SRM VPN Plus webpage not accessible remotely

Currently reading
SRM VPN Plus webpage not accessible remotely

219
86
NAS
DS1621+, DS1522+, DS720+
Router
  1. MR2200ac
  2. RT6600ax
  3. WRX560
Operating system
  1. Linux
  2. macOS
  3. Windows
  4. other
Mobile operating system
  1. iOS
Last edited:
I've setup VPN Plus on my RT2600ac using the Synology SSL VPN. This enables the URL https://<hostname>.synology.me:443/ for VPN Plus, which is viewable on the local subnet, but not remotely - it just refuses to display in the browser.

Firewall rules for VPN Plus are enabled in SRM, and a port scan on both the internal LAN IP and the external WAN IP shows that 443 is open. I can remotely connect to SRM on https://<hostname>.synology.me:8001 so I know DDNS resolution is good, and the LE certificates also appear fine. At this point, I'm out of ideas, or probably overlooking something obvious. I've gone through the Synology tutorial for the setup, so I'm at a loss to figure this one out.

Alternately, can anyone recommend a better option for a Mac to SRM VPN config? I'd prefer one that can use built-in VPN client (I guess that means L2TP), though if there's a better way, I'm open to alternatives (openVPN?). By 'better', I mean something that is more secure whilst still being fairly light on the client side.

The use case is a single user (me) having the ability to remote-in to fix other computers on the network, whilst travelling for work.
 
I can remotely connect to SRM on https://<hostname>.synology.me:8001
Be sure to not allow access to your router main UI access over the internet. Ok for testing, but be sure to close this down.

Alternately, can anyone recommend a better option for a Mac to SRM VPN config? I'd prefer one that can use built-in VPN client (I guess that means L2TP), though if there's a better way, I'm open to alternatives (openVPN?). By 'better', I mean something that is more secure whilst still being fairly light on the client side.
OpenVPN user here. Using Viscosity mac client on all my machines to get into my lan. 0 problem for years. Once you configure the client-side it's as simple as a single click to get connected (icon sits on the main menu bar).
 
Be sure to not allow access to your router main UI access over the internet. Ok for testing, but be sure to close this down.
Is this open because of QuickConnect being enabled? I don’t recall explicitly allowing it.

But certainly, a hardening of the setup needs to occur, so definitely will be looking to close non-essential ports currently open.
 
Is this open because of QuickConnect being enabled? I don’t recall explicitly allowing it.
Not necessarily. Check this setting:

Screenshot 2020-12-28 at 10.02.04.png


"Allow external access to SRM" inside system > SRM settings
 
Last edited:
That is unchecked on my system.

However, there is a firewall rule to allow the SRM app, which was set to source Any / Any, I’ve now tightened that up to local subnet. I don’t recall creating this rule.
 
Try switching to port 444, since 443 is used for other things (https) from the outside world:
In VPN Plus Server, change the port for SSL VPN to 444.
Make sure that you DO have the firewall rule set to allow all ports from all IP addresses to go to port 444 on SRM.
Set the VPN Plus client to connect to port 444.
Should be done.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
So you have two sites with identical local IP subnets and even IP assignments? If trying to connect from...
Replies
2
Views
1,052
Did you try to directly connect using the NAS's LAN IP? And that also fails? How exactly are you...
Replies
3
Views
1,542
  • Question
Can't offer any solution, but can you try a different VPN type? OpenVPN? Is your router on the latest...
Replies
2
Views
1,444
That would be an option as well ofc. Still depends on the router and how much OP has control over it, but...
Replies
5
Views
1,762
No VPN client setup on the router is "one for all", not SSID specific.
Replies
1
Views
1,317

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top