Trouble connecting to Synology Drive externally

Currently reading
Trouble connecting to Synology Drive externally

14
0
NAS
DS1821+
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
I thought that I set everything up correctly but...... no access to Synology Drive server externally. Here is what I did, hoping someone can tell me where the error is.
  1. Created an 'A' record in my DNS forwarding sub domain drive.mydomain.com to my static IP address (I pay for a static IP from my ISP).
  2. Created a CSR from my DS1821+ and used it to purchase an SSL certificate.
  3. Added the SSL certificate in the security section of DSM and made it default.
  4. Configured all services to use the new certificate (why this doesn't happen when making it default?)
  5. Turned on the Synology firewall and created rules 1) allow all to all services on local subnet, 2) allow only my country access to port 6690, 3) deny all to all services.
  6. Created a port forwarding rule in my router to forward incoming traffic on port 443 to the reserved IP address of my Synology NAS and to port 6690.
  7. Installed Synology Drive client on an android phone, turned off wifi and tried to connect to drive.mydomain.com with the ssl box in the app checked, timed out no access.
Am I missing something obvious?
 
The SSL is for mydomain.com, I didn't believe that I needed a separate certificate for sub-domains, but just read that.... well probably wasted my money (wasn't much though). So Assuming I can get that fixed up, what do you mean by "both parts of the Synology Drive service"? Under Security/Certificate/Settings/Configure there is a list of services to apply the SSL certificate to, I selected the new certificate for all services in the list.
 
Created a port forwarding rule in my router to forward incoming traffic on port 443 to the reserved IP address of my Synology NAS and to port 6690.
Why are you redirecting 443 externally to 6690 internally? Or am I reading this wrong?
 
Incoming https traffic (443) to Synology LAN IP and Drive server port (6690). Is this incorrect?
 
Connecting to Drive:
  • The desktop clients and Drive/Drive Sync use TCP 6690 and will be listed in the Control Panel Certificate services as "Synology Drive Server". There's no way to change this to another TCP port.
  • The mobile apps and Drive web portal use HTTPS and can have a specific subdomain and/or ports assigned in Login Portal. If you assigned a subdomain to Drive then that will be a second entry in the Certificate services "SynologyDrive - <your assigned FQDN for Drive>".

It all depends on how you connect to Drive. If you can connect using "mydomian.com" and "https://mydomain.com/drive" and that certificate is assigned to the services then it should work.
 
I perhaps not understanding you correctly. I realise I stuffed up and need to correct the SSL to account for the sub-domain. OK, assuming that is done and recorded in the Synology certificate section, then where should I forward port 443 in my router to if not NAS local IP and port 6690?
 
Incoming https traffic (443) to Synology LAN IP and Drive server port (6690). Is this incorrect?
As @fredbert already posted... Drive can be used as a web service over its web ui, but on top of it, it can be accessed using the Drive desktop client.

6690 is a hardcoded desktop only port, while web, and mobile app use the regular http/https ports that you can configure and redirect to them.

So if you are using reverse to get to it, it shouldn't be directed as 443 to 6690 if you want to access it over web/mobile and desktop apps.

then where should I forward port 443 in my router to if not NAS local IP and port 6690?
You should make a separate rule
 
In the firewall built in applications rules, port 443 (on the NAS) is listed as being used for "Web Station and Wed Mail". So If I forward incoming port 443 (on router) to NAS local IP port 443 then a remote drive client will be able to connect to the Drive server using SSL (once the certificate is fixed up of course)?
 
In the firewall built in applications rules, port 443 (on the NAS) is listed as being used for "Web Station and Wed Mail". So If I forward incoming port 443 (on router) to NAS local IP port 443 then a remote drive client will be able to connect to the Drive server using SSL (once the certificate is fixed up of course)?
Guessing that would work, but that would mean that your clients (desktop) will be configured with domain:443 fqdn. Still, if you do that, then you will probably not have access to your Drive UI over a browser/mobile route

Synology Drive Server80 (link sharing), 443 (link sharing), 5000 (HTTP), 5001 (HTTPS), 6690 (file syncing)TCP

These are the official ports used by the Drive platform. 80/443 over reverse proxy, 5000/5001 (or replaced) using ddns name and the default Login portal (not over reverse), and finally, 6690 as a file sync method (desktop clients only)
 
Thanks for your help guys and please bear with my ignorance just a little longer. Taking a step back, I understood (perhaps wrongly) that I would be able to use the mobile Synology Drive app to access my files when I needed to just like I can use the Google Drive mobile app and the Onedrive app, Dropbox, etc. That's all I am trying to set up here but I don't want to alter the desktop drive experience on the LAN at all, it works perfectly.
 
Thanks for your help guys and please bear with my ignorance just a little longer. Taking a step back, I understood (perhaps wrongly) that I would be able to use the mobile Synology Drive app to access my files when I needed to just like I can use the Google Drive mobile app and the Onedrive app, Dropbox, etc. That's all I am trying to set up here but I don't want to alter the desktop drive experience on the LAN at all, it works perfectly.
In that case, you will have to port forward 2 separate ports. 443 to 443 (or any other internal port you want your web Drive ui accessible) (towards your custom domain/subdomain) for web/mobile access and 6690 to 6690 for your sync/desktop options.

Just like @fredbert posted here
 
In that case, you will have to port forward 2 separate ports. 443 to 443 (towards your custom domain/subdomain) for web/mobile access and 6690 to 6690 for your sync/desktop options.

Thanks Rusty, that is clear and simple to do.
 
Unfortunately the mobile app still won't connect from the mobile network. Here is what I did:
  1. Reissued the SSL for subdomain drive.mydomain.com
  2. Added it in DSM and made it default
  3. Configured all services to use the new certificate
  4. Deleted the old certificate
  5. Changed firewall rule to allow IP addresses from my country to access ports 443 and 6690
  6. Added 2 port forwarding rules in the router 443 to 443 (+NAS local IP) and 6690 to 6690 (+ NAS local IP)
  7. turned off wifi on the phone, and attempted to connect to drive.mydomain.com in the Synology Drive mobile app
 
Yes that is correct. drive and https toggle. Error is generic "Failed to connect to Synology NAS. Please check the network connection or the IP address of your Synology NAS."
 
You have setup 'drive.mydomain.com' as the customised domain for Drive?

1650377150251.png
 
One further thought: what is the TTL for 'drive.mydomain.com' from your Internet DNS service provider? If you've accessed this recently when pointing to another Internet IP then it can take a while (or days) to resync to a new IP address. Unless you're using DDNS and then it'll be a few minutes.
 
You have setup 'drive.mydomain.com' as the customised domain for Drive?

Thanks @fredbert, that was the missing piece of the puzzle. I can now connect with the mobile app. Would I be correct in assuming that I can safely disable the firewall and port forwarding rules for 6690 if I only want to use the mobile app on WAN?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I'm having trouble re-using/formatting what used to be cached SSDs for my 415+ after the 415+ died. I...
Replies
0
Views
939
If the URL's GET request portion (the end bit of the URL that's the instruction to retrieve content)...
Replies
5
Views
1,496
  • Question
Following thread too as 6 months ago I removed it on one NAS, and had no issues?
Replies
5
Views
659
Using Drive Client 3.4.0 on Win 10. By default, it seems like the client is copying my entire home profile...
Replies
0
Views
527
I found a way to revert syncing the entire Home folders, back to only syncing the Drive subfolder...
Replies
0
Views
562
The person abroad still get's the same error. I on the other hand have 0 issues connecting through...
Replies
5
Views
883
Please remember: a sync is not a backup. Once deleted or infected on one machine, it will be...
Replies
2
Views
855

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top