WebVPN portals not working

11
2
NAS
DS916+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
I have vpn plus configured and working, I have also configured WebVPN and portals. I can get to the main page of the webvpn DDNS but when I try to load a portal it just hangs saying "connecting via WebVPN".

Any ideas what I have configured wrong?

PS: I am kind of a dummy when it comes to networking and firewalls, vpn etc...



Thanks
 
Hi, welcome to the forum.

This is probably going to be too much to start with, if it is then can you describe how you've setup WebVPN and include examples of the type and style of server names and ports.

<tl/dr>
Maybe the internal WebVPN portals' Portal Addresses aren't correctly defined, it has to be a working address that the router can use to access the internal/protected web application.

The way WebVPN portal works is like a web proxy: the remote device connects to the router's WebVPN web service and, once authorised, then WebVPN service makes its own connection to the destination web application (e.g. Audio Station).

To do this WebVPN then creates a temporary server name on the domain and tells the remote client to go there next to access the destination (well proxied connection). So the client must be able to connect to full WebVPN portal server name or the customised portal alias (with full portal's TCP port added)... for modern web browsers you're going to have to have a wildcard SSL certificate that covers the WebVPN domain because it creates these unique, temporary server names. Either that or install the router's certificate on your client devices and tell them to trust it (device specific, in Mac you can do this in Keychain Access app).

That's the outside connection, but the router has to be able to connect internally to the destination web service and that could be something like https://NAS_LAN_IP/audio for Audio Station. I just checked in WebVPN portal and could use that IP based request without causing an SSL alert in the browser, so WebVPN doesn't check the destination SSL certificate against the requested server name.

There are three ways to request access to the protected web service:
  1. Log into WebVPN port: click a pre-define Web portal button.
  2. Log into WebVPN port: enter an internal web URL to the web application, link if you were on the LAN.
  3. Don't log into WebVPN but instead browse the desired WebVPN portal's customised portal address (with WebVPN's TCP port added) and first you will be presented with a login screen for WebVPN and then it will redirect you to the application.
 
Last edited:
Thanks for the reply, I am a newbie when it comes to VPN and the like. if i can access one of my IP camera login pages from within my netowrk then could i access that from webvpn? and how would i structure the URL?

I also have a synology nas, what would be a good portal to setup to test that?

Here are the portal URL's I have setup :

https://192.168.86.10:80/ (IP Camera)
https://192.168.86.114:80/room/list (Hubitat smart home hub)
https://192.168.86.30:80/ (synology NAS)
 
If you can access the web server of the camera then you should be able access it via WebVPN.

So add a portal:
  • Portal name: My Camera
  • Portal address: HTTP or HTTPS URL that you used on the LAN (include http:// or https://)
  • Allowed users: add permitted accounts on the router
  • Show in default portals: yes
  • Customise portal address (if you want to): e.g. camera '.mywebvendomain.com'
This should present the button in the WebVPN portal and should work.
 
I have added them correctly as far as I can tell but same issue. If I connect to the webvpn while on my wifi and test the portal should it work as well?

Whenever I create a portal say like http://192.168.86.10 and save it then it adds :80 to the end I'm assuming that is normal?
 
I see that the standard HTTP and HTTPS ports have been added to the Portal addresses in my WebVPN too.

You do know that standard ports for HTTP is TCP 80 and HTTPS is TCP 443? And that when using http://... the web browser assumes it will be going to port 80 but you could've added '...:80' to the server name if you really wanted to. Same for https://.. and '...:443'.

I haven't done this a lot but a small test of accessing a WebVPN portal before logging into WebVPN seems to forget to add any extra folder level, e.g. '.../audio'. But subsequent browsing to other WebVPN portals works when the internal Portal address has a folder level to it.
 
Thanks again I did not know that. I'm a dummy when it comes to most network stuff.

I must have something configured wrong in the router settings, I have tried so many combinations of portal urls
 
I can get to the WebVPN page every time and no security errors...

1634124760492.png


But then it just hangs here when i click on any portal...

1634124809398.png
 
Last edited:
It shows me as online and that I have opened a portal but no data up or down

1634127088736.png


1634127110974.png

-- post merged: --

1634127843966.png


1634127878849.png

-- post merged: --

1634128025220.png
 
Have you tried accessing another web service? Something on the NAS? You can use the address bar to test them out. Also on the LAN directly access the web server using the exact same address to confirm that works. As a final test I'd use curl on a command line and see what response the web server gives then.
1634132762607.png
 
Last edited:
I have tried the nas IP with and without "audio" appended to it but no go.

If i connect to my wifi and then log into the webvpn it still hangs. but while on my wifi i can connect to these urls with a browser.
-- post merged: --

When the page hangs in chrome and I go to developer tools it has this error:

DevTools failed to load source map: Could not load content for https://login.xxxxx.synology.me:4443/vendor/js/angular.min.js.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE
 
The browser shows that it is a trusted connection from lets encrypt when on the webvpn and when i click on the portal urls.

When i set up the certificate in synology i put an asterick in front to make it a wild card
 
Here is me connected to vpn plus app on my phone and using webvpn on my work pc, both connect but no data from webvpn


1634138393699.png

-- post merged: --

The temporary connection that is created... is that also a trusted connection in Chrome?

I can't think why this isn't working as it sounds like it should be.
As far as i can tell yes, while it is trying to load the page when it hangs it has the lock symbol and says its trusted
 
Is there a reason to have the SSL-VPN connection as well as the WebVPN?

To be honest I don't see why this isn't working. I would raise a ticket with Synology Tech Support here:
or from within SRM's Support Center.
 
When I use the vpnplus app on my pnone it uses SSLvpn and works great. I was just looking to use the webvpn on my work PC as I am not the admin to intall a client. I only had them both running at the same time today for testing.

I have submitted a ticket and will update the status here. In the meantime if you think of anything else to try please let me know.
 
After opening a support ticket with synology they looked at logs and asked me to uninstall/reboot/reinstall the vpn plus package, took about 2 minutes. All is working great now! They think it was a corrupt vpn plus database.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Hi The WebVPN works with other endpoints (but they are all HTTP) , when we try to initiate to the https -...
Replies
2
Views
908

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top