Wish this forum had more threaded messaging.
Static IP for Synology unit = no (as setting it up seems to break connections.)
How would this be set up? Inside AppleTime Capsule network devices…I’d add Synology via the Synology MACID, assign in a fixed IP. Then use that IP to get back to synology (which is where it breaks).
If you look at the Quick Connect documentation, think
you will see that you can do exactly that IF YOU USE
THE SYNOLOGY apps.
If not, then you have to roll your own.
I have the VPN package installed, an openvpn certificate installed and working.
Disabled for the time being to minimize the variables that could go wrong while trying to get the basics working. VPN add a whole slew of additional complications for troubleshooting.
Static IP then waters down the anonymity of the vpn. Trying not to dive into the merits and rabbit holes of vpn at present. Suffice to say I have a 3rd party vpn, and services for port forwarding on the vpn which work (will use if needed)…and will get to that after the basics are up and running.
Synology apps work fine… yet not that well integrated…and need to roll my own for at least webdav as webdav seems to be accepted by most apps…and ability to smb or afp from laptop when remote.
I’m not tracking this, you have to have an address to “exit” your tunnel from.
You have to have a target you are aiming at.
If you want to rely on a DDNS provider (which maps your ip to a FQDN) understand
that it is all within your ISP’s DHCP pool. If your ISP is anything like mine, they
reuse the addresses. I get 1.2.3.4 on week 1, then 4.3.2.1 on week 2, then back to 1.2.3.4…
(You can turn WebDav on your Synology)
You are making great progress.
yes, webdav is installed.
first trying to get to the synology admin credential page from an external network…and that is not working.
quick connect url works, my own domain/port forward,dyndns type solution not working right…
and yet, when I go to remotely connect from laptop using smb or afp, it gets me to the right spot as it asks for credentials (otherwise I get not found errors) so the custom url itself does appear to be working…so it seems like there a port forward issue happening locally preventing me from getting to the admin page.
They reuse addresses I expect, though I can go weeks or months w/o a change. When it changes, the relay would update. Maybe not as stable as a dedicated static ip, however think it would be good for now.
Right now a changing IP isn’t even on the radar, don’t care about that all because it doesn’t matter until I get the services working.
I’ve tried to reply in line
Whatever else you do: please get the VPN up and running first!
You’d be surprised how many of your issues that will fix.
btw relying on/using quickconnect is nice, but now you have left everything in the hands of a vendor. Any compromise there will also compromise your network.
No entry or endpoint is ever anonymous. But thats all. Having control over your VPN gives you far greater security than using a vendor solution to get through.
I’d rather manage my own VPN and certs to access my network, than depend on a vendor with a huge attack surface to manage my perimiter.
HTTP and HTTPS ~ same difference,. unable to connect.
HTTPS currently disabled.
QuickConnect works using the apps. Unable to mount or access Synology using the QuickConnect link info (changing the prefix for smb. If I use the domain, I am asked for credentials however keep getting that message referencing version of the server not supported (and upgraded the server and still not working)
QuickConnect plain works, love it for that - but - restricting and doesn’t play so well w/others.
DDNS has a Synology entry. One for Dynu the other for Synology. Synology gives the same error as DynU. Curious why one would conflict w/the other?
Turned off QuickConnect and so far no change.
Ok ok… vpn is back on.
Yes, sensitive to having everything in the hands of a anyone. Look what is happening to all those Wester Digital drives getting wiped.
See, vpn blocks other stuff and its nearly impossible to know if an issue is related to the vpn or not unless the vpn is off. so these blocks Im hitting, I would now need to account for every vpn variation as part of the trouble shooting…
I don’t know how you are setting up your VPN, but you can have it so that
you appear to be local on your network. Just like you were sitting there.
VPNs can be totally transparent.
I’m following this to learn more. What are the recommended ways to setup VPN? Hardware of software?
Yes. One method is to essentially tunnel back and everything act as if you are on your home network.
Another method is to anonymize traffic. I opt for the latter.
It depends on your use case. VPNs add encryption and latency.
A general rule of thumb is 15%. Additionally, you have to think
of both ends of the tunnel. You might not control both sides.
This could limit what you can do.
If you are serving the enterprise, you want powerful hardware
and associated connectivity, providing strong encryption.
If you are at Starbucks, and want to grab a file every once in
a while, your needs can be addressed more modestly.
(As an aside, a VPN is “just” another server. While you
can certainly have hardware acceleration for various
modules (encryption being the most popular), at it’s
core, it is a software solution)
lol. You are exiting at your ISP…
Enter > ISP > 3rd party VPN > 3rd partyVPN gateway to distant location > Exit
Side note: OpenVPN certificate (which is properly installed and working) generates an error “Your gateway setting is invalid.” This error goes away temporarily if you change the service order under Control Panel > External Access > Router Configuration ~ or disabling VPN.
Small success in the reverse proxy space…using one of the synology hostnames I am now seeing " Welcome to nginx!" screen. Using sell-rolled Dynu hostname not seeing the same message.
Ironically https is disabled, however the server message only comes through when calling https. take the s off and back to server not found.
Noticing that the host name that is working has a default certificate from synology.
Did not see certificates as being required, or settings requiring them…any certs were disabled.
I would consider hiring the out if there was a way to do so where the person configuring things wouldn’t run circles around me and create hidden doors, that everything would be covered and that I would know enough to tweak as needed in the future.
Clearly there is a more to the story. Best of Luck.
I’m no good at any of this…
Happen to be fortunate to have two networks for the moment…brand new modem on a new service while I have everything else running on the old. Took the Synology over to the new modem… no settings but basic access passwords, brand new dns relay through no-ip…and all the same results … identical.
Something that has been of recent distraction is the admin panel will not show the synology as a wired connected device. There is a section for wireless, section for wired and nothing showing as wired. switching ports, rebooting all devices, nothing showing synology as connected device in the netgear admin panel. The same " Welcome to nginx!" shows when using the synology hosted url on the second network (different ips) so there is a connection getting through.
Yes, this has been years of trying to get this working and thought the Synology would finally get me there…
Progress Update:
Original issue resulted in efforts to manage port forwarding from Time Capsule admin module.
Deleting TimeCapsule Synology entries and using only those in Synology port forwarding worked.
WORKING REMOTELY
• Synology DDNS host services & Synology apps
• 3rd party DDNS host service correctly points to Synology admin page when adding proper port.
STILL NOT WORKING REMOTELY
• MacOS > Connect to server > DDNS Host Name > Request for credentials > Error
“There was a problem connecting to
The version of the server you are trying to connect to is not supported. Please contact
your system administrator to resolve the problem.”