can use help with a dual router setup

Currently reading
can use help with a dual router setup

Folks, I currently have a "dual router" setup on my home network, so I can have both VPN and non-VPN connections:

1st 192.168.0.1 - primary router (ie. connected to the internet service provider); wi-fi network that is non-vpn
2nd 192.168.1.1 - secondary VPN router (vpn configuration provided by Custom Flashed DD-WRT & VPN Privacy App WiFi Routers) - router is connected to a LAN port on the primary router; wi-fi network that is VPN

the problem is I'm having difficulty getting Synology DDNS service to connect with my NAS, which is connected to the VPN router. Quick Connect connects just fine, but we know that's not the best for external, Plex, etc.

Solutions to getting the DDNS going? What am I missing? I have not done any port forwarding or advanced setup on either router fyi
 
First - never use double NAT in these router classes. It's speed eating and pointless process.
What about:
- Primary router to bridge mode, then secondary router as your Primary Gateway (also for the DDNS)

If the Primary router is cheap piece of HW from ISP (90% of them) = because ISPs don't need invest to quality = you will win more than twice:
- single point of security
- speed better than in double NATed combo
- clean network architecture.

But the cheap boxes frequently can't provide switch to the bridge mode (ISP intent or really cheap technology).
When there isn't a way for the bridge mode, then you can:
- to provide fixed IP address for Secondary from Primary router
- need to create NAT table for all the necessary ports between both of them (driven by Secondary router needs)
- then you can achieve your expected solution. But it's really last possible choice.
 
Last edited:
I am trying to avoid moving the primary to bridge mode, because that would cancel its non-vpn wireless network.

forgot to mention, i've got some powerful routers, arris sbg-8300 primary and netgear9000 vpn/secondary
 
Perhaps I am a network dumb axx, but I do not understand why your secondary router can not be and vpn-less and vpn? Or is it a specific "I-Can-Do-Only-VPN"?
In my case I have a primary router that is mandatory but/and can not be in bridge mode. As Rusty said, I gave my secondary router a static dhcp address (and there is only a one-address-pool) and have put my secondary in the dmz. Nothing else is happening on that primary more but forwarding. The secondary I installed as being the primary including VPN and non VPN. Only diff perhaps is I could not care less for products like Plex (with al the streaming available) and that might need additional setups..
 
Rusty and GuiMSP,

Thanks for your replies guys.

The VPN router is a static dns, wi-fi settings configuration provided by flashrouters.com
Their VPN management app is proprietary, accessible from within the router gateway, connects to my NordVPN server off-site
 
so I decided to simplify and go with the typical modem/router setup....no more talk of a dual router setup. and now I'm getting an error message in the synology ez-internet app that I have "two or more routers" connected to the network. well, that's certainly not true. anyone encountered this issue before?
 
so I decided to simplify and go with the typical modem/router setup....no more talk of a dual router setup. and now I'm getting an error message in the synology ez-internet app that I have "two or more routers" connected to the network. well, that's certainly not true. anyone encountered this issue before?
Can't say I have but I would avoid using ez setup options as well as any other UPnP options. If you need port forward, do it your self, manually.
 
so I decided to simplify and go with the typical modem/router setup....no more talk of a dual router setup. and now I'm getting an error message in the synology ez-internet app that I have "two or more routers" connected to the network. well, that's certainly not true. anyone encountered this issue before?

as usual - you need provide more and clear enough information:

1. the router is connected into internet. Checked. Y/N?
2. other devices connected to the router (LAN side) can connect into internet. Checked. Y/N?
3. Quickconnect in NAS is enabled and works. Checked. Y/N? ... when you don't now how to setup the Quicconnect, here is a guide from Syno official KB. Opem, read, setup, check.
4. in the mentioned Syno KB you can read:
For easy router setup with EZ-Internet, make sure your router supports UPnP and appears on Synology's router support list. For other routers, manual port forwarding might be required. Checked. Y/N?
5. Did you tried the manual setup of ports forwarding at the router side? Checked. Y/N?

so - prepare for us detailed answers, then we can help you. Otherwise it's just a shooting into dark and time wasting.

Few recommendations:
- use SEARCH feature in this forum and write "ez-internet or "DDNS" and you will find some guides
- read carefully Synology KB, it can help you save a time
 
Hey guys, still having issues with getting the synology ddns to work...no access

the DDNS status is "normal" in the Synology control panel.

Also, within the Netgear r9000 router I created the following TCP ports forwarding with custom ports 6200 and 6201 (instead of 5000 and 5001):



#​
Service Name​
External Ports​
Internal Ports​
Internal IP address​
1​
Synology NAS http​
64336​
6200​
-​
2​
Synology NAS https​
64337​
6201​
-​


The ports forward are TCP.

here is the UPNP portmap table in the router:



UPnP Portmap Table
Active​
Protocol​
Int. Port​
Ext. Port​
IP Address​
YES​
TCP​
80​
50079​
-​
YES​
TCP​
443​
50080​
-​
YES​
TCP​
6200​
64336​
-​
YES​
TCP​
6201​
64337​
-​

should UPnP be enabled along with port forwarding?
should I do anything in the NAS?
Quickconnect works along with other devices on the network.
 
i have setup the port forwarding as TCP only. should they be UDP/TCP both instead?
TCP is correct

and was i right to enter the external ports which are different from the internal ones?
That's an option that you can do ofc, just be sure that the internal ports in the router configuration are the ones that you have setup on your NAS.

any steps within the nas to take?
You said you have no access via ddns. What exact error do you get? Also have you tested this outside your NAS location (via 4G or something like that)? DDNS is registered with what service? Synology one or a 3rd party?
 
TCP is correct


That's an option that you can do ofc, just be sure that the internal ports in the router configuration are the ones that you have setup on your NAS.


You said you have no access via ddns. What exact error do you get? Also have you tested this outside your NAS location (via 4G or something like that)? DDNS is registered with what service? Synology one or a 3rd party?


-where do I setup the internal ports in the router? under "external access>router configuration" I presume?
-The DDNS is with Synology.me . Yes I tried it on my 4G phone. error is "this site can't be reached"
 
one more minor question...how do i enable local network access (ie. 192.168.x.x) on the router and nas? Static route on both perhaps?

I can't seem to get it to work, something I'm missing it seems. Quickconnect and DDNS are working just fine fyi.
 
when your question is about DHCP or static address usage for your NAS, then it’s better to use static address.
In your router you can setup (really simplified example)
- LAN subnet, in a simple language the range i.e. 192.168.1.1 - 192.168.1.244 (net mask 255.255.255.0)
- for the LAN subnet you can setup dynamic range (DHCP) of addresses, i.e. 192.168.1.100 - 192.168.1.254 .... use this range for your temporary connected devices (frequently for WiFi)
- then for static addresses range you will use the rest of the range 192.168.1.2 - 192.168.1.99. Use this range for your permanently connected devices (NAS, desktop computers) or managed devices, which require static address to be managed.
 
btw: your Netgear r9000 is from consumer’s routers family frequently quoted as vulnerable with high severity. Then my advice is:
- you need to watch all the new firmware patches and use them ASAP
- or change the router to more secure (in this price range is Synology ac2600 more secure and cheaper and with better performance for long range connected devices ).

Netgear consumer’s routers have a long history of patching command injection flaws.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
OK... so I'm beginning to follow now! If I install VPN server on the work NAS and use OpenVPN on my home...
Replies
4
Views
899
  • Question
Actually it was ‘parcel centre’ that was having problems ;)
Replies
10
Views
1,981
I would suggest having your VPN server on Synology generate a new profile, and then adjust that profile...
Replies
10
Views
3,106
  • Solved
My intrusion settings are set to “Detect and Block” and now that I've turned the notifications on, it...
Replies
7
Views
1,494
  • Solved
Glad it’s working. Now you can help the next person! No reward necessary 😎
Replies
14
Views
2,261

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top