Disable VPN client NAT

Currently reading
Disable VPN client NAT

D

-Dave-

3
0
NAS
DS3018xs
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
  2. iOS
Hi, I have a DS3018xs running DSM 6.2.4-25556 Update 6 behind an Untangle firewall/router. The router performs basic NAT from the internet to my LAN. Nothing fancy or complicated.

The NAS has OpenVPN enabled and when VPN clients connect, they are given an IP by the NAS and they can access everything they need to on my LAN. I have a static route setup on my router to allow traffic from my LAN subnet reach IPs on the OpenVPN subnet and that works fine. The problem is, as far as any devices on my LAN are concerned, all OpenVPN clients appear to be sharing the NAS LAN IP. This is causing me issues with some LAN services that block IPs. All VPN clients are getting blocked rather than just the one that should be.

Other OpenVPN server implementations that I've used have an option to enable or disable NAT for VPN clients. Ideally I need to disable it on my NAS so that VPN clients reach the LAN with their IP allocated by the NAS. But I can't find that option anywhere in the GUI.

So does anyone know if it's possible to achieve this somehow?

Thanks,

Dave.
 
Hi. Yes, in the "Connection List" section, each VPN client has a unique dynamic IP from the subnet set in the OpenVPN section. So it seems that the NAS is performing NAT on the OpenVPN subnet to route it to the LAN, rather than just routing it directly.
 
-Dave- said:
Hi. Yes, in the "Connection List" section, each VPN client has a unique dynamic IP from the subnet set in the OpenVPN section. So it seems that the NAS is performing NAT on the OpenVPN subnet to route it to the LAN, rather than just routing it directly.
Click to expand...
That is the default behavior, yes.
 
I understand that is the default but it's not suitable for my needs. So as other OpenVPN solutions allow NAT to be disabled, is it possible to do this on a Synology NAS?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

NAS Newbie
  • Solved
If I change DSM default ports, does that disable the default port access for mobile apps?
Not offensed at all. I was actually starting to think the same :) OK I'll continue with some testing. Thank's!
2 3
Replies
59
Views
21,735
Namaste
N
R
  • Question
Setup VPN with name server to access resources on LAN (DS 918+)
It sounds that the main focus is a LAN reconfiguration of DHCP and DNS services so that dynamically...
Replies
1
Views
572
fredbert
fredbert
J
How to install ExpressVPN to RT2600ac to allow all site-to-site to remote RT2600ac and protect all devices on each router over vpn for streaming?
Are those devices not part of either LAN segment in this site-to-site setup? If so, then you will not need...
Replies
10
Views
1,020
Rusty
Rusty
lemonadepop
VPN Server - connect via PC and connect via iOS device
I know its resolved, but did you consider Tailscale to simplify this?
Replies
2
Views
1,071
mathematics28
M
A_Bullish_Crab
Connecting to NASs on local network when running SurfShark VPN on PC
What I've found out: 1.) If I turn off the Kill Switch, then I'm good to go with the local devices 2.) If...
Replies
2
Views
2,582
A_Bullish_Crab
A_Bullish_Crab
K
Remote Access Quick Connect Open VPN or both
Also, Quick Connect isn't available for all services... especially if you are going to be relying on the...
Replies
3
Views
1,202
fredbert
fredbert
J
2 Houses Connected through VPN?
New User Question. I know I can connect one house to another through a VPN, but is it possible to do the...
Replies
0
Views
1,156
Jator
J

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top