with my tethered connection I see this -->
Screenshot
with Tunnelblick and VPN I see this -->
Screenshot (and i can surf the web and join my NAS)
with my LAN connection -->
Screenshot
I believe yes, you’re routing all traffic.
From what little I can see, it looks like your tethered+vpn ip address matches your LAN’s public IP address. But you can tell, you have the full picture.
What you can do is use the duplicate option in the settings to duplicate the current configuration and remove (or hash to comment) :
redirect-gateway def1
dhcp-option DNS [IP address]
This way, only the traffic directed to your DS and home LAN will be routed through the tunnel, while the rest will go over the default connection. You’ll have both and you can choose which one to use depending on the situation.
I assume then that all went fine right? Well about your question "But do you want or need to route all traffic through the VPN tunnel?" i don't know i mean...i think that is more secure or maybe i'm wrong what can you tell me?
No, it does not increase the security. Unless you think of application security (for instance accessing your online banking over public WiFi vs going through your tunnel out of your home’s gateway). The traffic to your NAS and LAN is already secured with the VPN. Routing all traffic will make other services go through the VPN too. For example, web traffic when browsing the internet, your browser will go through the tunnel and use your home’s gateway (router) and DNS services (that’s why ipleak.net showed your home’s public IP address, because the page request went out of your home).
Usually, that’s not needed (unless you want to “fake” your location, or for application security as mentioned above). Another example is your email client fetching or sending mail. Do you want that to go through the tunnel? I don’t think so.
They will just add more traffic to your VPN tunnel.
PS: just want that you assure me about the security of all these actions with my VPN, i'm ok now and secure right?
Implement other security measures discussed in the forum too. Like account blocking and 2FA. Just understand them first so you don’t lock yourself out.
There’s no 100% sure thing but this is as good as it gets with only one port open on your router and VPN for remote access.
(Talking about home use of course).
About the "Do you have any services that you’re accessing (or need to access) remotely without a VPN?" i don't think so but maybe i think about download manager or dropbox sync and so on...will I mess something if i block all?
Just uncheck the “All, All, Italy, allow” rule for now. You’ll end up with VPN only for remote access (only from Italy for now according to your rule).
You’ll know when you need it. Besides, if all you’ve forwarded is the single UDP port (for VPN) on your router, then this rule (“All, All, Italy, allow”) is useless for now.
If you want just tell me the best settings with screenshot and i will do the trick
There’s no best or worst. It all depends on what you’re trying to accomplish and the compromises you’re willing to take to achieve it.
BEST BEST BEST HELP ON ALL FORUMS GUYS!!!!
At SynoForum we aim to please. Welcome aboard. We occasionally have some cookies too, but you know, with this cowardly virus roaming the globe, we ran out. We have some
100ML hand sanitizer though. Enjoy