Hello everyone!
I have a question about how the VPN server works when running on Synology. Unlike, say, Windows RRAS, the Synology implementation seems to create an isolated subnet to hand out IP address to users who connect remotely. This, I like. However, it seems I only get full functionality (I've tried this on iOS devces and Windows computers) if I enable "Route all traffic" or "Use as default gateway" options on the iOS and Windows systems respectively.
For example, with these options on, I will authenticate properly to the VPN service and receive an IP of 10.0.0.1. My home network is 192.168.100.x, but it is not a problem, as the VPN connection routes everything from 10.0.0.x to 192.168.100.x. I can ping, RDP to systems, and be connected how I should. However, if I disable the "Route all traffic" option, I am no longer able to connect/ping/anything to any of the devices on my private network even though I can authenticate perfectly to the VPN service.
I would like to keep the "route all traffic" option disabled, as I do not wish to route my web browsing and other traffic from the Internet through my VPN connection.
Can somebody please assist?
Thanks in advance,
Larry
VPN routing question -
Forum rules
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
4 posts
• Page 1 of 1
VPN routing question -
by LYuan » Wed May 16, 2012 9:01 pm
- LYuan
- Rookie
- Posts: 30
- Joined: Fri Jun 04, 2010 6:53 am
Re: VPN routing question -
by LYuan » Wed May 16, 2012 10:41 pm
*** Update ***
I've narrowed the issue down to routing - Basically, if I leave off "send all traffic", there is no route that is created from the 10.0.0.x subnet to my 192.168.50.x subnet. On the windows machine, I can actually work around this issue by typing in the following:
route add -p 192.168.50.0 MASK 255.255.255.0 10.0.0.0.
What this essentially does tell my vpn client to go through 10.0.0.0 (synology) to get to anything on the 192.168.50.0 subnet.
As good as this is, it doesn't entirely solve my problem, as I don't have any way of adding a persistent route on my iOS devices. This route *SHOULD* be delivered to the VPN clients by the server; or I would like it to be. Is there a way to tell configure the Synology VPN server to send this route to the clients when an IP address is handed out?
Larry
I've narrowed the issue down to routing - Basically, if I leave off "send all traffic", there is no route that is created from the 10.0.0.x subnet to my 192.168.50.x subnet. On the windows machine, I can actually work around this issue by typing in the following:
route add -p 192.168.50.0 MASK 255.255.255.0 10.0.0.0.
What this essentially does tell my vpn client to go through 10.0.0.0 (synology) to get to anything on the 192.168.50.0 subnet.
As good as this is, it doesn't entirely solve my problem, as I don't have any way of adding a persistent route on my iOS devices. This route *SHOULD* be delivered to the VPN clients by the server; or I would like it to be. Is there a way to tell configure the Synology VPN server to send this route to the clients when an IP address is handed out?
Larry
- LYuan
- Rookie
- Posts: 30
- Joined: Fri Jun 04, 2010 6:53 am
Re: VPN routing question -
by myCloud » Wed May 16, 2012 10:54 pm
Configure a VPN in iOS, pointing to your DDNS name associated with your external address and leave Route All Traffic off. Configure the DS apps to use 10.0.0.0 with the port number needed for that app.
DS 1512+ w/3GB, 5 x 3TB Seagate ST3000DM001 8.2TB RAID 6, half files/half Time Machine.
Icy Dock MB559U3S-1SB enclosure w/4TB Hitachi UltraStar via USB 3 for files backup
UVERSE to AirPort Extreme + 2 AirPort Express w/speakers. TRENDnet TV-IP312WN camera
CyberPower CP1500PFCLCD Sine Wave UPS
DSM 4.1-2661 w/SSH + SFTP, VPN Server, Syslog Server, Media Server, Mail Server, Mail Station,
Audio Station, Surveillance Station, Photo Station, Web Station - DS Apps on iPad & iPod Touch.
Icy Dock MB559U3S-1SB enclosure w/4TB Hitachi UltraStar via USB 3 for files backup
UVERSE to AirPort Extreme + 2 AirPort Express w/speakers. TRENDnet TV-IP312WN camera
CyberPower CP1500PFCLCD Sine Wave UPS
DSM 4.1-2661 w/SSH + SFTP, VPN Server, Syslog Server, Media Server, Mail Server, Mail Station,
Audio Station, Surveillance Station, Photo Station, Web Station - DS Apps on iPad & iPod Touch.
-
myCloud - Skilled
- Posts: 648
- Joined: Fri Mar 23, 2012 11:28 am
Re: VPN routing question -
by LYuan » Wed May 16, 2012 10:58 pm
Thanks myCloud,
This doesn't really solve my problem. I don't use any of the DS apps. I do, however, use RDP clients and other applications that require me to use my internal FQDNs, so I need to route DNS traffic through the VPN as well.
Cheers,
Larry
This doesn't really solve my problem. I don't use any of the DS apps. I do, however, use RDP clients and other applications that require me to use my internal FQDNs, so I need to route DNS traffic through the VPN as well.
Cheers,
Larry
- LYuan
- Rookie
- Posts: 30
- Joined: Fri Jun 04, 2010 6:53 am
4 posts
• Page 1 of 1
Return to Remote Access and Network Management
Who is online
Users browsing this forum: No registered users and 8 guests