Synology VPN with Resilio Sync… mobile peers can't connect to LAN peers
-
Router: pfSense 2.3.4 with two interfaces active
WAN: DHCP
LAN: 10.5.1.0/24Wireless AP running the VPN: Synology RT2600ac (in AP mode… no NAT or DHCP) - Product page: https://www.synology.com/en-global/srm/1.1/VPNPlus
IP on LAN: 10.5.1.2
VPN is distributing virtual IPs in the 10.5.2.0/24 spacepfSense Firewall/NAT rules:
-
[NAT] Forward port 443 to the RT2600ac at IP 10.5.1.2
-
[LAN] Allow LAN Net to all
Things that work while on the mobile cell network and connected to the VPN:
-
Can ping all devices on the LAN in the 10.5.1.0/24 space
-
Can access a Plex server that only has LAN access on port 32400 at address 10.5.1.3
-
Getting the correct DNS from the LAN (OpenDNS blocks banned URLs in the browser)
Things that don't work:
- The Resilio Sync iOS app will not connect to any of the peers on the 10.5.1.0/24 LAN while on the cell network and connected to the VPN
Things I've tried so far:
-
Having the AP distribute virtual IPs in a reserved block in the 10.5.1.0/24 space - didn't work
-
Forwarded the listening port of my always-on Resilio Sync box from the WAN to it's IP on the LAN - didn't work
-
Forwarded the Resilio Sync ports (3000, 3001, 4000) to the always-on box - didn't work
-
Added a LAN firewall rule in pfSense to allow source 10.5.2.0/24 access to all - didn't work
Resilio Sync has a relay server feature wherein if a client can't connect directly, it will bounce it through a relay server, which I'm trying to avoid… every box on my network running Sync has relays disabled on the shares themselves and in the power user settings... I want to be able to join the peers on the LAN direct while on the VPN so nothing ever has to go through a relay server... to that note, I tried enabling a relay server on one share on a LAN box, and then iOS device was able to connect to that share and the LAN box showed that the iOS device was going through a relay.
I'm kind of lost as to what to try next and would love some suggestions!
-