NordVPN QuickConnect vs Port Forwarding

6
0
NAS
Synology DS218
Hi there,

So I have recently purchased my first ever NAS - a DS218+. I use this to record off two surveillance cameras amongst other things.

Now I had initially connected my NAS to NordVPN with whom I have a subscription with anyway. I was accessing my DS Cam app using quick connect (this is the only main reason to connect to NAS from the outside apart from occasionally accessing the DS Files app)

I looked into setting up port forwarding using the EZ internet and was having trouble getting my DDNS access working whilst my NAS was still connected to NordVPN. I have done some research online and realised that this is not possible (correct me if i'm wrong?). I don't think I have the technical skill to setup a VPN server and don't really think I have the need to do it anyway (given my intended uses above).

So my questions are
1. Is quick connect "secure enough" (realising nothing is absolute 100%) to use along with the synology apps (ds cam and ds files). I have enabled two factor authentication and have connected to NordVPN.

2. if not, is there a way to connect to nordvpn and have the port forwarding option open?

Please advise and please keep light on the terminology as I'm a newbie to this world!
 
You are looking for a "split tunnel". To do this, uncheck the "Use default gateway on remote network" when setting up your NordVPN connection.

You might also consider using the VPN server, in lieu of DDNS if security is an issue.

Hopefully, @Rusty will chime in here to correct my post :)
 
Rusty will chime in, but not to correct you entirely. @preetraj as @Telos said that is one option to use your NordVPN and still have access to your network.

Personally, I use Nord as well, and as you said, there is no way to have full access to your network when Nord is up. Reason for this is that Nord does not support port forward. So when the tunnel is up all your NAS services will be tunneled as well and you will not be able to access them.

So NOT using default gateway on a remote network is one way to do it. Another way is to keep the setting as it is now, and then using the Advanced settings in network category:

220


simply enable Multiple Gateways

This will allow you to have Nord full time up and still have access to your services on custom ports.

Another way (if this is not working for all your services and needs) is to use Nord on a Docker level (personally I use it like this considering that Multiple getaways are not working for me as intended for certain services).

Considering that you have a '+' NAS model you have a Docker package option. Now Nord installed on your NAS is to cover your NAS traffic. What traffic are you covering up and what apps are you using?

I have another DSM running inside Docker (DDSM) and inside that DSM instance, I have configured (on a custom IP separate from my NAS IP) NordVPN tunnel. What this means is that all the apps that I want to keep inside the tunnel I run via that DDSM instance considering its always inside a tunnel.
As a bonus, my entire LAN is also routed via that DDSM providing my entire LAN and all its devices tunneled access without the need of running Nord client on them and just using 1/6 Nord slots. The way to do this is to simply change your LAN clients gateway parameter from your router IP to your DDSM and that's it.

So the bottom line is what you need Nord for on your NAS and the best way to configure it is up to you, but there are several scenarios to it.
 
Thank you both for your responses. Unfortunately @Rusty much of what you said is way beyond my technical capabilities to understand.

So my questions are
1. Is quick connect "secure enough" (realising nothing is absolute 100%) to use along with the synology apps (ds cam and ds files). I have enabled two factor authentication and have connected to NordVPN.

If I just use nordVPN on as normal (without any port forwarding) and connect to the apps, will that be enough for a novice like me or is that putting me at risk to others accessing my stuff. I have 2FA enabled as well.


You are looking for a "split tunnel". To do this, uncheck the "Use default gateway on remote network" when setting up your NordVPN connection.

Hopefully, @Rusty will chime in here to correct my post :)

@Telos I tried your option. Under external access, under DDNS, it states that the status is normal but when i click on router configuration, all the tests fail. I have checked my router admin page and it has all the necessary ports configured so I am at loss as to why the tests are failing. When i go to attempt to reach my synology using "xxxxx.synology.me" the browser says it cannot connect to the server :(

@Rusty I have the multiple gateways option enabled as well.

Sorry if my responses don't make sense. As i said I am a complete novice at all things IT / networking and have undergone a huge learning curve already so far .
 
I was using quick connect before and tried to setup DDNS and had all this trouble with setup.

QC was and is still working with nordVPN connected.

When I tried to setup DDNS above, I couldn’t reach my nas address on “synology.me”. Does that make sense?
 
@Telos I tried your option. Under external access, under DDNS, it states that the status is normal but when i click on router configuration, all the tests fail. I have checked my router admin page and it has all the necessary ports configured so I am at loss as to why the tests are failing. When i go to attempt to reach my synology using "xxxxx.synology.me" the browser says it cannot connect to the server :(
I'm going by memory here... but I believe you must restart the NAS ... before you do that, track with Rusty's suggestions.
 
Another way is to keep the setting as it is now, and then using the Advanced settings in network category:

View attachment 220

simply enable Multiple Gateways

This will allow you to have Nord full time up and still have access to your services on custom ports.

@Rusty I have managed to set up the DDNS with port forwarding and still have nordVPN working through the multiple gateways option. Is there anything else you suggest I do to further secure my NAS?

I have followed all the steps in the thread "Please help me understand making my NAS secure". I have disabled quick connect as well.

Thanks in advance.
 
@Rusty I have managed to set up the DDNS with port forwarding and still have nordVPN working through the multiple gateways option. Is there anything else you suggest I do to further secure my NAS?

I have followed all the steps in the thread "Please help me understand making my NAS secure". I have disabled quick connect as well.

Thanks in advance.
Glad you got it going. Complex pass, custom ports, 2fa and minimum port exposure if possible. You’ll be fine.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thank you, Birdy for the QC White paper!! Had a smattering of info on it.. Your link filled in the blanks.
Replies
8
Views
383

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top