Question Using NordVPN on Mac and Win - can't access xxx.synology.me

362
96
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Last edited:
Hi,

I have NordVPN on my iMac and Windows laptop, but when I connect to it I can access all websites except my services in Docker and https://xxx.synology.me: port.

Today I was able to connect to those sites till now. Now suddenly I can not access them again. For instance, for Docker service I get this error:

Screenshot 2019-12-17 at 18.53.54.png




When I try to reach https://xxx.synology.me: port I get this:

Screenshot 2019-12-17 at 18.55.43.png




I don't run NordVPN on my NAS or router. When I disconnect from NordVPN I can access all those sites again.

Any help appreciated.
 
Last edited:
Actually I didn't...

The behavior is really strange.

Example:

I start my Windows 10 laptop with a NordVPN auto-connect. All websites work normally except my DDNS and services that I run in Docker (accessing them via reverse proxy). Then I disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.

But sometimes I need to change the protocol in Nord from UDP to TCP and reconnect Nord.

Also, sometimes after a laptop restart, it works normally, sometimes it doesn't.

I really can't find the real issue.

I suspect my certificate or something related to security on my NAS because if I can't connect to it due to NordVPN, the browser shows an error about connection security.

Yesterday I've disabled Threat prevention on the router too, but today on my laptop in need to do a reconnect and change the protocol in NordVPN from UDP to TCP to work. Not sure why, but this is how it works.
 
It sounds like when you are connecting to your NAS from inside your LAN, it works fine, but when you are connecting from outside your LAN (using NordVPN, which forces you to connect first to the NordVPN server and then from there to your LAN), it's not working. I think step #1 is to determine whether the problem is (1) connecting via NordVPN or (2) connecting from outside your LAN, including NordVPN. If you go to a local Starbucks or something and try to connect to your NAS from there (NOT using NordVPN), can you? If you can't, it's probably either a port forwarding problem on your router, or you haven't set up your certificates to include the necessary reverse proxy subdomains you're using as alternate names.... and has nothing to do with NordVPN itself.
 
It sounds like when you are connecting to your NAS from inside your LAN, it works fine, but when you are connecting from outside your LAN (using NordVPN, which forces you to connect first to the NordVPN server and then from there to your LAN), it's not working.
Sometimes it does not work on my LAN either. But with NordVPN disconnected it works normally.



I think step #1 is to determine whether the problem is (1) connecting via NordVPN or (2) connecting from outside your LAN, including NordVPN. If you go to a local Starbucks or something and try to connect to your NAS from there (NOT using NordVPN), can you?
I can connect normally from outside to any service on my NAS without NordVPN. With VPN on it works as I've already mentioned.


or you haven't set up your certificates to include the necessary reverse proxy subdomains you're using as alternate names....
That is possible, but I'm not sure. I have set up a reverse proxy with alternate names for my services and these are making problems with NordVPN. But also my xxx.synology.me page, so not only services in Docker. Must be something with LE certificate... Hm...


and has nothing to do with NordVPN itself.
I think so too, but the issue is only with VPN up and running and only for these sites.

Not sure why it works normally when I do this:

- disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.
 
Not sure why it works normally when I do this:

- disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.

Possibly because your router is smart.
You disconnect Nord, and connect to the NAS. The router says "Aha, this NAS is actually on the local network; I recognize its MAC address. I don't need to go through the internet to get to it." Then you connect Nord, and the router STILL knows that the NAS is on the local network and is not getting to it through Nord at all, because it's just finding it on the local network. In other words, when you have NordVPN enabled on your laptop, but are accessing a resource that your router knows is on your local network, you probably never get past the router's gateway.

At least, that's my theory of the moment to explain (some of) the behavior you're seeing.
 
OK, so port number 1234 (or whatever you're actually using) would have to be treated by the NAS as an SSL port for this to work. Are you combining this with reverse proxy, or is xxx.synology.me actually the name of your server? If it's the actual server name, do you have a cert for xxx.synology.me installed, and is it the default certificate, and is port 1234 (or whatever...) identified as the HTTPS port in the Synology's Control Panel / Network / DSM settings, and is port 1234 on the router being forwarded to port 1234 in the Synology? (or to whatever port on the synology is set as your HTTPS port)?
 
Are you combining this with reverse proxy, or is xxx.synology.me actually the name of your server?
xxx.synology.me is my server name.

I use reverse proxy only for my docker services that are on my own domain.


If it's the actual server name, do you have a cert for xxx.synology.me installed, and is it the default certificate, and is port 1234 (or whatever...) identified as the HTTPS port in the Synology's Control Panel / Network / DSM settings,
Yes. For xxx.synology.me I use one LE certificate (this one is the default), but for docker services on my own domain I use another LE certificate.


is port 1234 on the router being forwarded to port 1234 in the Synology?
Yes, I have the HTTPS port for my server forwarded on my router.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Maybe use a single port over reverse proxy, and push all other services via that single port so you do not...
Replies
1
Views
803
Well Container Manager is the new front-end to Docker. I would expect it to be able to run DNSfilter in...
Replies
1
Views
705
  • Question
Just thought about another location to change IP if you have a specific app NAS control panel - Login...
Replies
1
Views
967
Yes, I access it with my PC I already did setup it before and working fine, just recently I changed...
Replies
4
Views
1,278
  • Question
Then @Andrea, there is no Synology app to explore time machine backups.
Replies
5
Views
993

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top