Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Synology VPN with Resilio Sync… mobile peers can't connect to LAN peers

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mothra
      last edited by

      Router: pfSense 2.3.4 with two interfaces active
      WAN: DHCP
      LAN: 10.5.1.0/24

      Wireless AP running the VPN: Synology RT2600ac (in AP mode… no NAT or DHCP) - Product page: https://www.synology.com/en-global/srm/1.1/VPNPlus
      IP on LAN: 10.5.1.2
      VPN is distributing virtual IPs in the 10.5.2.0/24 space

      pfSense Firewall/NAT rules:

      • [NAT] Forward port 443 to the RT2600ac at IP 10.5.1.2

      • [LAN] Allow LAN Net to all

      Things that work while on the mobile cell network and connected to the VPN:

      • Can ping all devices on the LAN in the 10.5.1.0/24 space

      • Can access a Plex server that only has LAN access on port 32400 at address 10.5.1.3

      • Getting the correct DNS from the LAN (OpenDNS blocks banned URLs in the browser)

      Things that don't work:

      • The Resilio Sync iOS app will not connect to any of the peers on the 10.5.1.0/24 LAN while on the cell network and connected to the VPN

      Things I've tried so far:

      • Having the AP distribute virtual IPs in a reserved block in the 10.5.1.0/24 space - didn't work

      • Forwarded the listening port of my always-on Resilio Sync box from the WAN to it's IP on the LAN - didn't work

      • Forwarded the Resilio Sync ports (3000, 3001, 4000) to the always-on box - didn't work

      • Added a LAN firewall rule in pfSense to allow source 10.5.2.0/24 access to all - didn't work

      Resilio Sync has a relay server feature wherein if a client can't connect directly, it will bounce it through a relay server, which I'm trying to avoid… every box on my network running Sync has relays disabled on the shares themselves and in the power user settings... I want to be able to join the peers on the LAN direct while on the VPN so nothing ever has to go through a relay server... to that note, I tried enabling a relay server on one share on a LAN box, and then iOS device was able to connect to that share and the LAN box showed that the iOS device was going through a relay.

      I'm kind of lost as to what to try next and would love some suggestions!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.