What am I missing - no internal connection?

Currently reading
What am I missing - no internal connection?

tekguru

tekguru

Trophy Media
687
226
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Last edited:
I've just set up the VPN Server using OpenVPN, and I've imported the .ovpn file into OpenVPN on the iPad. I can connect just fine the connection looks valid on the iPad and in the VPN Server connections etc.
However what I wanted to do was to access the routers login page (192.168.1.254 or orbilogon.net) via Safari - no go I get a 'Safari could not open the page because the server stopped responding' message. Configuration is as per below. I've tried with the 'dhcp-option DNS' set and not set, no difference.
Code: 
dev tun
tls-client

remote quickconnect.synology.me 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

dhcp-option DNS 192.168.1.254

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2


comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass
<ca>
Anyone any ideas as to what I'm missing?
 
tekguru said:
I've just set up the VPN Server using OpenVPN, and I've imported the .ovpn file into OpenVPN on the iPad. I can connect just fine the connection looks valid on the iPad and in the VPN Server connections etc.
However what I wanted to do was to access the routers login page (192.168.4.254 or orbilogon.net) via Safari - no go I get a 'Safari could not open the page because the server stopped responding' message. Configuration is as per below. I've tried with the 'dhcp-option DNS' set and not set, no difference.
Code: 
dev tun
tls-client

remote quickconnect.synology.me 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

dhcp-option DNS 192.168.1.254

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2


comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass
<ca>
Anyone any ideas as to what I'm missing?
Click to expand...

Try turning off your firewall for a brief minute on the synology device that’s doing the vpn, test and see if you can connect to what your looking for.

Report back with result. If it’s firewall we need to build the rule sets across subnets.
-- post merged: --

Also I see router is 192.168.4.x and your dns is 192.168.1.x Is your router doing the dns or is another device handling that? Should the dns in the config be 192.168.4.x??
 
Okay, typo in first post corrected, DNS is the router (192.168.1.254). Yep just turned off the firewall and all connected perfectly.
So where do we start in rebuilding the subnets? What data do you need?
 
tekguru said:
Okay, typo in first post corrected, DNS is the router (192.168.1.254). Yep just turned off the firewall and all connected perfectly.
So where do we start in rebuilding the subnets? What data do you need?
Click to expand...

Add a firewall rule with the subnet of your vpn network. Place it next to your local network firewall subnet rule (just preference it can go anywhere before deny, however I like grouping things).

The source will be whatever designated countries you want access to the vpn.

When your clients connect they connect and grab an ip from the vpn subnet, and since it’s a different subnet than your local network, You need to add a rule for that.
 
Brilliant, rules now as below and it's all working! :) Anything else I need to change?
Screenshot 2022-08-14 at 13.41.45.jpg
 
Looks good. If i were you I’d limit the source ip for vpn 1194 unless you truly need it globally. Add the countries you know you would be in that would need vpn access. And then anytime you go someplace new you can always turn it on and then off.

Or you can certainly keep as is for convenience. It’s a balance between how tight you want to pull things.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

N
  • Question
Slow NAS connection through OpenVPN
Everything else that I have asked you. This could be a cap at work. Maybe network team is controlling...
Replies
4
Views
1,161
Rusty
Rusty

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top