Synology VPN with Resilio Sync… mobile peers can't connect to LAN peers

  • Router: pfSense 2.3.4 with two interfaces active

    Wireless AP running the VPN: Synology RT2600ac (in AP mode… no NAT or DHCP) - Product page:
    IP on LAN:
    VPN is distributing virtual IPs in the space

    pfSense Firewall/NAT rules:

    • [NAT] Forward port 443 to the RT2600ac at IP

    • [LAN] Allow LAN Net to all

    Things that work while on the mobile cell network and connected to the VPN:

    • Can ping all devices on the LAN in the space

    • Can access a Plex server that only has LAN access on port 32400 at address

    • Getting the correct DNS from the LAN (OpenDNS blocks banned URLs in the browser)

    Things that don't work:

    • The Resilio Sync iOS app will not connect to any of the peers on the LAN while on the cell network and connected to the VPN

    Things I've tried so far:

    • Having the AP distribute virtual IPs in a reserved block in the space - didn't work

    • Forwarded the listening port of my always-on Resilio Sync box from the WAN to it's IP on the LAN - didn't work

    • Forwarded the Resilio Sync ports (3000, 3001, 4000) to the always-on box - didn't work

    • Added a LAN firewall rule in pfSense to allow source access to all - didn't work

    Resilio Sync has a relay server feature wherein if a client can't connect directly, it will bounce it through a relay server, which I'm trying to avoid… every box on my network running Sync has relays disabled on the shares themselves and in the power user settings... I want to be able to join the peers on the LAN direct while on the VPN so nothing ever has to go through a relay server... to that note, I tried enabling a relay server on one share on a LAN box, and then iOS device was able to connect to that share and the LAN box showed that the iOS device was going through a relay.

    I'm kind of lost as to what to try next and would love some suggestions!

Log in to reply