Question Direct Download Station to go through VPN?

Currently reading
Question Direct Download Station to go through VPN?

5
1
NAS
220+
Operating system
  1. Windows
Mobile operating system
  1. Android
If the VPN connection goes down, VDSM including any package running under it will default back to the default LAN adapter. If that LAN adapter has configured gateway parameter, the traffic will continue forward outside VPN.

Multiple Gateways setting is by default turned off, have you activated it for a specific reason? Guessing it is needed in order to connect to that VDSM instance from the outside while the VPN connection is active?

Bottom line, a "kill-switch" will not work out of the box. Try and remove the gateway parameter on your main VDSM adapter, and connect via VPN. Then, download and terminate the VPN. See if the traffic will stop in that case.

Rusty,
Thanks for the quick reply!

I did not activate the multiple gateways setting. I thought I deactivated it, but in any case the tick box is "unchecked". I am still able to connect to the VDSM remotely and locally with that setting unchecked. What does that setting do if it doesn't force VDSM to use only the default gateway?

I believe if I remove the gateway parameter for the main VDSM (LAN adapter) I will lose all connectivity. The VPN connection is remote through a third party (Windscribe) so it relies on the LAN adapter to provide internet connection if I understand it correctly.

Perhaps I need to configure the VPN on my router to direct all VDSM IP traffic through the VPN? I'll have to look for info about how to do that with my router (Orbi RBR50) and see if router supports such a configuration.
 

Rusty

Moderator
NAS Support
6,390
1,897
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
What does that setting do if it doesn't force VDSM to use only the default gateway?
multiple gateway settings is for when you need access to that DSM instance and their services but on the other hand that same instance is acting up as a VPN client (like in your case).

Now considering VDSM is a virtual instance ofc you can reach it as you can reach the NAS on bare metal level, that's why it is working. But if that was a direct access instance that you need access to while VPN was active, certain services would not be accessible unless that setting was on (reason why its off by default).

it relies on the LAN adapter to provide internet connection
Correct. That's why by default, vdsm doesn't have a kill switch option.

If your goal is to just close off torrent traffic behind a VPN might I suggest to run a torrent client+vpn combo inside Docker? While you will no longer use Download Station as your client, you will also get back your DSM license back, spend less resources (much less, as VDSM requires at least 1GB of RAM), and you will get a kill-switch option in a single container.

Also, not your entire VDSM instance would be locked inside the VPN if you still need to use it for something else.
 
5
1
NAS
220+
Operating system
  1. Windows
Mobile operating system
  1. Android
multiple gateway settings is for when you need access to that DSM instance and their services but on the other hand that same instance is acting up as a VPN client (like in your case).

Now considering VDSM is a virtual instance ofc you can reach it as you can reach the NAS on bare metal level, that's why it is working. But if that was a direct access instance that you need access to while VPN was active, certain services would not be accessible unless that setting was on (reason why its off by default).


Correct. That's why by default, vdsm doesn't have a kill switch option.

If your goal is to just close off torrent traffic behind a VPN might I suggest to run a torrent client+vpn combo inside Docker? While you will no longer use Download Station as your client, you will also get back your DSM license back, spend less resources (much less, as VDSM requires at least 1GB of RAM), and you will get a kill-switch option in a single container.

Also, not your entire VDSM instance would be locked inside the VPN if you still need to use it for something else.
Rusty,
That makes sense, thanks for clarifying how the VDSM changes things.

I would love to run a torrent client and VPN inside docker and lose the VDSM. So far the only docker packages I've setup have been with a step by step walkthrough (marious hosting) but I would love to setup something to keep it on the main DSM and avoid a virtual instance. I added RAM specifically to support a VDSM, but I suppose that will only help DSM performance, so not a waste.

Do you or anyone have and recommendations for a client+vpn docker package? I have seen that idea mentioned on relevant forum discussion but never any detail or specifics mentioned for resources or client software to use. I have also heard of some torrent clients that have built in VPN kill-switch, perhaps that would be an effective solution?

In any case, thank you again for your generosity with help and advice. It is much appreciated.
 

Rusty

Moderator
NAS Support
6,390
1,897
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Do you or anyone have and recommendations for a client+vpn docker package?
Here is one running with Nord VPN (both openvpn and wireguard) with Qbittorrent client


And another one running only via openvpn protocol for various VPN providers (not just Nord):


If you get into any problems, let me know in PM, here, or on my chat platform (link on the site, upper right corner).
 
36
11
NAS
DS923+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
At first I was using qbittorrentVpn container following Rusty's guide. But this container, although working at the moment, is not often updated.
At some time I decided to use gluetun because I wanted to route also Jackett and *arr containers through vpn (Cyberghost in my case) and let them altogether update frequently. I used some help from here:


@Rusty could you please consider adding a guide about gluetun (in conjuction to download tools) to Blackvoid? I believe it would be great as Blackvoid is among the most trusted sources out there!
 

Rusty

Moderator
NAS Support
6,390
1,897
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
@Rusty could you please consider adding a guide about gluetun (in conjuction to download tools) to Blackvoid?
Considering I do not use torrent myself, I guess I did miss the ball on this one. Gluten is great as it does support also both open and WG (limited to certain providers) protocols, so I could consider making the article on that. That being said, DrFrankenstein as well as other resources out there are also very well known, so sometimes I skip the "topic" if I notice that it was covered well somewhere else.

If and when I get time to do it, I might consider writing up a Gluten one as well. Thx for pointing it out @dimfil
 
5
1
NAS
220+
Operating system
  1. Windows
Mobile operating system
  1. Android
Here is one running with Nord VPN (both openvpn and wireguard) with Qbittorrent client


And another one running only via openvpn protocol for various VPN providers (not just Nord):


If you get into any problems, let me know in PM, here, or on my chat platform (link on the site, upper right corner).
Thank you much. Somehow I have not heard of or come across blackvoid in my previous research on the subject. I will dig into this tonight and hopefully have some success.


At first I was using qbittorrentVpn container following Rusty's guide. But this container, although working at the moment, is not often updated.
At some time I decided to use gluetun because I wanted to route also Jackett and *arr containers through vpn (Cyberghost in my case) and let them altogether update frequently. I used some help from here:


@Rusty could you please consider adding a guide about gluetun (in conjuction to download tools) to Blackvoid? I believe it would be great as Blackvoid is among the most trusted sources out there!
I am unfamiliar with gluten and jackett. I'll look into those things. Is infrequent updates a security concern for something like this or just a compatibility/keep things working kind of thing? Or both? Thank you for that info.
 
36
11
NAS
DS923+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
I am unfamiliar with gluten and jackett. I'll look into those things. Is infrequent updates a security concern for something like this or just a compatibility/keep things working kind of thing? Or both? Thank you for that info.

GlueTun is a vpn client docker container which works with a big list of vpn providers. You can use it so other containers connect to vpn through gluetun. Very very useful as you occupy just one vpn position of your vpn account for a lot of services.
Jackett accepts queries from other containers to get data from torrent trackers, so it needs vpn to be fully usable.

One problem is that many torrent trackers often blacklist older versions of torrent clients. This could be an issue if your client is not updated regularly.
Using gluetun you can have normal qbittorrent (or deluge and transmission if you prefer) container which gets updated regularly and avoid special vpn versions of clients which get old or abandoned sometimes.
 
5
1
NAS
220+
Operating system
  1. Windows
Mobile operating system
  1. Android
GlueTun is a vpn client docker container which works with a big list of vpn providers. You can use it so other containers connect to vpn through gluetun. Very very useful as you occupy just one vpn position of your vpn account for a lot of services.
Jackett accepts queries from other containers to get data from torrent trackers, so it needs vpn to be fully usable.

One problem is that many torrent trackers often blacklist older versions of torrent clients. This could be an issue if your client is not updated regularly.
Using gluetun you can have normal qbittorrent (or deluge and transmission if you prefer) container which gets updated regularly and avoid special vpn versions of clients which get old or abandoned sometimes.
That sounds like a clever solution. I assume GlueTun also acts as a kill switch to only allow BTclient traffic to use the VPN?
 
36
11
NAS
DS923+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
That sounds like a clever solution. I assume GlueTun also acts as a kill switch to only allow BTclient traffic to use the VPN?
Gluetun provides a bridge network and all containers you decide connect through this to the VPN service. Nothing else.
Yes, it has a built-in firewall kill switch but I believe most vpn providers support kill switch anyway.
For me, gluetun is now a necessity. The majority of BT trackers and subtitle sites is already blocked in my country (Greece) and I know that more or less it's the same situation in most countries.
VPN is the only way if you want to have access to torrents, *arr apps and subtitles. Docker on Synology makes all these so easy...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Solved
Hi! I was about to edit/erase my question. I actually think wifi diagnosis was quite good. There are no...
Replies
2
Views
1,693
  • Locked
Hola, tengo dos problemas con la VPN. 1 ° Con el vpn activado descargo un torrent y no me descarga, tengo...
Replies
0
Views
952
Thank you very much but I already have several gateways. Right now I see the server, I see plex from...
Replies
2
Views
904

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top