Question Direct Download Station to go through VPN?

Currently reading
Question Direct Download Station to go through VPN?

Amazing!

Thank you for pointing out this to me. I remember reading about it but if it wasn't for your "push" I might've never tried it.
Finally, got something running on Docker (we might become friends now) :)

This opens up a lot of possibilities. For anyone interested, Synology provides a guide on the knowledge base, although, as Rusty mentioned, it was really easy.
 
well now you can sandbox even more services on lvl2 like vpn, torrents etc.. without the need to compensate on the bare metal lvl on your NAS. Found it really clean and easy to maintain.

One thing to remember, when you patch your NAS you will HAVE to update your DDSM as well. It will not run until you patch it. So just keep that in mind.
 
Yes I'm going through my ISP (opposed to what?! ) Maybe I didn't understand your question.
Some folks use Download Station to share media in ways that cross legal boundaries... VPNs are one tool to do this while (hopefully) keeping your WAN IP from discovery. However... VPNs can disconnect unexpectedly. When that happens you don't want your WAN IP to take over the Download Station activity, exposing your WAN IP to others. To avoid this requires a "kill switch" function, disabling DS until a valid VPN connection is restored. There are different approaches on how to do this.

Since you are using DS with a VPN, presumably you do not want DS running in the absence of a VPN connection... and hence, my ask.
 
I wasn't sure what the behavior will be if the vpn tunnel goes down. So according to you, DLS will continue "exposed".
I was hoping that the "Reconnect when the VPN connection is lost" option when ticked will only allow traffic over vpn otherwise transfer is paused.

Not the case then.
 
Last edited:
When the tunnel goes down, your NAS will revert to the "main" connection. All that the "reconnect when the VPN connection is lost" option does is to attempt to reconnect to the VPN.

I have my router firewall set up so that all traffic to the internet from my VPN client NAS is blocked, except for traffic going to/from the IP address of the VPN server. That way, if the VPN connection goes down, even if the NAS tries to revert to the unprotected connection, the router will block it.
 
To clarify the full solution before wrapping up this thread. I'm using IbVPN service (ibvpn.com).

While Synology offers a similar knowledge base article, I've found a specific one from IbVPN. They've provided the steps on how to create the VPN tunnel on the DS to any of their VPN servers around the world (of course, you'll need to be a subscriber to their service to use it).

Here's their knowledge base article to give you an idea of how this is done. You will not be able to see the servers list unless you're a subscriber. But what's more important are the easy steps.

The above, coupled with @Rusty's brilliant idea of creating a sandboxed DSM (DDSM) provided the desired solution.

Other VPN service providers might offer similar instructions for their service.

I hope this helps and provide the full picture to what we've accomplished.
 
Same as with any other provider... Nothing special here. The question here is how often is your torrent traffic and will a disconnect from it (even for a few seconds) get you on the black list with your ISP over "content" being transferred?

If not then there is no reason to worry about anything. Personally, I use this method primarily for the vpn gateway for my lan devices and an easy method to not have the entire nas in a tunnel (connecting back to it, ssh etc...). Torrents are not important to me, considering I'm a Usenet user (ssl all the way).

Still with this setup all my monthly traffic looks like this (regarding top 3 services):

277


Suck on that ISP :P
 
Same as with any other provider...
I'm sure that almost all providers offer similar services. Just wanted to show the full solution to anyone who doesn't know about such services and just got into Synology.

We tend to take things for granted as we gain experience. For a new comer, this is new :)

The question here is how often is your torrent traffic and will a disconnect from it (even for a few seconds) get you on the black list with your ISP over "content" being transferred?
Remains to be seen. I don't do much "torrenting" anyways. In case the link breaks and I get thrown into the slammer, I'll send an SOS to SynoForum :)
 
Last edited:
I have my router firewall set up so that all traffic to the internet from my VPN client NAS is blocked, except for traffic going to/from the IP address of the VPN server. That way, if the VPN connection goes down, even if the NAS tries to revert to the unprotected connection, the router will block it.
@akahan suggestion above is the right (and smart) way to do it. However, this is not available on my not-so-advanced, old router.

The trick I'm using is to establish the vpn connection and then go to the LAN interface, edit and remove the gateway IP address. If the vpn link disconnects, communications stop.
This assumes that you're using manual configuration not DHCP for the LAN interface.

Of course if your vpn connection goes down very often then this will become a pain in the neck, because you'll need to go to the LAN interface, enter the gateway, establish vpn then go back and remove the gateway every time that happens.

But this will do for now until the next router upgrade :)
 
Well running DSM in docker is not like running other docker images. You will download a package file from Syno site and run it via a wizard. After that you will open up a browser and point it to a specific address to complete configuration just like you would for any other NAS and its DSM install. YOU CAN DO IT!

I can't seem to find the package file. I'm trying to do the same thing here but I am clearly missing some steps or something. Any chance you have a walk through on how to do this?
 
I can't seem to find the package file. I'm trying to do the same thing here but I am clearly missing some steps or something. Any chance you have a walk through on how to do this?
Install Virtual Machine Manager package 1st.

Then download virtual dsm from here Download Center - VirtualDSM | Synology Inc.

Import the image into vmm and create a separate virtual dsm instance that you will configure as a separate DSM with its own ip address and all the packages needed (like download station).

Then configure it to run vpn and you will have an isolated vpn dsm layer.
 
Install Virtual Machine Manager package 1st.

Then download virtual dsm from here Download Center - VirtualDSM | Synology Inc.

Import the image into vmm and create a separate virtual dsm instance that you will configure as a separate DSM with its own ip address and all the packages needed (like download station).

Then configure it to run vpn and you will have an isolated vpn dsm layer.

Thanks, looks like I need to order another drive that I can then setup as BTRF since I currently only have 2 drives in my 5 bay both setup for EXT4
 
If all you want to do is have the NAS go through the VPN, yet still be able to access the NAS over the internet, wouldn't be easier just to use a reverse proxy on another machine on your network to access the NAS? That's what I do, and it works fine.
 
If all you want to do is have the NAS go through the VPN, yet still be able to access the NAS over the internet, wouldn't be easier just to use a reverse proxy on another machine on your network to access the NAS? That's what I do, and it works fine.
I think this is more towards putting Download Station inside a tunnel only. My suggestion would be using a docker container with a vpn download client and be done with it, but this method also has other benefits as well, apart from just pushing vdsm and its apps via the tunnel.
 
I think this is more towards putting Download Station inside a tunnel only. My suggestion would be using a docker container with a vpn download client and be done with it, but this method also has other benefits as well, apart from just pushing vdsm and its apps via the tunnel.

Understood; the use case I was trying to address was: "How can I have Download Station go through a VPN, and still access my Diskstation externally from the internet?"

And so, particularly if the Diskstation is not a + series, and therefore can't run Docker, I think this method is the simplest:

1. Set the Diskstation so everything headed to the internet goes through the VPN connection (by making the VPN connection the first one in the "Service Order" under "Manage" in Network Interface).
2. On another device on the network, set up a reverse proxy to the Diskstation, so that connections to the Diskstation from the internet are actually coming to it on the LAN, from the proxy. Thus, the VPN'd Diskstation can be reached from the internet at, e.g., VPNStation.yourdomain.com Of course, make sure that VPNStation is a CNAME at your DNS provider, and ideally have it on your SSL cert as wel.
3. Optionally, set the router so that the only outbound connection the VPN'd diskstation can make is to the IP address of your VPN provider's server...that way, if the VPN connection goes down, the Diskstation won't be able to revert to torrenting over the non-VPN connection.
 
Update:

Anyone who follows this thread will most likely end up at a dead end when trying to follow the DDSM route. Synology recently decided (unfortunately) to no longer support DDSM (Docker DSM).

The alternative solutions are:
  • Use a torrent client that supports VPN.
  • Use a VDSM (Virtual DSM) if your DS supports it.
Check this thread…
 
Would configuring the Network Settings on a Virtual DSM in Networking > General to have the VPN server IP as the default gateway and then un-checking the "Enable Multiple Gateways" setting in the Advanced Settings menu force all VDSM traffic, DownloadStation or otherwise, to use the VPN connection or have no connection at all? In other words, would that prohibit DS from sending/receiving any data if the VPN connection is lost?

That is how I currently have mine setup and I was under the impression that it would not allow any internet connection other than the VPN connection. I also have the ability to connect to the same VDSM with both local and remote devices and I can even use the Android DownloadStation app, using my VDSM login credentials. This solution seems to satisfy the OP and other inquirers asking for Download Station traffic to be only allowed over the VPN and still have the ability to log in to the VDSM. I am quite amateur with IT, especially advanced network configurations, so please enlighten me if I am mistaken about this.

Thanks for your help and sorry for the Necro bump! I thought about starting a new thread but thought the OP and others might get notifications of potentially useful reply.
 
In other words, would that prohibit DS from sending/receiving any data if the VPN connection is lost?
If the VPN connection goes down, VDSM including any package running under it will default back to the default LAN adapter. If that LAN adapter has configured gateway parameter, the traffic will continue forward outside VPN.

Multiple Gateways setting is by default turned off, have you activated it for a specific reason? Guessing it is needed in order to connect to that VDSM instance from the outside while the VPN connection is active?

Bottom line, a "kill-switch" will not work out of the box. Try and remove the gateway parameter on your main VDSM adapter, and connect via VPN. Then, download and terminate the VPN. See if the traffic will stop in that case.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Solved
Hi! I was about to edit/erase my question. I actually think wifi diagnosis was quite good. There are no...
Replies
2
Views
4,865
  • Locked
Hola, tengo dos problemas con la VPN. 1 ° Con el vpn activado descargo un torrent y no me descarga, tengo...
Replies
0
Views
1,705
  • Solved
<<<<< SOLVED >>>>> OK so I decide to solve this by myself accordingly. Synology did offer me to go check...
Replies
1
Views
1,295
Thank you very much but I already have several gateways. Right now I see the server, I see plex from...
Replies
2
Views
1,262

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top