Question Using NordVPN on Mac and Win - can't access xxx.synology.me

Currently reading
Question Using NordVPN on Mac and Win - can't access xxx.synology.me

350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Last edited:
Hi,

I have NordVPN on my iMac and Windows laptop, but when I connect to it I can access all websites except my services in Docker and https://xxx.synology.me: port.

Today I was able to connect to those sites till now. Now suddenly I can not access them again. For instance, for Docker service I get this error:

Screenshot 2019-12-17 at 18.53.54.png




When I try to reach https://xxx.synology.me: port I get this:

Screenshot 2019-12-17 at 18.55.43.png




I don't run NordVPN on my NAS or router. When I disconnect from NordVPN I can access all those sites again.

Any help appreciated.
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Even more strange behavior - I can access all those sites from my iPhone on the same Wi-Fi network, just not from iMac or Windows 10 laptop.

I can't find the issue...
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Just to update...

I hope it was just my DNS setting on my router. Hope it will work now. I'll see that in a couple of days.
 

Shadow

Subscriber
608
209
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Have you asked NordVPN helpdesk for advice maybe?
Cuz I expect if you use a NordVPN connection, your DNS requests should go trough your tunnel as well...
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Last edited:
Actually I didn't...

The behavior is really strange.

Example:

I start my Windows 10 laptop with a NordVPN auto-connect. All websites work normally except my DDNS and services that I run in Docker (accessing them via reverse proxy). Then I disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.

But sometimes I need to change the protocol in Nord from UDP to TCP and reconnect Nord.

Also, sometimes after a laptop restart, it works normally, sometimes it doesn't.

I really can't find the real issue.

I suspect my certificate or something related to security on my NAS because if I can't connect to it due to NordVPN, the browser shows an error about connection security.

Yesterday I've disabled Threat prevention on the router too, but today on my laptop in need to do a reconnect and change the protocol in NordVPN from UDP to TCP to work. Not sure why, but this is how it works.
 
335
131
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
It sounds like when you are connecting to your NAS from inside your LAN, it works fine, but when you are connecting from outside your LAN (using NordVPN, which forces you to connect first to the NordVPN server and then from there to your LAN), it's not working. I think step #1 is to determine whether the problem is (1) connecting via NordVPN or (2) connecting from outside your LAN, including NordVPN. If you go to a local Starbucks or something and try to connect to your NAS from there (NOT using NordVPN), can you? If you can't, it's probably either a port forwarding problem on your router, or you haven't set up your certificates to include the necessary reverse proxy subdomains you're using as alternate names.... and has nothing to do with NordVPN itself.
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
And I did some testing again in the Brave browser now (I'm not using it regularly). I've connected to my https://xxx.synology.me: port site. Then I hit F5 to refresh the site and I get this:

1576861386101.png



Ok, this happened only once, but again it's a notice for a certificate, SSL etc.
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
It sounds like when you are connecting to your NAS from inside your LAN, it works fine, but when you are connecting from outside your LAN (using NordVPN, which forces you to connect first to the NordVPN server and then from there to your LAN), it's not working.
Sometimes it does not work on my LAN either. But with NordVPN disconnected it works normally.



I think step #1 is to determine whether the problem is (1) connecting via NordVPN or (2) connecting from outside your LAN, including NordVPN. If you go to a local Starbucks or something and try to connect to your NAS from there (NOT using NordVPN), can you?
I can connect normally from outside to any service on my NAS without NordVPN. With VPN on it works as I've already mentioned.


or you haven't set up your certificates to include the necessary reverse proxy subdomains you're using as alternate names....
That is possible, but I'm not sure. I have set up a reverse proxy with alternate names for my services and these are making problems with NordVPN. But also my xxx.synology.me page, so not only services in Docker. Must be something with LE certificate... Hm...


and has nothing to do with NordVPN itself.
I think so too, but the issue is only with VPN up and running and only for these sites.

Not sure why it works normally when I do this:

- disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.
 
335
131
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Not sure why it works normally when I do this:

- disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.

Possibly because your router is smart.
You disconnect Nord, and connect to the NAS. The router says "Aha, this NAS is actually on the local network; I recognize its MAC address. I don't need to go through the internet to get to it." Then you connect Nord, and the router STILL knows that the NAS is on the local network and is not getting to it through Nord at all, because it's just finding it on the local network. In other words, when you have NordVPN enabled on your laptop, but are accessing a resource that your router knows is on your local network, you probably never get past the router's gateway.

At least, that's my theory of the moment to explain (some of) the behavior you're seeing.
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Makes sense. But how to change it to work without reconnecting etc.?
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Well in my URL there is a port number after xxx.synology.me. So, it is like https://xxx.synology.me:1234.

I can enter it without port number, but port number is added anyway.
 
335
131
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
OK, so port number 1234 (or whatever you're actually using) would have to be treated by the NAS as an SSL port for this to work. Are you combining this with reverse proxy, or is xxx.synology.me actually the name of your server? If it's the actual server name, do you have a cert for xxx.synology.me installed, and is it the default certificate, and is port 1234 (or whatever...) identified as the HTTPS port in the Synology's Control Panel / Network / DSM settings, and is port 1234 on the router being forwarded to port 1234 in the Synology? (or to whatever port on the synology is set as your HTTPS port)?
 
350
92
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Are you combining this with reverse proxy, or is xxx.synology.me actually the name of your server?
xxx.synology.me is my server name.

I use reverse proxy only for my docker services that are on my own domain.


If it's the actual server name, do you have a cert for xxx.synology.me installed, and is it the default certificate, and is port 1234 (or whatever...) identified as the HTTPS port in the Synology's Control Panel / Network / DSM settings,
Yes. For xxx.synology.me I use one LE certificate (this one is the default), but for docker services on my own domain I use another LE certificate.


is port 1234 on the router being forwarded to port 1234 in the Synology?
Yes, I have the HTTPS port for my server forwarded on my router.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top