Help needed with remote access

Currently reading
Help needed with remote access

88
19
NAS
DS920+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. iOS
Hi All,

I've previously upgraded to DSM 7.2 and had no problems. However, I logged into DSM yesterday, and now I have a couple of issues that I'm hoping someone can help me with.

Quickconnect has stopped working. I get a message at the bottom of the window saying "! Network error occurred, please check your DNS and network Settings". As far as I know I haven't changed anything, and my network settings look the same as they always have as far as I can tell...
Screenshot 2023-06-26 at 08.38.02.png

I tried DDNS instead, but I'm getting the below error with that...
Screenshot 2023-06-26 at 08.41.35.png


I tried running through the advice here , but that didn't help.

Any input is really appreciated, Thanks.
 
Solution
Thanks, @fredbert, for trying to help, but I've just figured out what I'd done 😞. I've been getting security detections in my UDM Pro, of IP's (categorized as CI Army or DShield) sniffing my open ports (Plex and Nginx Reverse Proxy). Blocking individual IP's seems futile, as there's always more. So I occasionally block a country altogether. I've only blocked a few big countries and a couple of obscure ones too. However, the other day I blocked Germany. I feel so stupid to say the least, but lesson learnt. I'm just paranoid about these constant attempts to get in. I presume as it's a RP it's fairly safe? I'm guessing 'best practice' is to probably close all ports, but I'm sharing a couple services on my NAS with family and don't...
You can check the Date/Time settings and see if the NAS has somehow managed to get itself on the wrong time. Also Certificates, check that you have the right ones assigned, and that they are up to date. In QuickConnect and DDNS see that they are also up to date and also correctly configured.

If you don't need IP v6 then you can disable it, also in you're screenshot enable to using IP v4 first.

I take it that you still have access using the NAS's LAN IP, that it's just the QC/DDNS methods that used to work but don't now.
 
Upvote 0
You can check the Date/Time settings and see if the NAS has somehow managed to get itself on the wrong time.
I've checked that.

Also Certificates, check that you have the right ones assigned, and that they are up to date. In QuickConnect and DDNS see that they are also up to date and also correctly configured.
I did have to update my wildcard certificate for my own domain, but everything else was/is upto date. When I tried to get DDNS working I did click on "Get a certificate from LetsEncrypt and set as default". This obviously assigned the DDNS certificate to everything except Quickconnect (which can't be changed). I then changed the certificates for mydomain.photos, mydomain.drive etc. back to the wildcard certificate for mydomain. I wasn't sure which certificate to use for everything else e.g. calendar [port number], FTPS etc. I have 4 certificates DDNS, Quickconnect, *.MyDomain and the Default Synology Certificate. I'm not 100% what they were before, so I've set *.mydomain to mydomain.photos etc and the Synology default certificate for everything else.

also in you're screenshot enable to using IP v4 first
I thought that looked like it should be ticked, but as I hadn't gone anywhere near that, I just left it as is. I've turned it on now, but it's not made any difference.

I take it that you still have access using the NAS's LAN IP, that it's just the QC/DDNS methods that used to work but don't now.
That's correct. I've never used DDNS to access the NAS, it was previously enabled, but I have disabled it now. All the apps I use that connect through QC ie Secure Signin, Photos and Drive are also now not working.

I know it's likely something I've done yesterday that's caused this. I was playing with my router (UDM Pro). I set up Teleport from my phone and iPad, but I'm pretty sure Teleport was already enabled, just no connections setup. I was also looking at my port forwarding rules. I only have Plex's default port and the port for Nginx Reverse Proxy open. When I noticied an issue with Quickconnect, I did see some message about making sure port 80 was forwarded. I temporarily turned on a rule I have that forwards port 80 to Nginx RP but as it didn't resolve the issue I then turned it off again.

I've restarted the NAS and the router since, just in case, but still no joy.

Sorry for the long post, but hopefully being honest about what a noob has messed about with might help lol. Thanks.
 
Upvote 0
Thanks, @fredbert, for trying to help, but I've just figured out what I'd done 😞. I've been getting security detections in my UDM Pro, of IP's (categorized as CI Army or DShield) sniffing my open ports (Plex and Nginx Reverse Proxy). Blocking individual IP's seems futile, as there's always more. So I occasionally block a country altogether. I've only blocked a few big countries and a couple of obscure ones too. However, the other day I blocked Germany. I feel so stupid to say the least, but lesson learnt. I'm just paranoid about these constant attempts to get in. I presume as it's a RP it's fairly safe? I'm guessing 'best practice' is to probably close all ports, but I'm sharing a couple services on my NAS with family and don't really know what's the best way to do this other than through an RP. That's why I was playing with Teleport on my router. Is something like that, or a normal VPN server, a better way for family members to access services? Thanks again for your time (y)
 
Upvote 0
Solution
Well done for figuring it out!

Can the UDM Pro be configured to drop the alerted connection attempts?

I'm hoping it does, but not sure tbh and haven't been able to figure it out yet.

Here's an example detection...

Screenshot 2023-06-26 at 14.58.02.png


However, as you can see in the 'Traffic Information' section at the bottom, under 'Action' it says it's allowed and gives me the option to Block connection/IP under that. I've got lots to learn. :rolleyes:
 
Upvote 0
My intrusion settings are set to “Detect and Block” and now that I've turned the notifications on, it clearly says these attempts are being blocked. I wish it had been a bit clearer to start with, as I've been worrying about these for some time. At least I now know the UDM Pro is doing its job!

Thanks again for your help @fredbert :)
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
OK... so I'm beginning to follow now! If I install VPN server on the work NAS and use OpenVPN on my home...
Replies
4
Views
980
  • Question
Actually it was ‘parcel centre’ that was having problems ;)
Replies
10
Views
2,069
I would suggest having your VPN server on Synology generate a new profile, and then adjust that profile...
Replies
10
Views
3,195
  • Solved
Glad it’s working. Now you can help the next person! No reward necessary 😎
Replies
14
Views
2,343
I don't recommend exposing the NAS directly to the internet. Modem>Powerline>Router>Devices (wired/Wi-Fi)
Replies
18
Views
2,758

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top