I need help with setting up my router and NAS.

Currently reading
I need help with setting up my router and NAS.

10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
So, I am sure that the title is very generic. And I apologize. I have tried posting in other forums and get over looked.
I am new to having this type of control (used to just use apple airports). I want the fastest and most secure possible set up.
I have the RT2600 and DS 220+

Goals:
DDNS to both router and NAS
Protected from attacks
Maintain internet speed

Devices I have:
Smart Light bulbs, switches, and ceiling fans
iOs devices
MacOS devices
Xbox Ones
Smart TVs
Windows Laptop
Wireless printer
Roku

Any possible setup suggestions? Static vs Dynamic? Etc.

I sincerely appreciate any help. Im not an idiot but with so much going on, I get frustrated quickly.

My current equipment set up:
Modem -> Router - Wired nas and normal wireless.
 

Rusty

Moderator
NAS Support
2,891
878
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
DDNS to both router and NAS
Welcome

Wouldn’t suggest setting up direct access to your router in any case.

If you will access your nas via ddns then you will have to use a custom port and forward it. In any case change the default one and configure ssl cert for your ddns name.

Protected from attacks
Use Threat package on your router as well as safe access for increased security and minimize port forwards.

For best security and still access from a remote location would be to setup vpn access. This will allow you access to your router and nas without the need to port forward any additional port apart from the vpn one.

Vpn access might not the fastest access but it will be the most secure. It all comes down to what you want with this setup in terms of your nas access and it’s data.
 
10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
Last edited:
Thanks for the quick responses!
Wouldn’t suggest setting up direct access to your router in any case.
Probably for the best. But have some use cases below.
Vpn access might not the fastest access but it will be the most secure. It all comes down to what you want with this setup in terms of your nas access and it’s data.
Use cases
turn devices internet access off or on ( kids behavior, mess with the wife, general status)
uploading/downloading/streaming of a file here and there (Nas is used strictly as Home media server)

Will Synology's VPN be sufficient?
Is it hard to configure?

Use Threat package on your router as well as safe access for increased security and minimize port forwards.
This is where I run into some major problems. Both with firewall and threat package.
Today for example, my sons xbox triggered 20ish alerts. All outgoing , ET INFO Session Traversal Utilities for NAT (STUN Binding Request) and ET INFO Microsoft Connection Test.

In the past 7 days :
Total events : 659
High : 75
Medum : 537
Low : 47

Whats the best practice here?

When it comes to my smart devices (switches, bulbs, and thremostats) where should the live on my network?

Thanks again. Sorry for so many questions
 

Rusty

Moderator
NAS Support
2,891
878
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Will Synology's VPN be sufficient?
Is it hard to configure?
Once you are inside the LAN over VPN you can do all or this.

It is not hard to set up or configure. Have a look here for more details: VPN, or how to access your data securely, the right way

Today for example, my sons xbox triggered 20ish alerts. All outgoing , ET INFO Session Traversal Utilities for NAT (STUN Binding Request) and ET INFO Microsoft Connection Test.

In the past 7 days :
Total events : 659
High : 75
Medum : 537
Low : 47

Whats the best practice here?
This is (my guess, not a windows user) some sort of analytics from MS side. I would block that and see what happens tbh.

When it comes to my smart devices (switches, bulbs, and thremostats) where should the live on my network?
Guess that depends on the devices. You could move them to a separate vlan or in a guest network, but if they need to talk to some sort of controller in the "main" vlan/subnet you might get into a bit more configuration to make this work. It comes down to how and why you would want/need to separate them.
 
10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
Awesome thank you!
Guess that depends on the devices. You could move them to a separate vlan or in a guest network, but if they need to talk to some sort of controller in the "main" vlan/subnet you might get into a bit more configuration to make this work. It comes down to how and why you would want/need to separate them.
I read somewhere that the slower performance can impact overall network performance. They definitely need to talk to the controller (Apple TV) for hey Siri and HomeKit. I may just leave these alone for the mean time. Or I can force all connections to use 5ghz vs the 2.4ghz they live on. Which may be an easier solution. I will worry more about that later. Ill try resetting up my network to take care of the more important things.

Thank you so much for your time.
 
10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
Last edited:
Sorry to bother you again.

I have VPN plus set up and running on my RT2600. with DDNS set.

How do I access the NAS, I know I can access the router as I tested with DDNSaddress: port# from the ds router application.

With out the port# no access is gained

Or am I totally screwing this up?
 

Rusty

Moderator
NAS Support
2,891
878
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
How do I access the NAS, I know I can access the router as I tested with DDNSaddress: port# from the ds router application.

With out the port# no access is gained

Or am I totally screwing this up?
What protocol are you using via that VPN plus?

Once you are inside via VPN have you tried accessing your nas using its LAN IP address and port?
 
10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
Synology SSL VPN
( followed instructions here :Synology Router Manager - Knowledge Base | Synology Inc. )

Though I may be an idiot.

So I just started the VPN client on my phone. Entered the address to my NAS and I can access it. And I can also access from ds file. So maybe im good?

I just can't seem to access from ds finder

Thanks again.
 

Rusty

Moderator
NAS Support
2,891
878
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
So I just started the VPN client on my phone. Entered the address to my NAS and I can access it. And I can also access from ds file. So maybe im good?
That means it works yes.

I just can't seem to access from ds finder
What exact parameters are you entering when using dsfinder? Are you entering a custom protocol as well?
 
10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
I couldn’t figure out what to enter. I’ll revisit after work.
 

Rusty

Moderator
NAS Support
2,891
878
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I couldn’t figure out what to enter. I’ll revisit after work.
Send a screenshot of what you are trying to do, maybe it will be easier to detect the problem.
 
10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
Last edited:
Sorry for late reply. I think I am totally confused here.
So I have set up DDNS on both router and NAS
Synology VPN Plus installed on router, client on phone.
NAS port forwarded on router. (couldn't gain access otherwise)

Client On
Safari -I can access DSM. SRM tries to reroute to DS Router App. (probably expected)
DS Router - With IP : vpn port number can access SRM
DS Finder - with NAS IP:NASport can access DSM
DS File - with NAS IP:NASport can access Files

If I have the VPN client off
I can access both SRM and DSM with their DDNS plus port number in DS Router, DS Finder, DS File.


If I was clear enough to follow. Is this set up right? Am I protected?
I don't have to input the VPN port in order to access the NAS in either scenario.

Should I just give up in this direction and just use quick connect?

Will running the client VPN route all of my phones traffic back to my router?

Am I over thinking this?
 

Rusty

Moderator
NAS Support
2,891
878
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
If I was clear enough to follow. Is this set up right? Am I protected?
it is fine but the only potential problem that I see is this: "I can access both SRM and DSM with their DDNS". Being able to access your router UI via DDNS that's just asking for trouble. Be sure to disable that. If you have VPN access to it then this redundant and in any case, dangerous.
Should I just give up in this direction and just use quick connect?
Why? VPN access works just fine as you have tested it. Using QC will be slower in any case. If you have DDNS setup just use it in your VPN configuration file and disable QC as well as your DDNS access towards your router.

Will running the client VPN route all of my phones traffic back to my router?
If your VPN on the client-side is configured to use the full tunnel and not split then yes, all traffic will be tunneled and pushed inside back to your LAN.

Am I over thinking this?
No, but I think there is room to turn some things off and just stick to 1-2 possible ways of connecting back to your LAN. No need to use all the alternatives.
 
10
3
NAS
DS 220+
Router
  1. RT2600ac
Operating system
  1. macOS
  2. other
Mobile operating system
  1. iOS
Thanks! Ive got it up and working. Looking at different set ups. I am definitely working out a lot of kinks!

Sorry for late response!
 
115
48
NAS
2x DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. Windows
  4. other
Mobile operating system
  1. iOS
I had a similar setup, I ended up relying on QuickConnect for SRM access (make sure SRM external access is not ticked, and amend the SRM firewall rule to only allow the local LAN subnet as the source). Running DDNS for the time being but considering a personal domain for future use.

Tough I have just got VPN working on the router, so I will probably migrate to that as a preferred access method - currently thinking about network segmentation for the next cab off the rank.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top