DSM 7.1 SSL certificate issue after change of firewall rule

Currently reading
DSM 7.1 SSL certificate issue after change of firewall rule

Hi all!

I use Drive server to sync/share files between different clients, both on LAN and off-site, as well as desktop and mobile clients. All clients use the external address to connect (XX.mydomain.com), including the ones on the LAN side.

The NAS's certificate is up to date and setup for Drive Server.

Regarding the NAS's firewall rules, all ports are open to some select LAN clients. HTTPS is also open to external clients. Drive Server's port was supposed to be opened to external clients too, but see what's next.

Today I realized that external desktop clients could not sync anymore. (But no issue with mobile clients!). I checked the NAS's firewall's rules and realized that Drive Server's port had been inadvertently closed. (Of course, as my usual LAN computer gets all ports open thanks to another rule, I didn't notice the issue.)

Opening the dedicated Drive Server port to external clients solved the issue for them. However, I now get an SSL Certificate warning on my LAN client. I activated a VPN to simulate an off-site location and Certificate issue is gone.

Strangely my mobile device seems to be unaffected by this issue, regardless if it finds itself on the LAN side (WiFi) or outside (4G).

So:
-drive client on my LAN device is setup to connect to Drive Server through XX.mydomain.com
-the same device has access to all NAS's ports thanks to a dedicated firewall rule.
-having Drive Server's port closed on the NAS's side is not an issue (thanks to the previous point), but opening this port brings an SSL certificate warning and blocks the connection.

I don't understand the logic and how to solve this. Loopback issue? Should I simply click on the "Rely" button when prompted with the SSL error? I guess this is not the smart way to solve this issue.

Can someone help me with that?

Thanks a lot!
BR
 
Drive Server's port was supposed to be opened
This is not the default "baked-in" 6690/TCP port but the "log-in" one, yes?

Opening the dedicated Drive Server port to external clients solved the issue for them. However, I now get an SSL Certificate warning on my LAN client. I activated a VPN to simulate an off-site location and Certificate issue is gone.
So, internally it all works fine but outside access results in cert error? If what you said is true, and the clients are using the custom fqdn name to connect to the server, I'm guessing that a valid cert is applied?

Strangely my mobile device seems to be unaffected by this issue, regardless if it finds itself on the LAN side (WiFi) or outside (4G).
That is odd indeed, as with 4G access I would expect the same issue, but them being unaffected by this regardless how they are accessing the server side is a bit off I have to say.
 
Upvote 0
Hi Rusty,

Thank's for your answer!

Following your post I wanted to check some points before I answer to your questions. Unfortunately, I didn't find the time to do so yet, and other, more critical issues appeared. I will reply to your message asap, probably by the end of the week.

Thank you for your understanding and for answering my questions!
BR
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

Hello, It is me again - and I've got the solution. I am afraid that the problem was me. I did mistype the...
Replies
1
Views
2,377
Yes I want full access RW to everything. The reason being I split my time between different countries and...
Replies
6
Views
2,094
Yes, that is what my testing is showing. It is strange! I wish this could be managed in the drive software...
Replies
2
Views
911

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top