DS923+ Web browser connection lost when connected to ExpressVPN

Currently reading
DS923+ Web browser connection lost when connected to ExpressVPN

M

mavots

16
6
NAS
DS923+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Hello,

I just set up my first NAS (DS923+) over the weekend. Everything seems to be working except my web browser connection.
I use a Mac Studio and the NAS is connected directly via 10Gbe.
I've used ExpressVPN for several years with no issues but I'm having a problem with it now.
With the NAS server connected, I have full functionality with my web browsers (Safari and Firefox). However, when I connect the ExpressVPN, I can no longer open a web page and lose any streams coming over a web site. If I disconnected the NAS server, the problem goes away.
On the other hand, I also have a M1 MacBook Air that is connected to the NAS server via my wifi network. There are no web browser issues while connected to ExpressVPN on the laptop.

I've been doing some googling and most often find answers about using a VPN within the NAS. Not sure if I want to do that if I already have an ExpressVPN setup.
Maybe its a network interface issue? IPv6?

Any ideas why I am having browser connection issues with the NAS and ExpressVPN?

Thanks in advance.
 
Welcome to the forum.

Just to be clear you are talking about connecting your computers to expressVPN as clients, not the actual NAS correct?

So when you connect with your Mac Studio to the Express you can't do what exactly? I am confused why would you lose anything until you disconnect the NAS? Are we talking about disconnecting the 10G connection or disconnecting the NAS all together from the network?

Maybe explain a just a bit better how exactly the devices are connected (to each other and to the rest of the network) and what happens where when you do what exactly.
 
Sorry for any confusion.
I have a Mac Studio and am in the process of retiring my Drobo and transitioning over to a NAS system.

In a nutshell, after I set up the DS923+ over the weekend, I can not make any internet connections (browsers, podcast, Apple Music, cloud services, etc) over my wifi network when I have ExpressVPN and the NAS connected at the same time.
I have been using ExpressVPN for a number of years. The app is on my Mac Studio (client?). I have not done anything with VPNs on the NAS itself.

The DS923+ is connected via ethernet (10Gbe) directly to my Mac. I also have it connected via ethernet (1Gbe) to my TP-Link Deco satellite access point.
I have tried unplugging only the 10Gbe line (Mac) and then only the 1Gbe line (router) and the problem is present with any combination of connections.

When I turn off ExpressVPN on the Mac, the NAS and the internet work at the same time without a problem.

I set up a Deco mesh network with the primary router attached to the cable modem in another room. I use a satellite unit in my office which I connect to over wifi (300Mbs). Everything works perfectly.

I also have a MacBook Air which seems to be working just fine with both the ExpressVPN on and the NAS connected remotely over the wifi network. No issues with the laptop.

I hope that helps explain my predicament. Thanks.
 
The Drobo was DAS for the Mac Studio? Meaning it can be considered to be part of the Mac Studio’s storage. But now you have a NAS which is a separate network device.

It seems that the Mac Studio has multiple active network interfaces. Is the ExpressVPN full-tunnel or split? Has the Mac’s routing table got static entries that stop using tunnel? Are the Mac interfaces prioritised to such that that traffic is going the wrong way?
 
No matter which version of macOS you are using there has always been a System Settings/Preferences option to setup the network interface priority order. There's also a setting for 'Locations' which enable you to save the network configurations for different places (also good for testing network setups).

Here's my Mac Mini. When the ethernet is active then it is the default interface, the other interfaces when active will become default if the ones above are inactive and otherwise they will be just used to access devices on the same IP subnet as themselves. The exceptions being if you add other routing to say, e.g., WiFi interface is the gateway to different IP ranges. Also when SMB multi-channel is available (depending on any link aggregation setup on your LAN) then having multiple interfaces on the same subnet can be used to increase the overall access speeds to/from and SMB server.

1676371334693.png
1676371400562.png



The DNS point is a good one too. You can use the Mac Terminal to check various networking things
Bash: 
# DNS lookup for name using dig and nslookup
dig bbc.co.uk
dig -x 192.168.0.1

# DNS reverse lookup of an IP address using dig and nslookup
nslookup bbc.co.uk
nslookup 192.168.0.1

# See the address resolution data, for all with and without name resolution
arp -a
arp -an

# Display the current routing table (IPv4 and IPv6)
netstat -nrf inet
netstat -nrf inet6

# Display the network interfaces
ifconfig
tcpdump --list-interfaces

# Trace the path to a destination
traceroute bbc.co.uk
traceroute 192.168.0.1

# Monitor traffic on an interface (use ifconfig to find the one you want), ctrl-c to stop
tcpdump -i en0

You can use man <cmd> to get the help page, of doing a web search usually gets a lot of examples.
 
fredbert said:
The Drobo was DAS for the Mac Studio? Meaning it can be considered to be part of the Mac Studio’s storage. But now you have a NAS which is a separate network device.

It seems that the Mac Studio has multiple active network interfaces. Is the ExpressVPN full-tunnel or split? Has the Mac’s routing table got static entries that stop using tunnel? Are the Mac interfaces prioritised to such that that traffic is going the wrong way?
Click to expand...
Yes, there are two active interfaces, wifi and ethernet. ExpressVPN is full-tunnel, they don't support split tunneling on M1/M2 Macs yet. There is another ethernet slot on a CalDigit hub that is not connected, nor any of the Thunderbolt ports. There is also a ExpressVPN IKEv2 (?) that is not connected.
The service order is Ethernet (self-assigned IP), Wi-Fi (connected), CalDigit ethernet, TB, IKEv2.
The IP's do not match between the DS923+ LAN 3 (10Gbe) and the Mac Ethernet (self-assigned). I always thought each device has its own IP address but thought I would mention this.
Not sure what a routing table is.
I'm not using link aggregation as only have the one 10GBe LAN port connected directly to the Mac Studio. (Plus one 1GBe connection to the satellite access point/router.
Some of the detailed explanation are a bit overwhelming. Networking for me has sometimes been a bit more voodoo than science :)

I hope this helps.
 
I seemed to have solved the problem.

Everyone mentioned DNS as the root of the problem. I mucked about and noticed that both LAN 1 and LAN 3 had Gateway IP addresses. LAN 1 matched my wifi router address while LAN 3 was I don't know what.
I deleted the LAN 3 Gateway IP address and left LAN 1 as is. This seems to have fixed the VPN issue.

The DS923+ is connected to both my mesh wifi router (LAN 1) and the 10GBe ethernet port on my Mac Studio (LAN 3). The internet is now accessible, even with ExpressVPN connected to a server somewhere in Seattle.

Both LANs are set up manually and have static IPs. LAN 3 is still designated as being my default gateway (leftover from my first 10GBe how to tutorial). Should I make LAN 1 the default? Does it even matter if I have just the one gateway?

I'm curious as to what happened and why two gateways were a problem.

Thanks.
 
Last edited:
The default interface is what the NAS will use when it wants to access anything but doesn't know which interface to use. So the default interface's gateway IP is where the Internet requests will be sent for onward routing. When the NAS has other interfaces active then these will be used to access IP addresses on their IP subnets. It's also possible to add extra routes to say other subnets are accessible via these interfaces and to use those interfaces' gateway IPs. But when there's no other specific routing information the NAS will send out by the default interface to its gateway IP (usually your home router/firewall). This isn't specific to the NAS, all networked devices work this way: your Mac's default interface is the first active one in the list.

This routing of requests is how it works on the initiating device, but the receiving device will reply back using the interface it received the connection.

Both the DSM NAS and your Mac have configuration options that allow them to act as routers if they connect to two or more interfaces, and so two or more IP subnets. But most won't need this and it's a complication.

~~~~~~~~~~
Re-reading your earlier posts:
  1. Mac default interface is the Ethernet (which I assume is the 10 GbE): so outbound goes this way?
  2. NAS default interface was/is the 10 GbE, back to the Mac.
  3. Removing the gateway IP in the DSM 10 GbE configuration seems to promote the 1 GbE interface to default for routing out.
Why the Mac could access the Internet when ExpressVPN was off ... ??? Don't know, may be macOS tests onward availability and determined the WiFi was the one to use. Using the command line tools I suggested may confirm this. When ExpressVPN was one then that probably confused the routing table (VPN services add routes to the table to ensure traffic is directed in the way they need it)?
 
Last edited:
The IP address for the router connection (LAN 1) was 192.168.xxx.xx while the 10GbE (LAN 3) IP address is 169.254.xxx.xx. LAN 3 was a 192.168 address before. LAN 2 is also 169.254.xxx.xx.
I also re-ordered the network and placed Wi-Fi first and Ethernet second.

The only gateway address is with the LAN 1 1GbE wi-fi. (192.168.68.1)
I test copied a large file to the NASand it was about 125 GB/s. Yesterday (with the ExpressVPN issue), a large file copied over to the NAS at about 600-700 GB/s. Must be going over the LAN 1 1GB/s line and over the internet. How to get LAN-3 to work as a 10GbE primary gateway??? Maybe simply "factory reset" and start over??

For some reason, Synology Assistant and finds.synology.com can't find the DS923+. No luck with my MacBook Air either and yet both machines are connected to the NAS. Does this have anything to do with the 169.254.xxx.xx IP address? Or is it something else?
-- post merged: --

While the file copied over to the NAS at 125 GB/s, when I turned off ExpressVPN, I tried again and the file copied over at about 700GB/s.
So, while ExpressVPN is not killing the wifi internet connection any longer, it is still having an effect on which LAN is being used.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

S
  • Solved
Compare three NAS - DS923+ , DS1522+ and DS1621+
I don't think you will likely need the M2 cache for the use cases you've outlined. Streaming sequential...
Replies
12
Views
3,630
Deleted member 5784
D
SynoMan
Over 500,000 Zoom accounts sold on hacker forums, the dark web
Replies
2
Views
1,409
SynoMan
SynoMan
SynoMan
Brave 1.0 - interesting privacy-focused browser
I know...
Replies
2
Views
1,334
SynoMan
SynoMan
WST16
DuckDuckGo browser!
Oh no :( The cave is the only option.
Replies
2
Views
2,369
WST16
WST16
SynoMan
Desktop and mobile browser
Safari is default and FF on Windows (except where something checks and thinks IE 11 is needed!!)
Replies
2
Views
1,550
fredbert
fredbert

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top