Hi!
First time poster here.
Bit of background before my question:
I've got a 213j in my flat and a 115j at my parents house, they are both used to store backups of local PC's.
I've recently started looking into how I can make better use of both NAS's and wanted to use each NAS as an off-site copy of the other, so I set up a VPN where the 213j is the server and the 115j is a client.
The NAS's then sync with each other using the 'Shared Folder Sync' functionality in DSM.
My question is about the Synology firewall on both devices and what rules are needed.
On the 213j (the VPN server), I have the following rules:
Allow all ports, all protocols from 192.168.0.0/255.255.0.0 (LAN subnet)
Allow all ports, all protocols from 10.0.0.0/255.0.0.0 (VPN subnet)
Allow VPN port, UDP from my country
Deny everything else
On the 115j (a client of the above VPN server), I have the following rules:
Allow all ports, all protocols from 192.168.0.0/255.255.0.0 (LAN subnet)
Allow all ports, all protocols from 10.0.0.0/255.0.0.0 (VPN subnet)
However, when I go to add a 'deny everything else' rule, it throws a warning saying that the connection from my current computer was blocked and that the previous configuration has been used instead.
This occurs when I am accessing the 115j DSM from another PC that is also a VPN client of the 213j.
I can't figure out what is being blocked, when the only connection is (or should be) https from the VPN subnet.
Do I even need to bother configuring the firewall on the 115j that is a VPN client only?
If so, what rules do I need in addition to the 2 I already have on the 115j to prevent the warning that I'm seeing?
Of course, happy to answer any questions if more detail is needed.
Thanks!
First time poster here.
Bit of background before my question:
I've got a 213j in my flat and a 115j at my parents house, they are both used to store backups of local PC's.
I've recently started looking into how I can make better use of both NAS's and wanted to use each NAS as an off-site copy of the other, so I set up a VPN where the 213j is the server and the 115j is a client.
The NAS's then sync with each other using the 'Shared Folder Sync' functionality in DSM.
My question is about the Synology firewall on both devices and what rules are needed.
On the 213j (the VPN server), I have the following rules:
Allow all ports, all protocols from 192.168.0.0/255.255.0.0 (LAN subnet)
Allow all ports, all protocols from 10.0.0.0/255.0.0.0 (VPN subnet)
Allow VPN port, UDP from my country
Deny everything else
On the 115j (a client of the above VPN server), I have the following rules:
Allow all ports, all protocols from 192.168.0.0/255.255.0.0 (LAN subnet)
Allow all ports, all protocols from 10.0.0.0/255.0.0.0 (VPN subnet)
However, when I go to add a 'deny everything else' rule, it throws a warning saying that the connection from my current computer was blocked and that the previous configuration has been used instead.
This occurs when I am accessing the 115j DSM from another PC that is also a VPN client of the 213j.
I can't figure out what is being blocked, when the only connection is (or should be) https from the VPN subnet.
Do I even need to bother configuring the firewall on the 115j that is a VPN client only?
If so, what rules do I need in addition to the 2 I already have on the 115j to prevent the warning that I'm seeing?
Of course, happy to answer any questions if more detail is needed.
Thanks!