Hello guys, I am sorry for my late response, but I was travelling due to work duties.
Well, I'm just guessing here but I will say you have a dynamic IP address (WAN). If so, the resolution of your ddns name will report back to your current wan IP address. This will probably change at some point if not every 24h.
So is this a security issue? Well yes and no. If there are no services published on that wan ip then you have nothing to worry about. If there are, then make sure that you have only services that you actually need and that the actual services are patched.
Hello Rusty,
I don't have any services running that receive any external connections. So regarding this thought I should be fine I guess.
Thank you for the response and point of view!
I may have misunderstood but I’ve read the post that you have port forwarded 6690 on your router. This would expose your NAS to the wider world. If I need to access Synology Drive while I am out and about, I use OpenVPN or Tailscale. No need to export any direct ports to services.
Hello AdrianEarnshaw,
you understood correctly. I had to open / forward the port in my router to be able to connect via the Synology Drive client, using the DDNS. Without forwarding this port to the local IP of my NAS, I was not able to connect.
And everything started because of the SSL certificate that I needed to replace. And since I did not know any other way than to create a "domain" to create the certificate, I had to go that way.
I just need to access the Synology Drive locally - I don't want to use it if I am not connected to my local network. But as soon as I enter the local IP address to the Synology Drive client, I receive the SSL error message again. I have to use the DDNS to be able to operate using the certificate from Let's Encrypt.
If I am mistaken, please tell me what I can improve! I would be very grateful!
Thanks a lot for considering a response! It is highly appreciated!
Hi,
I use the synology.me DDNS from time to time, so I have some knowledge of it. I hope you don't mind me checking some of the basics first:
Are you sure you can ping your xxxx.synology.me account from the external side (ie an external network)? We have all accidentally tested from inside our own lan, where it would be normal for a ping response, rather than switching to an external network.
My LAN ping:
Code:
rob@MBP-Rob ~ % ping xxx.synology.me
PING xxx.synology.me (91.1xx.xx.xx): 56 data bytes
64 bytes from 91.1xx.xx.xx: icmp_seq=0 ttl=64 time=2.671 ms
My WAN ping (ie from internet):
Code:
rob@MBP-Rob ~ % ping xxx.synology.me
[silence...]
^C
rob@MBP-Rob ~ %
I also note you use of a port (6690) - this is somewhat surprising as I have not come across a reason for doing so and the synology.me DDNS works fine for me without it.
I also happen to be 'one of those people' who uses the UPNP capability of my router (some call it 'running with scissors') but I understand it and monitor it. I checked my logs and there has been zero unexpected ports being forwarded when I use the synology.me DDNS.
️
Hello Robbie, another big thank you for responding to my post with your point of view.
I have tried pinging from two different devices. One connected to my local network, the other one to a mobile hotspot via tethering.
The local response times were about 1ms, while the response times from the hot spot were about 50ms.
As I said above in my response to Adrian, I had to forward the port to the IP address of my NAS, because otherwise I would not have been able to connect to my Synology Drive server (even in my local network) using the DDNS, instead of the numerical IP.
If I could, I wouldn't open any port of use the synology.me DDNS to synchronize files of my devices. But It just did not work any other way.
But maybe you've got another idea that may help me out. It would be nice to hear from you again!
Thank you very much for your time.
Best Regards,
Schewa
