RT2600ac Some VPN Plus 'troubles'

[xvilar]

I've been testing VPN Plus, and for Windows 10 it really rocks! At least Synology SSL VPN... but in Ubuntu 20.04 clients I'm not able to install the latest VPN SSL Client... it seems it's only for Ubuntu 16.x and I've read, it's because installation method changed in Ubuntu... are there plans to upgrade the Synology SSL VPN Client for Ubuntu 20.04???

And also, OpenVPN configuration does not allows to use "Local Network" for clients, why? is not possible to connect to local network using OpenVPN

I've tried too to Enable SSTP VPN (with Synology VPN SSL VPN disabled) but I get a User has not permissions, using the same user / password I've for SSL VPN, checking the Permisions for this user to allow it using SSTP VPN.... it does not works? BTW the login SSTP VPN webpage is the same than SSL VPN?

Thanks!

 

[fredbert]

The OpenVPN server in VPN Plus does have 'Allow clients to access server's LAN', just like in DSM's VPN Server. This should permit access onto the LAN.

I haven't tried SSL-VPN with Linux and don't use SSTP due to no Windows PC. But the various 'plus' services do seem to access the same web portal no matter what which activated service's URL and port you use.

 

[xvilar]

The OpenVPN server in VPN Plus does have 'Allow clients to access server's LAN', just like in DSM's VPN Server. This should permit access onto the LAN.

Thanks @fredbert , I've found that capability and I enabled it, and it works. But I cannot get the Synology Router that works as a DNS server, so I cannot resolve my internal local networks 'names and IPs' from my external Linux connected with OpenVPN... but I can get to all of them through their IPs... I can manage that, but I would like to have access to router DNS service also from Openvpn external connected devices...

I haven't tried SSL-VPN with Linux and don't use SSTP due to no Windows PC. But the various 'plus' services do seem to access the same web portal no matter what which activated service's URL and port you use.

I've found that SSTP has NOT to be accessed through a browser, so it has to be configured a client in Linux for example, for SSTP vpn connections. It's a pitty that for Ubuntu 20.04 there's no yet a sstp client :-(

I've tried also WebVPN and it works from a linux navigator without client, but it's only for internal web access... (web services only, 80 and 443).

Thanks!

 

[fredbert]

I'm running SRM DNS Server with slave zones from DSM DNS Server. I have master zones for my personal domain on the DSM DNS Server.

In OpenVPN I've set the DNS server to be the SRM router's LAN IP. Seems to work. But I also have the main SRM Internet settings using itself as the first DNS server and, likewise, have the SRM DHCP set to distribute the router as the DNS server.

You shouldn't have to but you can edit the .ovpn file and add these type of instructions (I only add the DOMAIN one).

dhcp-option DNS router_IP_address
dhcp-option DOMAIN mydomain.com

 

[xvilar]

I'm running SRM DNS Server with slave zones from DSM DNS Server. I have master zones for my personal domain on the DSM DNS Server.

In OpenVPN I've set the DNS server to be the SRM router's LAN IP. Seems to work. But I also have the main SRM Internet settings using itself as the first DNS server and, likewise, have the SRM DHCP set to distribute the router as the DNS server.

You shouldn't have to but you can edit the .ovpn file and add these type of instructions (I only add the DOMAIN one).

dhcp-option DNS router_IP_address
dhcp-option DOMAIN mydomain.com

Thanks @fredbert I've to test it, but I think the point is that with assigned OpenVPN ip range (172.22.0.0/24) I will be not able to do DNS request (53) to 192.168.1.1. RSM router (like it's forbiden or something like that).

 

[Rusty]

Thanks @fredbert I've to test it, but I think the point is that with assigned OpenVPN ip range (172.22.0.0/24) I will be not able to do DNS request (53) to 192.168.1.1. RSM router (like it's forbiden or something like that).

Do you have a firewall up? If so, make sure to allow your VPN subnet traffic to your LAN subnet. Should work then just fine.

 

[fredbert]

When you look at the SRM firewall you'll see that source and destination can be All / country /specific IP / SRM. That 'SRM', as far as I can tell, will be interpreted as any IP address that is associated to the router:

• Internet IP
• LAN IP
• Guest LAN IP
• VPN server gateway 1/2/3/... IP

It is interpreted as needed based on the client that is trying to access the router. So you could put the OpenVPN server IP (172.22.0.1) as the DNS server of OpenVPN clients. That should work.

 

[xvilar]

Thanks @fredbert and @Rusty for your answers... I'm sharing what I've finally done:

I wasn't able to let OpenVPN range (172.22.0.0/24) to request via tcp/udp port 53 to SRM (192.168.1.1 - 172.22.0.1). I was able from 'external device connected to that range to do everything tcp/up to the local network 192.168.1.0/24 (ssh linux devices, rdp windows computers, etc.) but no to resolve names from SRM. I've tried also 172.22.0.5 that was the default gateway/route Openvpn added to the 'external' device. And of course, in the SRM firewall I added a rule:
Source 172.22.0.0/24 - Target 192.168.1.0/24 - Port 53 (tcp/udp) (and also 172.22.0.1 + 172.22.0.5 as targets...)
And nothing. So OpenVPN helps me to connect my local network, but without having local domain resolution.

Finally I've found a way to deploy SSTP Client for Ubuntu 20.04 Focal in my Ubuntu 20.10 Grovy. So I've been able to configure SSTP VPN, and it works very well from my Linux devices, getting access to all my local network, and being able to get DNS answers from SRM in order to resolve local network names... I've to try SSTP from Windows computers.

I think I will use SSTP until Synology launches a Linux / Ubuntu VPN Plus SSL Client updated to be used in Ubuntu 20.10 (the latest one was for Ubuntu 16.x.

BTW is it better VPN Plus SSL than SSTP? is SSTP secure enough?

Thanks again! Cheers.

 

[xvilar]

BTW a bit dissapointed about Synology 'support' / participating in their 'official' forum ... 2 or 3 questions, and no answer from Synology staff (workers, etc)... altough I love the RT2600AC and SRM (they rock!!!) it's a bit fustrating to not get answers from them (unles you fredbert or rusty are synology staff )

 

[Rusty]

Synology 'support' / participating in their 'official' forum

On the previous version of the forum, there were 0 official Syno staff members. Now there are some but the forum is not the main communication channel with them, so don't expect any answers any time soon.

 

[fredbert]

unles you fredbert or rusty are synology staff

Nope

 

[Rusty]

Nope

If I was... I would have a lot more NAS devices (a lot)

 

[xvilar]

Thanks both for the help and the good vibes... BTW is it better VPN Plus SSL than SSTP? is SSTP secure enough?

 

[fredbert]

Not used SSTP as it looks to be a Windows technology by Microsoft. A bit of googling gets plenty of hits.

You may have to open a Synology support ticket to get the Linux SSL-VPN client investigated. As for iOS, I find the mobile VPN Plus client works reliably. But then I have L2TP and OpenVPN working too.

 

[xvilar]

Not used SSTP as it looks to be a Windows technology by Microsoft. A bit of googling gets plenty of hits.

I would like opinion from real users, like you

You may have to open a Synology support ticket to get the Linux SSL-VPN client investigated. As for iOS, I find the mobile VPN Plus client works reliably. But then I have L2TP and OpenVPN working too.

opened! thnx!