Synology Inc. Online Community Forum

[vp-synology]

When using VPN to connect to DS I am never sure if data is going through VPN or not. The DS is behind a router and port 1723 is open for VPN. I also opened other ports for other servers / services running on DS, for instance:
DSManager - port 5000, WebDav - port 5005, Web Server, Photo station, port 80.

Now, if I open a VPN session from another computer or some mobile device to the DS, and than use DSManager or DSphoto on that computer or device, is the traffic going secured through port 1723 or is going unsecured through the other standard ports?
If is going through 1723, than I should be able to close all other ports and still access all the services and servers, secure, through 1723. Is this correct?

[Flopper]

You will notice you get a different IP address when using the VPN, so if you use any service or data using THAT IP, it will be through the VPN.
If your mobile DSPhoto is NOT using the VPN IP, you are going through the other ports.

Easy way to test actually, just close the other ports and see what happens, that will put your mind at peace

[vp-synology]

After conducting some tests with Synology VPN, I found no way to access the files on DS, from internet, through VPN, port 1723.
All Synology provided applications, File Station, DS Files, DS Photo, WebDav, Audio Station, including DSManager route traffic through them own ports, 5000, 5005, 7000, 80, 21 or for secured SSL through 5001, 5006, 7001, 443 and so on, regardless if the VPN is On or Off. But SSL is not VPN.

I was under the impression that once VPN started between a computer and DS, all traffic goes through the VPN port in order to reach the DS. This doesn't seems to be true.
To test this, with the DS behind a router firewall, simply close all forwarded ports except for 1723 and try to access your files on DS with the VPN on or off. Not working. Once you open the other ports, than you will be able to access your files.

The only way Synology VPN works is to surf the internet through the tunnel so your ip address will show like the DS ip address.

In a enterprise environment the main reason to use VPN is to securely access data/files on the company LAN from an external internet location.

I am missing something here? How I can access my LAN files from internet through VPN? Any help appreciated.

[SirMaster]

All traffic can go through the VPN if you want. You just need to connect to the DS via it's LAN address.

Lets say the network your DS is on uses 192.168.1.xxx and that your DS is 192.168.1.101.

When you are connected to the DS remotely via VPN in order to access it via VPN you need to connect to it using its LAN IP of 192.168.1.101.

So http://192.168.1.101:5000 in your browser will access it over the VPN.

If you just want to browse files over VPN then just use normal network shares. Put in \\192.168.1.101 in your start menu to connect just like you are in the same house as the DS. That's what VPN does. It puts your remote PC virtually on the same "internal" network as the DS.

[Flopper]

That is a very correct and neat explanation!

For completion, the VPN tunnel will have its own IP range, DIFFERENT from the LAN, so if you (vp-synology) are trying to access the files on that IP, it will not work.