Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

synology tech support

Cyberwasp

Subscriber
387
71
NAS
Synology DS920+
Operating system
  1. Windows
Mobile operating system
  1. Android
I came to a realization today. The people here are definitely smarter than the, "techs," at Synology which makes me wonder. I had two issues today. The first was regarding a firewall setting I had forgotten. The tech told me I didn't need a firewall since I'm a home user. I explained that I have a multitude of users on may nas and yes I do. Luckily I came here and asked the same question and immediately got the answer from @PunchCardBoss, Thank you.

I then put in a feature request to be able to add a VPN like EasyVPN or NordVPN to the nas. The tech responded that OpenVPN was one. But again due to a discussion with Fredbert found that they are not. OpenVPN only allows users with the client on their device to connect to the nas securely. Whereas EasyVPN and NordVPN bypass your Internet providers server so they can't track you!!

My idea was since my internet traffic goes to my NAS first due to my static ip that my router points to, why not have a vpn on the nas, that way everything connected to the network passes through it first. Just like pihole stops the add getting to my PC! Right??

Disclaimer: I'm definitely not the smartest tool in the box but have sold quite a few ideas over the past.
 
My idea was since my internet traffic goes to my NAS first due to my static ip that my router points to
What do you mean by that? Your traffic coming from the internet (ingress) goes to any client inside your network that is communicating with the internet (NATed by your router). Or are you talking about traffic from your LAN to the internet (egress). Sorry, I don’t understand 🙂

why not have a vpn on the nas
If your NAS is connected to a VPN provider (e.g. Mullvad, ExpressVPN, NordVPN…) then you can use it as the default gateway for the clients on the LAN to route their traffic over the VPN connection too (if I understood what you’re implying).
 
Ok, am literally losing my mind an am about to drop the idea and just use as is.

1) When I setup my nas, I set a static ip. I then pointed my router to it. I then setup Pihole. in doing so all of the popup adds on websites where blocked.

If I'm understanding it right. the websites first go to the nas and are filtered by pihole and sent to the PC, add free. My question is. Why can't someone put say Easyvpn on the nas and have it work the same way.. No one has coded one that way but why not.
 
Ok, am literally losing my mind an am about to drop the idea and just use as is.
No hang on, let us both understand first 🙂

I then pointed my router to it.
This is the bit that's confusing me. What do you mean by "pointed my router to it"? Do you mean forwarded some ports to the NAS? And if so what's that got to do with blocking adds?

If I'm understanding it right. the websites first go to the nas and are filtered by pihole and sent to the PC, add free.
The websites don’t load through the NAS. The adds are blocked mostly by pi-hole blocking their DNS calls from your client's browser. When you enter a website on your browser, the page loads with many things coded, among them are calls to the adds, pi-hole blocks the DNS (Domain Name System) calls (by acting as your DNS server) so they don't load (most widely used way of blocking).

Why can't someone put say Easyvpn on the nas and have it work the same way.. No one has coded one that way but why not.
If you have a VPN subscription, you can configure it on the NAS (at least most of them), using the natively (to the NAS) supported OpenVPN protocol. However, blocking those adds and malicious websites becomes mostly a function of your provider (although you can do something about it on the client’s side too).

I have successfully configured both, Mullvad and Proton VPN on the NAS. If you have a router that supports connections as a VPN client (to the VPN service), you're better off configuring them there (on the router) and configure which local clients have their traffic routed over the VPN tunnel.

However, what are you trying to achieve? You have pi-hole successfully configured (as I understand it) for blocking adds. Are you trying to configure a LAN-wide VPN access (for anonymity?).
 
This is the bit that's confusing me. What do you mean by "pointed my router to it"? Do you mean forwarded some ports to the NAS? And if so what's that got to do with blocking adds?
In my router under "Domain Name Server (DNS) Address" I put my NAS static IP. According to everything I've read that send the internet to the Nas from the router then back to the router to the pc.
 
Ok. Got it. I believe that you've entered this in your DHCP lease settings on the router. When clients come up on your network and ask for an IP address, the router leases them an IP address and states that the DNS server is your NAS. That's where you have your pi-hole.

When you use a client on the LAN (e.g. your PC) to browse the internet, all the DNS calls (to resolve the name addresses to IP addresses) are sent to the NAS (where your pi-hole is) and "filtered". So it's sending the DNS traffic (only) to the NAS, the rest goes to your router (gateway). That's how it works and good job on setting it up.

What about the VPN, what are you trying to achieve?
 
VPN confusion is pretty standard and it's a shame there aren't generally accepted different names for the main uses.

VPN 1... let's call it VPN localisation: this allows you to connect remotely from one network to another and your device acts as if it were there. For example, you can VPN into your work network and use the shared drives. Or you can VPN into your home network when you are away in order to access your home survellance system.

VPN 2... let's call it VPN obfuscation: but you are connecting to a network but not for any purpose other than (a) to hide your data from your ISP or (b) "spoof" your location.

OpenVPN, WireGuard - these are the more prolific underlying technologies that are used on both VPN localisation and obfuscation. But providers on both sides will usually build their own apps with additional features on top.

So when you say you want to use a VPN, you need to be specific about what you're trying to achieve because even though the underlying technologies are the same, what you must install and the various configurations are totally different depending on your use case.

So - synology support weren't wrong when they said to use OpenVPN. I for example use it to VPN into my home network when I'm away (and it works very very well).
 
@WST16 Just to make sure, the attachment shows where I put my Nas address in the router. Also I am using OpenVPN on my nas as I have 16 other users connecting to it for various reasons.

Now as to the second ??. I'd like to use VPN 2. Unfortunately, my Netgear router doesn't support anything but the openVPN I'm running on the nas. I'd like to try Easyvpn But felt that if I could do it from the nas, it would cover everything like Pihole does. Apparently not though!!

dns.webp
 
the attachment shows where I put my Nas address in the router.
Hmm… I don't think this is under DHCP, is it?
Is this the router's DNS servers IP addresses?
What do you have under your router’s DHCP page?

my Netgear router doesn't support anything but the openVPN
Supports it as a server or a client? A server allows connections from the outside, like what you’re running on your NAS.
A client connects to an outside VPN server (like EasyVPN).
OpenVPN is the protocol.

What Netgear model do you have? Let's try to understand what does it do besides routing 🙂

I'd like to try Easyvpn But felt that if I could do it from the nas
Most likely you can run it on the NAS if they provide the configuration for download, but having it on the router (if possible) might provide more flexibility and offload the NAS. You’ll also need to download a configuration file either way.
 
Hmm… I don't think this is under DHCP, is it? No
Is this the router's DNS servers IP addresses? yes
What do you have under your router’s DHCP page?
dhcp.webp
 
Your router's DNS servers should be obtained from your ISP or entered manually (only if you know what to enter and why).
So I don't think having it point to your NAS makes sense unless you have a reason.

What does it show on the NAS when you go Control panel > Info center > Network tab"
Is it showing your router's IP address in front of DNS?
 
Then what's the use of pointing the router to the NAS to have it point back to the router? Any idea why it’s setup like that?

Under your DHCP settings on the router, are you giving the clients on the LAN the IP address of the NAS for DNS? Can you show what's in there under DHCP (other than the range you showed above)?
 
Hope you can read it, if not, yell.
 

Attachments

  • dhcp.webp
    dhcp.webp
    13.7 KB · Views: 13
Quickly browsing the manual online, I can’t find a way to specify a DNS server under DHCP settings in your Netgear Nighthawk RAX50 (I believe this is your router?).

It says:

The router delivers the following address information to any LAN device that requests a DHCP address:
• An IP address from the range that you define
• Subnet mask
• Gateway IP address (the router’s LAN IP address)
DNS server IP address (the router’s LAN IP address)


It defaults to the router’s address. So maybe there’s a reason for the workaround that you have. I’m not sure, but let’s not rock the boat if it’s working.

On the other hand, I quickly searched the manual for VPN client and it appears that it supports VPN as a server but not as a client. So that leaves you the only option of setting it up on the NAS. But you’ll have the problem of incoming traffic being restricted to the VPN for your users (slow).

What’s the need for a VPN in your case, can you elaborate?
 
It defaults to the router’s address. So maybe there’s a reason for the workaround that you have. I’m not sure, but let’s not rock the boat if it’s working.
If the dhcp service on router defaults the dns record to the router, then you have to go to the main setting of the router dns settings and change it to what you want, which I think is what was already shown in a previous screen shot. In those fields you telling the router what the dns server is. The router dhcp server will look to that to do the dns lookups.

Yes this is different than Some other routers which allow you to specific the dns setting in the dhcp section.

Therefore you network clients will have a local ip address and the dns server shown on the local client will be the router. But in reality the router is pointed to the nas ip so that is what is doing the dns lookup.
 
Thanks. So I guess it’s the only way, but somehow it didn’t make sense going through this loop (to me at least), usually you can control what’s to be leased by the DHCP service. Maybe this is more of a gaming router and these controls are kept to the minimum.
 
When I first got the nas I looked up on youtube for the best followed tutorials and went with Wundertech. Also checked others that stated the same thing!
 
Good. Keep it like that. @Gerard confirmed it too. You’re fine there. By doing this, the router states that the DNS server is the NAS (where your pi-hole is) to every client. The clients use the NAS (pi-hole) to resolve the names and things get filtered by pi-hole. It works.
 
Last edited:
i re read this thread and for some reason thought pihole was running as a dns on the NAS and that’s the reason for pointing the router ip to the nas.

If you’re not running a dns or dns package on the NAS you need to remove the router dns entry pointing to the nas because that won’t do anything. The only reason your devices on the network are still able to resolve dns entries (www.google.com) is because of the backup or secondary dns entry you have.

Pointing the primary dns to the nas is essentially a dead end because there’s no dns service there.


Sorry there is a pihole on nas (I’m reading all this on mobile). Therefore the current setup should be good. To validate go to a website that pihole would usually block. I haven’t messed with it yet but it’s on my list, can you filter out like adult content or something? If so block it in pi and see if your clients/devices are blocked when visiting such a site, if so then you know the routing is working.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Welcome to the forum. Once you configure your new 723 as a new NAS, you can use the built in (installed...
Replies
1
Views
103
It does appear to be an odd omission to not support text file creation: my go to format is plain text /...
Replies
8
Views
512
i installed the new original synologybrand ssd. hopefully this will work. Does anyone know if i can put...
Replies
10
Views
617
It may be worth checking your LAN as well. Busy times may saturate 1GB ethernet capacity. If your NAS has...
Replies
3
Views
606
  • Question Question
How is the HDD formatted? If NTFS, you could put it into a drive enclosure or dock/caddy, connect it via...
Replies
5
Views
774
Then you will see the install Connect option......for example:
Replies
4
Views
544
Welcome. ESXi is a VM on the NAS or a dedicated machine on the network?
Replies
1
Views
428

Thread Tags

Tags Tags
synology

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top