Question Using NordVPN on Mac and Win - can't access xxx.synology.me

Currently reading
Question Using NordVPN on Mac and Win - can't access xxx.synology.me

362
96
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Last edited:
Hi,

I have NordVPN on my iMac and Windows laptop, but when I connect to it I can access all websites except my services in Docker and https://xxx.synology.me: port.

Today I was able to connect to those sites till now. Now suddenly I can not access them again. For instance, for Docker service I get this error:

Screenshot 2019-12-17 at 18.53.54.png




When I try to reach https://xxx.synology.me: port I get this:

Screenshot 2019-12-17 at 18.55.43.png




I don't run NordVPN on my NAS or router. When I disconnect from NordVPN I can access all those sites again.

Any help appreciated.
 
Last edited:
Actually I didn't...

The behavior is really strange.

Example:

I start my Windows 10 laptop with a NordVPN auto-connect. All websites work normally except my DDNS and services that I run in Docker (accessing them via reverse proxy). Then I disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.

But sometimes I need to change the protocol in Nord from UDP to TCP and reconnect Nord.

Also, sometimes after a laptop restart, it works normally, sometimes it doesn't.

I really can't find the real issue.

I suspect my certificate or something related to security on my NAS because if I can't connect to it due to NordVPN, the browser shows an error about connection security.

Yesterday I've disabled Threat prevention on the router too, but today on my laptop in need to do a reconnect and change the protocol in NordVPN from UDP to TCP to work. Not sure why, but this is how it works.
 
It sounds like when you are connecting to your NAS from inside your LAN, it works fine, but when you are connecting from outside your LAN (using NordVPN, which forces you to connect first to the NordVPN server and then from there to your LAN), it's not working. I think step #1 is to determine whether the problem is (1) connecting via NordVPN or (2) connecting from outside your LAN, including NordVPN. If you go to a local Starbucks or something and try to connect to your NAS from there (NOT using NordVPN), can you? If you can't, it's probably either a port forwarding problem on your router, or you haven't set up your certificates to include the necessary reverse proxy subdomains you're using as alternate names.... and has nothing to do with NordVPN itself.
 
It sounds like when you are connecting to your NAS from inside your LAN, it works fine, but when you are connecting from outside your LAN (using NordVPN, which forces you to connect first to the NordVPN server and then from there to your LAN), it's not working.
Sometimes it does not work on my LAN either. But with NordVPN disconnected it works normally.



I think step #1 is to determine whether the problem is (1) connecting via NordVPN or (2) connecting from outside your LAN, including NordVPN. If you go to a local Starbucks or something and try to connect to your NAS from there (NOT using NordVPN), can you?
I can connect normally from outside to any service on my NAS without NordVPN. With VPN on it works as I've already mentioned.


or you haven't set up your certificates to include the necessary reverse proxy subdomains you're using as alternate names....
That is possible, but I'm not sure. I have set up a reverse proxy with alternate names for my services and these are making problems with NordVPN. But also my xxx.synology.me page, so not only services in Docker. Must be something with LE certificate... Hm...


and has nothing to do with NordVPN itself.
I think so too, but the issue is only with VPN up and running and only for these sites.

Not sure why it works normally when I do this:

- disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.
 
Not sure why it works normally when I do this:

- disconnect Nord, refresh the page for my DDNS or any Docker service, connect Nord again and I can access all services on my NAS again.

Possibly because your router is smart.
You disconnect Nord, and connect to the NAS. The router says "Aha, this NAS is actually on the local network; I recognize its MAC address. I don't need to go through the internet to get to it." Then you connect Nord, and the router STILL knows that the NAS is on the local network and is not getting to it through Nord at all, because it's just finding it on the local network. In other words, when you have NordVPN enabled on your laptop, but are accessing a resource that your router knows is on your local network, you probably never get past the router's gateway.

At least, that's my theory of the moment to explain (some of) the behavior you're seeing.
 
OK, so port number 1234 (or whatever you're actually using) would have to be treated by the NAS as an SSL port for this to work. Are you combining this with reverse proxy, or is xxx.synology.me actually the name of your server? If it's the actual server name, do you have a cert for xxx.synology.me installed, and is it the default certificate, and is port 1234 (or whatever...) identified as the HTTPS port in the Synology's Control Panel / Network / DSM settings, and is port 1234 on the router being forwarded to port 1234 in the Synology? (or to whatever port on the synology is set as your HTTPS port)?
 
Are you combining this with reverse proxy, or is xxx.synology.me actually the name of your server?
xxx.synology.me is my server name.

I use reverse proxy only for my docker services that are on my own domain.


If it's the actual server name, do you have a cert for xxx.synology.me installed, and is it the default certificate, and is port 1234 (or whatever...) identified as the HTTPS port in the Synology's Control Panel / Network / DSM settings,
Yes. For xxx.synology.me I use one LE certificate (this one is the default), but for docker services on my own domain I use another LE certificate.


is port 1234 on the router being forwarded to port 1234 in the Synology?
Yes, I have the HTTPS port for my server forwarded on my router.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Just thought about another location to change IP if you have a specific app NAS control panel - Login...
Replies
1
Views
449
Yes, I access it with my PC I already did setup it before and working fine, just recently I changed...
Replies
4
Views
736
  • Question
I'm not sure when this started but I am unable to connect to my NAS when outside of my home wifi using...
Replies
0
Views
1,422
  • Question
If you don't use a split tunnel VPN, then all IP traffic will go through the VPN gateway, instead of only...
Replies
2
Views
2,091
Well opening locally and remotely are 2 different scenarios as well as the protocol being used. Try and...
Replies
11
Views
3,066
Well there is no question if you can or can't host websites on the NAS, yes you can. The problem here is...
Replies
5
Views
2,052

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top