Question Direct Download Station to go through VPN?

Currently reading
Question Direct Download Station to go through VPN?

1,418
612
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Amazing!

Thank you for pointing out this to me. I remember reading about it but if it wasn't for your "push" I might've never tried it.
Finally, got something running on Docker (we might become friends now) :)

This opens up a lot of possibilities. For anyone interested, Synology provides a guide on the knowledge base, although, as Rusty mentioned, it was really easy.
 

Rusty

Moderator
NAS Support
2,246
672
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
well now you can sandbox even more services on lvl2 like vpn, torrents etc.. without the need to compensate on the bare metal lvl on your NAS. Found it really clean and easy to maintain.

One thing to remember, when you patch your NAS you will HAVE to update your DDSM as well. It will not run until you patch it. So just keep that in mind.
 
990
333
NAS
DS418play, DS213j, DSM 7.0.1-14401
Yes I'm going through my ISP (opposed to what?! ) Maybe I didn't understand your question.
Some folks use Download Station to share media in ways that cross legal boundaries... VPNs are one tool to do this while (hopefully) keeping your WAN IP from discovery. However... VPNs can disconnect unexpectedly. When that happens you don't want your WAN IP to take over the Download Station activity, exposing your WAN IP to others. To avoid this requires a "kill switch" function, disabling DS until a valid VPN connection is restored. There are different approaches on how to do this.

Since you are using DS with a VPN, presumably you do not want DS running in the absence of a VPN connection... and hence, my ask.
 
1,418
612
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I wasn't sure what the behavior will be if the vpn tunnel goes down. So according to you, DLS will continue "exposed".
I was hoping that the "Reconnect when the VPN connection is lost" option when ticked will only allow traffic over vpn otherwise transfer is paused.

Not the case then.
 
317
120
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
RT2600ac, MR2200ac
Operating system
Windows
Mobile operating system
iOS
When the tunnel goes down, your NAS will revert to the "main" connection. All that the "reconnect when the VPN connection is lost" option does is to attempt to reconnect to the VPN.

I have my router firewall set up so that all traffic to the internet from my VPN client NAS is blocked, except for traffic going to/from the IP address of the VPN server. That way, if the VPN connection goes down, even if the NAS tries to revert to the unprotected connection, the router will block it.
 
Last edited:
1,418
612
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Aha. That's a smart option. I'll check if this is doable. Thanks.
 

Rusty

Moderator
NAS Support
2,246
672
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
All is correct. My vpn reconnect is usually about 2sec every 8-10 days.
 
1,418
612
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
To clarify the full solution before wrapping up this thread. I'm using IbVPN service (ibvpn.com).

While Synology offers a similar knowledge base article, I've found a specific one from IbVPN. They've provided the steps on how to create the VPN tunnel on the DS to any of their VPN servers around the world (of course, you'll need to be a subscriber to their service to use it).

Here's their knowledge base article to give you an idea of how this is done. You will not be able to see the servers list unless you're a subscriber. But what's more important are the easy steps.

The above, coupled with @Rusty's brilliant idea of creating a sandboxed DSM (DDSM) provided the desired solution.

Other VPN service providers might offer similar instructions for their service.

I hope this helps and provide the full picture to what we've accomplished.
 

Rusty

Moderator
NAS Support
2,246
672
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
Same as with any other provider... Nothing special here. The question here is how often is your torrent traffic and will a disconnect from it (even for a few seconds) get you on the black list with your ISP over "content" being transferred?

If not then there is no reason to worry about anything. Personally, I use this method primarily for the vpn gateway for my lan devices and an easy method to not have the entire nas in a tunnel (connecting back to it, ssh etc...). Torrents are not important to me, considering I'm a Usenet user (ssl all the way).

Still with this setup all my monthly traffic looks like this (regarding top 3 services):

277


Suck on that ISP :p
 
1,418
612
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
Same as with any other provider...
I'm sure that almost all providers offer similar services. Just wanted to show the full solution to anyone who doesn't know about such services and just got into Synology.

We tend to take things for granted as we gain experience. For a new comer, this is new :)

The question here is how often is your torrent traffic and will a disconnect from it (even for a few seconds) get you on the black list with your ISP over "content" being transferred?
Remains to be seen. I don't do much "torrenting" anyways. In case the link breaks and I get thrown into the slammer, I'll send an SOS to SynoForum :)
 
1,418
612
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I have my router firewall set up so that all traffic to the internet from my VPN client NAS is blocked, except for traffic going to/from the IP address of the VPN server. That way, if the VPN connection goes down, even if the NAS tries to revert to the unprotected connection, the router will block it.
@akahan suggestion above is the right (and smart) way to do it. However, this is not available on my not-so-advanced, old router.

The trick I'm using is to establish the vpn connection and then go to the LAN interface, edit and remove the gateway IP address. If the vpn link disconnects, communications stop.
This assumes that you're using manual configuration not DHCP for the LAN interface.

Of course if your vpn connection goes down very often then this will become a pain in the neck, because you'll need to go to the LAN interface, enter the gateway, establish vpn then go back and remove the gateway every time that happens.

But this will do for now until the next router upgrade :)
 
Last edited:
2
0
NAS
DS1515+
Well running DSM in docker is not like running other docker images. You will download a package file from Syno site and run it via a wizard. After that you will open up a browser and point it to a specific address to complete configuration just like you would for any other NAS and its DSM install. YOU CAN DO IT!
I can't seem to find the package file. I'm trying to do the same thing here but I am clearly missing some steps or something. Any chance you have a walk through on how to do this?
 

Rusty

Moderator
NAS Support
2,246
672
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
I can't seem to find the package file. I'm trying to do the same thing here but I am clearly missing some steps or something. Any chance you have a walk through on how to do this?
Install Virtual Machine Manager package 1st.

Then download virtual dsm from here Download Center - VirtualDSM | Synology Inc.

Import the image into vmm and create a separate virtual dsm instance that you will configure as a separate DSM with its own ip address and all the packages needed (like download station).

Then configure it to run vpn and you will have an isolated vpn dsm layer.
 
2
0
NAS
DS1515+
Install Virtual Machine Manager package 1st.

Then download virtual dsm from here Download Center - VirtualDSM | Synology Inc.

Import the image into vmm and create a separate virtual dsm instance that you will configure as a separate DSM with its own ip address and all the packages needed (like download station).

Then configure it to run vpn and you will have an isolated vpn dsm layer.
Thanks, looks like I need to order another drive that I can then setup as BTRF since I currently only have 2 drives in my 5 bay both setup for EXT4
 
317
120
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
RT2600ac, MR2200ac
Operating system
Windows
Mobile operating system
iOS
If all you want to do is have the NAS go through the VPN, yet still be able to access the NAS over the internet, wouldn't be easier just to use a reverse proxy on another machine on your network to access the NAS? That's what I do, and it works fine.
 

Rusty

Moderator
NAS Support
2,246
672
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
RT1900ac, RT2600ac, MR2200ac
If all you want to do is have the NAS go through the VPN, yet still be able to access the NAS over the internet, wouldn't be easier just to use a reverse proxy on another machine on your network to access the NAS? That's what I do, and it works fine.
I think this is more towards putting Download Station inside a tunnel only. My suggestion would be using a docker container with a vpn download client and be done with it, but this method also has other benefits as well, apart from just pushing vdsm and its apps via the tunnel.
 
317
120
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
RT2600ac, MR2200ac
Operating system
Windows
Mobile operating system
iOS
I think this is more towards putting Download Station inside a tunnel only. My suggestion would be using a docker container with a vpn download client and be done with it, but this method also has other benefits as well, apart from just pushing vdsm and its apps via the tunnel.
Understood; the use case I was trying to address was: "How can I have Download Station go through a VPN, and still access my Diskstation externally from the internet?"

And so, particularly if the Diskstation is not a + series, and therefore can't run Docker, I think this method is the simplest:

1. Set the Diskstation so everything headed to the internet goes through the VPN connection (by making the VPN connection the first one in the "Service Order" under "Manage" in Network Interface).
2. On another device on the network, set up a reverse proxy to the Diskstation, so that connections to the Diskstation from the internet are actually coming to it on the LAN, from the proxy. Thus, the VPN'd Diskstation can be reached from the internet at, e.g., VPNStation.yourdomain.com Of course, make sure that VPNStation is a CNAME at your DNS provider, and ideally have it on your SSL cert as wel.
3. Optionally, set the router so that the only outbound connection the VPN'd diskstation can make is to the IP address of your VPN provider's server...that way, if the VPN connection goes down, the Diskstation won't be able to revert to torrenting over the non-VPN connection.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top