, dig, host - where does it ask.. What does it get back.

                              dns.jpg

                              Notice - in all my example, these dns clients actually are asking unbound running on pfsense (192.168.9.253) if they ask for example google they are not going to get that answer.

                              google.jpg

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              A 1 Reply Last reply Reply Quote 0
                              • A
                                Airone 0 @johnpoz
                                last edited by

                                @johnpoz

                                And so what? I explained to you that I'm new to pfSense and I don't know it well. If you don't come up with a practical solution (step by step) beyond the excellent explanation you gave me, I will never solve this problem.

                                johnpozJ 1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator @Airone 0
                                  last edited by

                                  @Airone-0 What part are you not getting about what your client is using for dns?

                                  If your are not using pfsense as your dns - then no host overrides will never work. Could you please post the output of say a nslookup on your client asking for your host override. as per my example.

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.