Intermittent Synology DS418 access after installing Netgate 3100

scottie8

Re: Strange problem with Synology NAS after installing pfSense

I'm having a similar problem as this one referenced if not the same. I'm behind AT&T fiber with an Arris BGM210 modem router.

The Synology NAS ds418 worked fine.

I purchased in October a Netgate 3100 and put it in my network with the Arris in passthrough mode. The network works fine except connectivity to my drives and to the DSM on the NAS is intermittent. So I put everything back the way it was thinking I would tackle this over Christmas.

I'm back to the same issue. I noticed that I had the DHCP range incorrect to my allocated statically assigned ips for my network equipment. thinking i had figured out the problem, I fixed that and now I'm still having the same problem.

I'm going to have to go back to the old setup, except the reason for the Netgate is I want a VPN in.

I flushed dns checked gateways were set to router, then turned that back to auto. I made sure the netgate was set to dns server.

i'll try to connect to a drive and nothing, when i ping the nas, all of a sudden it will connect. (not allways)

I have restarted the Netgate router and the wan pass through ip address is working correctly.

it does appear that the ping to the NAS temporarily solves connectivity.

scottie8

OK, i've tried on multiple computers. When the drive(s) become unavailable, a ping of the NAS will bring it back available for a while. I have no idea whats going on, but it all worked fine with Arris modem.

Any help would be appreciated.

scottie8

Some more info. Net view does not wake up the connection, but ping does.
i'm beginning to think I have a DNS issue. Once working, Net view \ <device name> works.

So the issue is with PFSence, but not sure where to look.

Gertjan

@scottie8 said in Intermittent Synology DS418 access after installing Netgate 3100:

I noticed that I had the DHCP range incorrect to my allocated statically assigned ips for my network equipment.

Normally you never set static IP info on any device. No exceptions. Except devices that have a DHCP client.
On the first DHCP connect of a device on your pfSense LAN, you check the pfSense DHCP server log, and get the device's MAC address. Then you assign a static MAC DHCP lease for that device that needs to be accessed by DNS name, or known IP address. Devices that don't need to be accessed can have an IP from the DHCP pool.

Also, the default 192.168.1.1/24 is so perfect. Using it means that when you change routers, you don't have to IP renumber your entire network.
Any 10.a.b.c or 192.168.a.b will do of course.
Just keep small network block, do fall into the /23 or smaller trap.

Very important also is that you do not change any pfSense DNS settings : out of the bx it works perfectly well.

What is your issue anyway ? Devices on LAN can't access the Syno on the same LAN ?
That has close to nothing to do with pfSense.
Is your Syno not shutting down after xx idle time ?

I'm using a 218j myself, and attributed it an IP like 192.138.1.33.
Since then, it existed my network :

If I had an intermittent accessibility problem I would have a talk with the main switch - or the cables.

Because I'm using DHCP, static leases, the DNS name is always present in my DNS, the Resolver.

scottie8

@gertjan thanks for your reply.

Normally you never set static IP info on any device. No exceptions. Except devices that have a DHCP client.
On the first DHCP connect of a device on your pfSense LAN, you check the pfSense DHCP server log, and get the device's MAC address. Then you assign a static MAC DHCP lease for that device that needs to be accessed by DNS name, or known IP address. Devices that don't need to be accessed can have an IP from the DHCP pool.

This concept was new to me. from years ago, I always did real static. Thats a real PITA. Now I have learned that rather than static, the guys use allocated IP's based on MAC. I discovered this when I purchased the Neggate router. I was very thankful for this information. In trying to set the netgate up again, I found that for some reason, I had expanded the pool after I set the MAC allocations (software static IP). pfSense apparently lets you do this. I thought that would be my problem and indeed it may have been part of the problem because when I first set up the router it acted more like a duplicate address issue. I then put the router away to deal with later. I have fixed the pool. I'm currently using a pool of 192.168.1.30 - 192.168.1.253. I don't know why, but my Arris AP / Router defaulted to 192.168.1.254. until I get this all set up correctly, I have placed the new router there in case I have to go back to the Arris till I get my issues resolved. The range from 192.x.x.1 - 192.x.x.29 i'm using for NAS, Printers, controllers, AP's.

Also, the default 192.168.1.1/24 is so perfect. Using it means that when you change routers, you don't have to IP renumber your entire network.
Any 10.a.b.c or 192.168.a.b will do of course.
Just keep small network block, do fall into the /23 or smaller trap.

The /24 was also new to me and I had to read up and expand my knowledge on that.

Very important also is that you do not change any pfSense DNS settings : out of the bx it works perfectly well.

I haven't changed DNS except that I have made static ARP on my NAS in attempt to solve my issue. it didn't help. I'll try to re explain my problem in a bit and you will see why I thought it would help.

What is your issue anyway ? Devices on LAN can't access the Syno on the same LAN ?
That has close to nothing to do with pfSense.
Is your Syno not shutting down after xx idle time ?

I'm using a 218j myself, and attributed it an IP like 192.138.1.33.
Since then, it existed my network :

If I had an intermittent accessibility problem I would have a talk with the main switch - or the cables.

Because I'm using DHCP, static leases, the DNS name is always present in my DNS, the Resolver.

A little more on my network setup. I'm running a Ubiquity 24 port POE switch with 3 Ubiquity AP Pro's. All of that is still working fine after the Router change.

The problem I'm having: maybe something to do with TTL. I look and see if the old router had the TTL's higher in some fashion. I have mapped drives to the Synology NAS using the device name rather than IP address. There are multiple computers hitting the NAS. As long as i'm working with windows directory and doing something it appears to be fine. If i'm browsing the internet for a while (half hour maybe) and click a mapped drive, it will error out. Likewise, if I try to log into the NAS DSM using a browser window, I get nothing - till i ping the NAS. When I ping it, it comes back. This is 100% repeatable.

If i'm working on a computer and hitting the network drive for a while, I can go to another computer and click the network drive and it will drive not found error unless I ping the NAS from that computer.

Because of the combination of actions, and the fact that I can go back the Arris Router and the NAS will work fine, I'm thinking I have an issue with DNS time to live.

I'm going to try remapping the drives using the IP address and see if this will "fix" the problem and keep me from having to go back to the other router. The other thing I may try is use the Synology for DNS, but I don't want to give the NAS that load, and I'm sure pick up another NAS when I upgrade security and may be back to the same problem. Using the NAS to DNS will be a last resort before I go back to the old router just to get up and running.

scottie8

@gertjan, Some more info.

Ping to the Nas using IP address or device name will wake the connection. on the command line, Net View \<device name> will not work till ping wakes the connection.

scottie8

@gertjan - Remapping to IP address did not fix the problem.

scottie8

@Gertjan
Ok, I think its the NAS, because I hooked up an old Netgear NAS and its not losing connection. But why the Synology NAS works with the other router and not this one I'm only starting to figure out what the problem is not.

Gertjan

@scottie8
Be sure DNS is always ok :

Check that it's DHCP lease is present in the list Status > DHCP Leases.
Check that this always answers :

C:\Users\Gauche>ping diskstation2

Envoi d’une requête 'ping' sur diskstation2.my-network.tld [2001:470:1f13:5c0:2::c2] avec 32 octets de données :
Réponse de 2001:470:1f13:5c0:2::c2 : temps<1ms
Réponse de 2001:470:1f13:5c0:2::c2 : temps<1ms
Réponse de 2001:470:1f13:5c0:2::c2 : temps<1ms
Réponse de 2001:470:1f13:5c0:2::c2 : temps<1ms
.....

(mine is using IPv6, IPv4 is fine also)

Note that the ping shows 2 important things :
First, the device network name is mapped to the 'real' network URL : not only the host name, but the entire 'diskstation2.my-network.tld'. This could include a DNS call, if the answer wasn't already cached locally, and gives you back the IP.
Next : the IP is used to ping the device, which should answer.

Next test :

C:\Users\Gauche>Cnslookup
'Cnslookup' n’est pas reconnu en tant que commande interne
ou externe, un programme exécutable ou un fichier de commandes.

C:\Users\Gauche>nslookup
Serveur par default :   pfsense.my-network.tld
Address:  2001:470:1f13:5c0:2::1

> diskstation2
Serveur :   pfsense.my-network.tld
Address:  2001:470:1f13:5c0:2::1

Nom :    diskstation2.my-network.tld
Addresses:  2001:470:1f13:5c0:2::c2
          192.168.1.33

>

This tells us that for my device, a windows PC, "pfsense.my-network.tld" is the local DNS server.
It has an Ipv6 - (but also very default 192.168.1.1). This info is given to the PC when it asked for a DHCP lease : not only an IP and mask are supplied, but also the DNS and the gateway.

When I ask "diskstation2" ? the answer will be : "diskstation2.my-network.tld" which is the full name, and both the IPv4 and IPv6.

If all this is also ok for you, then there is no network issue what so ever.

Other issues might be : physical network issues like switches and cables, network speed ? the NAS enters sleep mode ?
Don't be surprised if you see also IPv6 local link addresses on your LAN's devices, as this is the preferred protocol these days. Something that might actually slow down your network somewhat (probably less then a micro second) as IPv6 is preferred, thus tried first. When that fails, as on some devices IPv6 is not activated, a connection falls back to IPv4.

Btw : pfSense isn't really any different as a ISP router or some other other router like your "Arris", they should all work out of the box. pfSense default settings make every network work right after LAN/WAN assignment.

edit :

Syno NAS network settings :

all are pretty default.

scottie8

@gertjan - Noticed from your response, I was not using fully qualified domain name. I was using the default "localdomain" The ping and nslookup all looked fine. I changed to localdomain.lan, went to another computer that had been on but not used all night. An Ipconfig showed that the nic had already been updated to localdomain.lan. I clicked on the mapped drive and it opened. So far so good.

I was still having problems with the first computer. I flushdns and renew the Ipconfig. I red some stuff on sleepy NICs and tried that, didn't help. I then restarted the NAS, which I had not done since changing the router. It seems to be working. I'll report back later today one way or the other.

scottie8

@gertjan, Thanks for your help. I've been out for a bit. came back and the mapped drive connections are still stable. I think the fqdn was the key, followed by a restart of the NAS.

A benifit of this exercise was i found info on power tuning the Synology NAS. I took care of that at the same time and the file access is much faster.

Now i'm going to plan the next network project which will be the changes needed for a VPN.