Split tunnels?

Currently reading
Split tunnels?

248
15
Operating system
  1. macOS
Mobile operating system
  1. iOS
Any way to split Synology traffic so that any synology specific tasks are going to one IP, while internet and other tasks continue to the second network?

Use case ~ want to continue to use TaleScale which has been amazing. Problem is TS is a vpn configuration and makes it a PIA on iOS devices to use when you want the majority of activity going through a 3rd party vpn service. Currently you need to manually turn one service on, switch to the other and turn it on (various delays w/each step.). Goal would be all Synology traffic to travel to the TS service, everything else to the 3rd party vpn.

Anyone encounter these needs?

Split tunnel, proxies, exit port through encrypted vpn node?
 
Host: Synology
Clients: iOS (iPhone/ioPads) and MacOS devices

Technically, yes two vpn services.
Synology services: Synology iOS apps (drive, dsm, files) + services as in webdav. Mostly inbound, outbound at times.
In the future this will include a media server.
 
OK. I'll use iOS/iPhone to mean iOS/padOS/macOS. But then this sounds that the question is:

How do I configure my iPhone to work with two VPN services, neither of which have anything to do with the NAS, so that some* traffic goes via one Internet VPN service and the rest goes via the other Internet VPN service?​
*this traffic is between my Synology client and server applications.​

It's a case of split tunnel setup in whatever VPN client application you use on the iPhone. This client would have to be able to support multiple VPN server connections and have a routing configuration so that specific destinations are down one VPN and the rest will default to the other. I don't know of a client that supports this, but then I haven't gone out and looked either. You may have more luck building something on macOS, before Apple bolt in down, but it's not really a topic of these forums.

TBH I don't understand why you'd do this because: how does TaleScale add to security of your NAS data if it breaks out to the Internet and then routes across to your NAS's Internet connection? I could see some reason if you were using VPN Server to tunnel iOS to NAS and everything else to an Internet VPN service.
 
Host: Synology
Clients: iOS (iPhone/ioPads) and MacOS devices

Technically, yes two vpn services.
Synology services: Synology iOS apps (drive, dsm, files) + services as in webdav. Mostly inbound, outbound at times.
In the future this will include a media server.
OK. I'll use iOS/iPhone to mean iOS/padOS/macOS. But then this sounds that the question is:

How do I configure my iPhone to work with two VPN services, neither of which have anything to do with the NAS, so that some* traffic goes via one Internet VPN service and the rest goes via the other Internet VPN service?​
*this traffic is between my Synology client and server applications.​

It's a case of split tunnel setup in whatever VPN client application you use on the iPhone. This client would have to be able to support multiple VPN server connections and have a routing configuration so that specific destinations are down one VPN and the rest will default to the other. I don't know of a client that supports this, but then I haven't gone out and looked either. You may have more luck building something on macOS, before Apple bolt in down, but it's not really a topic of these forums.

TBH I don't understand why you'd do this because: how does TaleScale add to security of your NAS data if it breaks out to the Internet and then routes across to your NAS's Internet connection? I could see some reason if you were using VPN Server to tunnel iOS to NAS and everything else to an Internet VPN service.
"How do I configure my iPhone to work with two VPN services" - yes, sorting through I think this is the actual question.

MacOS everything works great. I am actually working remote right now, and connected to my home network AND and the ip is showing as another city. Down to the iPhone/iPads now. Yes, I am not familiar w/any actual iOS clients that support split tunnel or such unique configurations - haven't look specifically though familiar w/quite a few and haven't noticed. Will need to start hunting.

YES - tunnel iOS to NAS (that is TaleScale) and everything else to an internet vpn - EXACTLY.
 

On iOS, the system also enforces a limit of running one VPN at a time. Until this policy changes, running more than one VPN at a time on iOS is not possible.
 
Was getting that impression....everything runs so smooth now on Mac but no love for the iOS.

This brings me to the topic of creative work arounds. Wonder if an exit can be used so the iPhone is always connected to TailScale, and with the exit path at Synology it picks up the Synology IP (and the Synology IP is already on VPN so essentially accomplishing the same goal? Maybe proxies? There are probably other ways to get the same result, right?
 
Have just been reading on the TailScale web site. I see what it's doing now and seems lightly analogous SD-WAN, which uses meshed VPN that's been around for decades. The tunnel and key management is the thing that was needed to be made more simple and centralised. That and TailSCale is using Wireguard as opposed to more traditional IPsec VPN.

For the iPhone you could tunnel down TailScale to the NAS and its Proxy Server. This would then use the NAS to break out to the Internet. Or maybe, I don't know, the TailScale service on the NAS site will just allow tunnelled traffic to loop out the the Internet? Either way you are reliant on your ISP's up and down bandwidth for these iPhone flows.
 
"For the iPhone you could tunnel down TailScale to the NAS and its Proxy Server. This would then use the NAS to break out to the Internet. Or maybe, I don't know, the TailScale service on the NAS site will just allow tunnelled traffic to loop out the the Internet?"

Yes, this is the only way I'm seeing as a possibility at the moment...the TaileScale 'exit' note which (in theory) would exit to the third party vpn. So then it would be a full trip through the cell provider or local wifi, then another fully trip out at the exit isp through the vpn....might end up being too slow...
 
Certainly has the possibility of being sub-optimal. If the NAS's site is close to either the iPhone or destination then that wouldn't add much latency to the extra leg. But you're still constrained to whichever is the lower bandwidth at the NAS site: ISP inbound; ISP outbound.
 
Certainly has the possibility of being sub-optimal. If the NAS's site is close to either the iPhone or destination then that wouldn't add much latency to the extra leg. But you're still constrained to whichever is the lower bandwidth at the NAS site: ISP inbound; ISP outbound.
If iPhone is near the NAS then no issues as I'd share the same wifi.
Tried getting that command to activate Exit settings but running into errors.
 
Got it. Most times I'll be within 30 miles of the network.
Hitting errors trying to enable the Exit mode on synology.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
If you don't use a split tunnel VPN, then all IP traffic will go through the VPN gateway, instead of only...
Replies
2
Views
2,120
  • Question
Not sure this will work w/HB. IIRC, CF has upload size limits.
Replies
4
Views
1,237
I've done it with a WireGuard server on a VPS before, that was OK (maybe I'm too cheap to pay £5 per month...
Replies
4
Views
3,021

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top