Bitwarden not working on LAN/WAN, but does work externally

Currently reading
Bitwarden not working on LAN/WAN, but does work externally

9
2
NAS
DS920+
Operating system
  1. macOS
Mobile operating system
  1. Android
I've been trying to solve this for days referencing the various guides and forum threads such as:
Still no luck. Hoping someone could help!!

I created a Bitwarden container using docker and that seems to run fine. I can get to the login page using http://192.168.x.x:5151, but of course, to login I face the known error: "This browser requires HTTPS to use the web vault. Check the Vaultwarden wiki for details on how to enable it". I also face the same known errors if I try http://192.168.x.x:5152 ("400 Bad Request: The plain HTTP request was sent to HTTPS port"), and if I try https://192.168.x.x:5152 ("404 Not Found"). Those make sense given the experience of this user on this thread.

I've setup the SSL certificates and reverse proxies following the guides, but I still cannot access Bitwarden from my LAN/WAN. I have to be outside my network (e.g. using my mobile phone data) to access Bitwarden. So to be clear, I can use my phone data to go to https://bw.{NAS}.duckdns.org/ and it works perfectly. I also happened to set up another certificate in an earlier step, so in case you were wondering, I can also go to https://{NAS}.duckdns.org:5152 and that works just fine as well. However, if I try the same URLs while on my LAN/WAN (be that my Macbook or my phone via Wifi), it just times out.

Here are my Reverse Proxy configurations:
Screen Shot 2021-12-11 at 03.29.45.png
Screen Shot 2021-12-11 at 03.47.32.png

HTTP/2 is enabled. I've tried it with and without HSTS. I've tried it with and without an access control profile. I've also tried replacing localhost with my NAS IP on the LAN.

Here are my certificates:
Screen Shot 2021-12-11 at 03.36.18.png

You can see I've tried a couple different DDNS providers. I've tried it so many times that I've now maxed out my Let's Encrypt certificate limit, so I have to wait a week before my synology.me certificate can be set up again. I tried deleting and recreating the certificates too many times :/

My firewall settings:
Screen Shot 2021-12-11 at 03.40.20.png


My DDNS settings:
Screen Shot 2021-12-11 at 03.41.41.png


My router port forward settings:
Screen Shot 2021-12-11 at 03.43.53.png


Can anyone spot something I did wrong or something I missed??

Many thanks!
 

Attachments

  • Screen Shot 2021-12-11 at 03.32.52.png
    Screen Shot 2021-12-11 at 03.32.52.png
    110.3 KB · Views: 37
However, if I try the same URLs while on my LAN/WAN (be that my Macbook or my phone via Wifi), it just times out
Are you sure your router support NAT loopback? If it doesn’t you will not be able to use BW in this manner. What router model do you have?
 
Upvote 0
Are you sure your router support NAT loopback? If it doesn’t you will not be able to use BW in this manner. What router model do you have?
Thanks for your response, and good question. I have the Sagecom F@st 5566 (Bell Home Hub 3000). I looked into it and I'm not sure. But you could be right that this router doesn't support NAT loopback...

So let's say it doesn't, my options are:
1. Buy another Wifi router that enables NAT loopback?
2. Could I use an old gigabit router that does enable NAT loopback and hard wire that between the NAS and my existing Sagecom 5566? Could that work?

Thanks for your help!
 
Upvote 0
Could I use an old gigabit router that does enable NAT loopback and hard wire that between the NAS and my existing Sagecom 5566?
You might end up with double nat and more problems. There are some Bell users here, so maybe they will be able to confirm this feature as well before you get into more complicated territory
 
Upvote 0
So to be clear, I can use my phone data to go to https://bw.{NAS}.duckdns.org/ and it works perfectly. I also happened to set up another certificate in an earlier step, so in case you were wondering, I can also go to https://{NAS}.duckdns.org:5152 and that works just fine as well. However, if I try the same URLs while on my LAN/WAN (be that my Macbook or my phone via Wifi), it just times out.

Flush your computer's DNS and then register it again.
 
Upvote 0
Thanks Gerard, I hadn't thought of that. I did just try it now, and still no luck after 5 mins of trying to access those HTTPS URLs from multiple browsers. Accessing BW from off my network still works.

Whats the dns server setting of the device you're using? Is it pointing to your router? Some other device on the network? Public dns server?
 
Upvote 0
Whats the dns server setting of the device you're using? Is it pointing to your router? Some other device on the network? Public dns server?
I was originally using CIRA's DNS service, so then I removed it and used the default, flushed DNS cache; then I used Cloudfare, flushed, then Google's, flushed—none made any difference unfortunately.

I have been reading more about this issue and it seems I might be able to use the Synology DNS Server app to create my own split DNS? I'm not fully sure what that means.

Wondering if you think it would work if I follow these steps? How do I set up a DNS server on my Synology NAS? - Synology Knowledge Center
 
Upvote 0
Solved this issue by replacing my Bell modem with another Wifi router that does enable NAT. Took a fibre-to-ethernet media converter and then a NAT-enabled router connected in series. Thanks Rusty and Gerald for your help identifying the problem. Sucks that Bell not offering a single checkbox feature required a several hundred dollar workaround.
 
Upvote 0
as a note - in my case, the cleanest and simplest solution is to edit the hosts file in windows and add the appropriate entry in standard windows hosts file format:
NAS_IP_number domain
ie: 192.168.1.1 myservice.myid.synology.me

(of course if You have configured synology.me service)
 
Upvote 0
I had exactly the same issue with my old router too.

The way I solved this was by using the adguard home container that I have setup for ad blocking. This allows you to setup a dns rewrite rule to direct anything accessing your duckdns domain to your internal nas IP address.

Once that’s setup you just have to change your devices to use your adguard as your dns server on your device.
 
Upvote 0
as a note - in my case, the cleanest and simplest solution is to edit the hosts file in windows and add the appropriate entry in standard windows hosts file format:
NAS_IP_number domain
ie: 192.168.1.1 myservice.myid.synology.me

(of course if You have configured synology.me service)
Hm thanks. I use Mac OS X not Windows, but irrespective of whether I can figure out the equivalent step on Mac OS X, I have enough varying devices I'd want to use Bitwarden on that editing the hosts files might be tricky to do. Like on a phone accessing my NAS via Wifi?
-- post merged: --

I had exactly the same issue with my old router too.

The way I solved this was by using the adguard home container that I have setup for ad blocking. This allows you to setup a dns rewrite rule to direct anything accessing your duckdns domain to your internal nas IP address.

Once that’s setup you just have to change your devices to use your adguard as your dns server on your device.
Interesting, thank you! I was wondering if something like that exists. Might have saved me some money, but there are added advantages now with this new router that I have like a relatively easy OpenVPN setup, so it might just be a keeper.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I am trying to connect a shared synology folder to my debian. I am more a Windows guy, so i am trying but...
Replies
0
Views
474
So...this is a wierd one. I think. Running DSM 7.2.1-update 4 I have a brand new DS1823xs+ that I'm...
Replies
0
Views
491
Had simelar issue last Thursday. Router and 1 NAS worked, 2 NAS’s didn’t! This occurred as I was adding...
Replies
5
Views
782
Yes, I access it with my PC I already did setup it before and working fine, just recently I changed...
Replies
4
Views
782
  • Question
Actually it was ‘parcel centre’ that was having problems ;)
Replies
10
Views
1,981
  • Question
There is no need to mess with DSM 80/443 ports or its nginx. Simply run a custom RP container using a...
Replies
8
Views
8,761

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top