Jump to content

Access Synology with VPN enabled


AndrewDub2044
Go to solution Solved by Carlo,

Recommended Posts

AndrewDub2044

Hey guys I have installed Emby on my Synology DS220+ and can access it outside the house (on work network and other networks) I have  NordVPN installed and setup via the network settings. When I connect to it on the NAS the connection fails. Any advice how to allow my Emby server to connect and not disable the VPN? A rookie here! 

Link to comment
Share on other sites

AndrewDub2044

Hey Grim thanks! I do have the ports forwarded via the network stuff on my NAS for the normal connection. Any advice for a different VPN that I can access my Emby with it running.

 

16383912450498259591907054733162.jpg

Link to comment
Share on other sites

3 hours ago, AndrewDub2044 said:

Any advice for a different VPN that I can access my Emby with it running.

Hi,

Mullvad allows port forwarding.

https://mullvad.net/en/help/port-forwarding-and-mullvad/

The other option is to run the VPN connection on vDSM and leave Emby on DSM so it won’t be affected by the VPN connection (unless your intention is to also access Emby over VPN). For this to work best, more RAM is recommended if you are running with standard 2GB but you can try it like that first. I’m doing this on my 220+.

Link to comment
Share on other sites

AndrewDub2044

Sweet man! Definitely gonna need a lesson on that. I'm a rookie here lol. But got my massive movies and tv collection building. 

 

 

Link to comment
Share on other sites

Hi, what's you overall goal with using the public VPN?  Is it to hide activities from your ISP including Emby or just the other things and not Emby?

Link to comment
Share on other sites

AndrewDub2044

Hey man yeah just to hide from my ISP. Built my Emby media server full of movies and tv shows! They definitely can stay the heck away from it 😆 

my-precious-its-mine-all-mine-my-precious-its-mine-53842258.png

  • Haha 1
Link to comment
Share on other sites

  • Solution

If you get a domain and cert and set that up in Emby along with requiring secured connections then everything sent from Emby Server will already be encrypted.  You won't need the VPN at all in that case. :)

Link to comment
Share on other sites

AndrewDub2044

Damn thx Cayars. I tried that when I first started it and messed up time and time again! Might need a hand (big surprise) lol I followed on countless forums and I don't know how I went wrong lol

Link to comment
Share on other sites

AndrewDub2044

Hey guys just wanted to say thank you all SO much for the help. Got it figured out with a custom ddns domain but with a self signed certificate. Might use the google one I bought later. But I have that awesome lock on my browser and its great!

 

]

  • Like 1
Link to comment
Share on other sites

AndrewDub2044

Well looks like I got another issue lol. Think I'm cursed. My self signed certificate isn't good enough to access Emby Remotely. Bought one from Google and are not sure how to set it up. I'm confused lol Screenshot_20211202-225649.thumb.png.2246d211a1028b08a716293e62b3cb93.pngScreenshot_20211202-230212.thumb.png.e23217e9012cc4234c64ffa51e2bf56d.png

Link to comment
Share on other sites

That to me appears like you set emby up to use port 443 and/or 80 but Synology Proxy's built in nginx proxy is catching it and redirecting to the dashboard.

You have a couple choices to make on what you want to be available remotely from your NAS.  BTW, it's very hard hard to work around this built in proxy in Synology as any changes you make to the system get reset by it usually on restart and for sure during any DSM updates.

How you go about this depends on how many apps you have running on Synology that need remote access? I have internally maybe 50 or so web apps but I only have two things directly exposed to the Internet. One is Emby's secured ports of 8920 (local setting) & 443 (remote setting) and my VPN. If I want to use anything other than Emby I VPN in and have access.

So with those settings in Emby I have the gateway router set to WAN IP:443 -> Emby IP:8920.  So Emby receives on port 8920 but marks all packets being sent as 443.  Now Synology doesn't get to reroute my traffic.

Alternately you setup your own reverse proxy which can be nginx to forward things but you control the settings used so Synology can't change them on you.  You can't just redirect Emby traffic like most other sites as it needs a custom setup (which you can't do with the built in proxy).

I hope that makes sense.

Get rid of the self-signed cert.  Just move far away from that. :)  Get a legit cert and only use that and save yourself the grief!!!

Besides Emby do you have any other apps you need to access remotely? Do you need access to your household LAN from remote?
Do you have any other devices or computers running anything that is available remotely?

Once you answer those questions it would be easy to point you to a more specific solution.

Carlo

PS I can remote in and give you a hand with the setup and it won't take long but let's discuss first your needs.

Link to comment
Share on other sites

AndrewDub2044

Hey Carlo man good to hear from ya bro! I just need to Remotely access my Emby server movies and tv shows when I'm both home and away! I got the DDNS via Google Domain setup on my lunch break! That's done and ready to go. (Once you read the instructions twice.... Okay maybe 3 times lol) But Google Domain is setup! 

Screenshot_20211203-163013.png

Link to comment
Share on other sites

AndrewDub2044

Oh the only remote access I do is for Synology built in apps and when im.downloading my torrents (That's why the VPN is installed) 😉😉

Link to comment
Share on other sites

That cert appears to not be correct looking at the triangle next to the URL vs a padlock. 

Nord supports split tunnels for Android and Windows. :(

Couple quick questions for you.  Did you upgrade the memory or still only 2GB?
These other programs you mention.  Are they running in a VM or docker or just normal package installs?

How long is your subscription good for with NordVPN?
What brand/model router are you using as your gateway?
Last but not lease if possible, could you do a speedtest (any site) with and without the VPN to see how much penalty you're getting.  We really only care about your download rate for this.

Depending on the answers to those questions I'm sure I can help you out but let's see what options we have first.

Link to comment
Share on other sites

AndrewDub2044

Hey Carlo just on lunch. After that I'll be home in 4 hours to continue. Can't connect to my NAS via my DDNS domain. 

Link to comment
Share on other sites

AndrewDub2044

Hey Luke me and Caryars are still at it. Well he is I'm just watching helplessly lol. We are still at it. I'm lost and he's just remote in. Originally I wanted to do it via Cloudflare as a domain but we are doing the Google one I bought. I'm hoping it's almost over

Link to comment
Share on other sites

This is super hard for a few reasons but we are nearly done. AndrewDub2044 only has a tablet to remote into which is a challenge on my side as it's a tiny screen and every time the tablet's virtual keyboard is opened I loose half my screen and need to wait for it to normalize before I can do anything again. Then from that small screen I have to SSH into the Synology which is doable but unpleasant to say the least. Then when the keyboard opens it's even worse especially if I was in the middle of typing or running something as I'm nearly paralyzed for 20 to 30 seconds before I can see what's going on. :)

We wasted nearly two whole nights working on a solution for him that I've done a dozen + times just not on Synology and I was like a dog chasing his tail going in circles as nothing seemed to worked that previously did. As part of earlier setup we/I moved the names servers from Google to Cloudflare so that we could use Cloudflare's Argo tunnel to work around his CGNAT. Through miscommunication or something he had moved the names servers back to Google thinking that might help. I of course didn't know this and when things didn't work that did previously I spent time looking at the wrong items. From reviewing Emby setup to the tunnel to the router. A ping or tracert was correct but nothing made sense..

I then did some testing from my house and the dns record would not resolve. dig the domain and see it at Google again. That of course made sense. Apparently his ISP's DNS servers aren't configured right and were still caching info that should have been flushed.  We moved the name servers back to Cloudflare.  I then put everything back the way we started except for the two Emby Server upgrades we had to do.

The Cloudflared deamon isn't compiled for Synology so that leaves trying to use docker and after several attempts figured out how to do the 4 step tunnel process via docker but then the Synology proxy gets in the way. 

Regardless of the complexity of the working environment, If I got myself lost and couldn't easily figure out quickly the name servers were changed the solution is too complex. A few other people have been asking me about this for Synology and I was trying to use this setup to learn/document the process so others would benefit as well.

It needs to be much easier, so I retreated putting things back the way they should be. Instead I'm setting up a dev environment to be able to compile this for Synology so it can be as simple to use as it is on Windows and Linux. It then becomes a simple solution to implement and others benefit as well.

With any luck I'll have this compiled later today and tested on my Synology.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...