I need help with setting up my router and NAS.

Currently reading
I need help with setting up my router and NAS.

10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
So, I am sure that the title is very generic. And I apologize. I have tried posting in other forums and get over looked.
I am new to having this type of control (used to just use apple airports). I want the fastest and most secure possible set up.
I have the RT2600 and DS 220+

Goals:
DDNS to both router and NAS
Protected from attacks
Maintain internet speed

Devices I have:
Smart Light bulbs, switches, and ceiling fans
iOs devices
MacOS devices
Xbox Ones
Smart TVs
Windows Laptop
Wireless printer
Roku

Any possible setup suggestions? Static vs Dynamic? Etc.

I sincerely appreciate any help. Im not an idiot but with so much going on, I get frustrated quickly.

My current equipment set up:
Modem -> Router - Wired nas and normal wireless.
 
DDNS to both router and NAS
Welcome

Wouldn’t suggest setting up direct access to your router in any case.

If you will access your nas via ddns then you will have to use a custom port and forward it. In any case change the default one and configure ssl cert for your ddns name.

Protected from attacks
Use Threat package on your router as well as safe access for increased security and minimize port forwards.

For best security and still access from a remote location would be to setup vpn access. This will allow you access to your router and nas without the need to port forward any additional port apart from the vpn one.

Vpn access might not the fastest access but it will be the most secure. It all comes down to what you want with this setup in terms of your nas access and it’s data.
 
Last edited:
Thanks for the quick responses!
Wouldn’t suggest setting up direct access to your router in any case.
Probably for the best. But have some use cases below.
Vpn access might not the fastest access but it will be the most secure. It all comes down to what you want with this setup in terms of your nas access and it’s data.
Use cases
turn devices internet access off or on ( kids behavior, mess with the wife, general status)
uploading/downloading/streaming of a file here and there (Nas is used strictly as Home media server)

Will Synology's VPN be sufficient?
Is it hard to configure?

Use Threat package on your router as well as safe access for increased security and minimize port forwards.
This is where I run into some major problems. Both with firewall and threat package.
Today for example, my sons xbox triggered 20ish alerts. All outgoing , ET INFO Session Traversal Utilities for NAT (STUN Binding Request) and ET INFO Microsoft Connection Test.

In the past 7 days :
Total events : 659
High : 75
Medum : 537
Low : 47

Whats the best practice here?

When it comes to my smart devices (switches, bulbs, and thremostats) where should the live on my network?

Thanks again. Sorry for so many questions
 
Will Synology's VPN be sufficient?
Is it hard to configure?
Once you are inside the LAN over VPN you can do all or this.

It is not hard to set up or configure. Have a look here for more details: VPN, or how to access your data securely, the right way

Today for example, my sons xbox triggered 20ish alerts. All outgoing , ET INFO Session Traversal Utilities for NAT (STUN Binding Request) and ET INFO Microsoft Connection Test.

In the past 7 days :
Total events : 659
High : 75
Medum : 537
Low : 47

Whats the best practice here?
This is (my guess, not a windows user) some sort of analytics from MS side. I would block that and see what happens tbh.

When it comes to my smart devices (switches, bulbs, and thremostats) where should the live on my network?
Guess that depends on the devices. You could move them to a separate vlan or in a guest network, but if they need to talk to some sort of controller in the "main" vlan/subnet you might get into a bit more configuration to make this work. It comes down to how and why you would want/need to separate them.
 
Awesome thank you!
Guess that depends on the devices. You could move them to a separate vlan or in a guest network, but if they need to talk to some sort of controller in the "main" vlan/subnet you might get into a bit more configuration to make this work. It comes down to how and why you would want/need to separate them.
I read somewhere that the slower performance can impact overall network performance. They definitely need to talk to the controller (Apple TV) for hey Siri and HomeKit. I may just leave these alone for the mean time. Or I can force all connections to use 5ghz vs the 2.4ghz they live on. Which may be an easier solution. I will worry more about that later. Ill try resetting up my network to take care of the more important things.

Thank you so much for your time.
 
Last edited:
Sorry to bother you again.

I have VPN plus set up and running on my RT2600. with DDNS set.

How do I access the NAS, I know I can access the router as I tested with DDNSaddress: port# from the ds router application.

With out the port# no access is gained

Or am I totally screwing this up?
 
How do I access the NAS, I know I can access the router as I tested with DDNSaddress: port# from the ds router application.

With out the port# no access is gained

Or am I totally screwing this up?
What protocol are you using via that VPN plus?

Once you are inside via VPN have you tried accessing your nas using its LAN IP address and port?
 
So I just started the VPN client on my phone. Entered the address to my NAS and I can access it. And I can also access from ds file. So maybe im good?
That means it works yes.

I just can't seem to access from ds finder
What exact parameters are you entering when using dsfinder? Are you entering a custom protocol as well?
 
Last edited:
Sorry for late reply. I think I am totally confused here.
So I have set up DDNS on both router and NAS
Synology VPN Plus installed on router, client on phone.
NAS port forwarded on router. (couldn't gain access otherwise)

Client On
Safari -I can access DSM. SRM tries to reroute to DS Router App. (probably expected)
DS Router - With IP : vpn port number can access SRM
DS Finder - with NAS IP:NASport can access DSM
DS File - with NAS IP:NASport can access Files

If I have the VPN client off
I can access both SRM and DSM with their DDNS plus port number in DS Router, DS Finder, DS File.


If I was clear enough to follow. Is this set up right? Am I protected?
I don't have to input the VPN port in order to access the NAS in either scenario.

Should I just give up in this direction and just use quick connect?

Will running the client VPN route all of my phones traffic back to my router?

Am I over thinking this?
 
If I was clear enough to follow. Is this set up right? Am I protected?
it is fine but the only potential problem that I see is this: "I can access both SRM and DSM with their DDNS". Being able to access your router UI via DDNS that's just asking for trouble. Be sure to disable that. If you have VPN access to it then this redundant and in any case, dangerous.
Should I just give up in this direction and just use quick connect?
Why? VPN access works just fine as you have tested it. Using QC will be slower in any case. If you have DDNS setup just use it in your VPN configuration file and disable QC as well as your DDNS access towards your router.

Will running the client VPN route all of my phones traffic back to my router?
If your VPN on the client-side is configured to use the full tunnel and not split then yes, all traffic will be tunneled and pushed inside back to your LAN.

Am I over thinking this?
No, but I think there is room to turn some things off and just stick to 1-2 possible ways of connecting back to your LAN. No need to use all the alternatives.
 
Thanks! Ive got it up and working. Looking at different set ups. I am definitely working out a lot of kinks!

Sorry for late response!
 
I had a similar setup, I ended up relying on QuickConnect for SRM access (make sure SRM external access is not ticked, and amend the SRM firewall rule to only allow the local LAN subnet as the source). Running DDNS for the time being but considering a personal domain for future use.

Tough I have just got VPN working on the router, so I will probably migrate to that as a preferred access method - currently thinking about network segmentation for the next cab off the rank.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top