Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    219

    Default Cannot connect to Synology DSM port 5001 from Untangle Open VPN

    Hi - have recently added a Synology Diskstation to my LAN at 192.168.0.129. My Untangle NGFW 15.1 box is 192.168.0.1. I've setup OpenVPN on NGFW and the address space is: 172.16.28.0/24.

    When I'm connected to the LAN, I can access 192.168.0.129 on port 5001 without issue to access Synology's DSM management web interface.

    However when I connect to OpenVPN, I'm able to access all machines on the LAN 192.168.0.x 255.255.255.0 except for the Synology on 192.168.0.129 HTTPS 5001.

    Am not finding any firewall rules blocking this either on NGFW or the Synology NAS itself.

    Has anyone else experienced this issue?

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    whatabout Windows defender on the client?

  3. #3
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    219

    Default

    Unfortunately the firewall disabled on both the Windows client and the NAS. Both the Windows client and iOS device can access the NAS via browser when connected to the LAN. After connected to OpenVPN, they can both access any device on 192.168.0.0/24 subnet except the NAS on 192.168.0.129. It’s quite odd.

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    routes?

    I would reach for TCPdump...

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,111

    Default

    If you're able to access everything but the Synology, I'm left to assume there's a firewall on the Synology that's the problem.

    You may or may not be able to resolve this issue. There's something else at play too, because by default Untangle NAT's remote soft client connections to avoid this stuff. It seems like you've got that disabled? I would too... but you might need a custom NAT policy to crab traffic sourced from the VPN address pool, and destined to the synology to translate it.

    But before you jump down that rabbit hole, make sure the Synology has a complete IP configuration. A fat finger on the synology's default gateway address specifically would cause this too.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    219

    Default

    Not sure whether it helps but on the local LAN accessing https://192.168.0.129 (the Synology admin address) redirects to HTTPS port 5001 as not secure due to self signed Synology certificate. This is normal behavior on the LAN. However once connected to OpenVPN, accessing https://192.168.0.129 is unable to redirect to port 5001. Also if I attempt to connect directly on https://192.168.0.129:5001 via Untangle OpenVPN, it doesn’t connect either. Using all Synology default settings which include firewall disabled. Also using default Untangle NGFW 15.1 OpenVPN setup. Have tried both full tunnel and split tunnel client connection, both behave the same.


    Sent from my iPhone using Tapatalk

  7. #7
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    219

    Default

    OK. More info. Am unable to telnet to my synology NAS on either port 5000 or 5001 from my openvpn subnet, indicating a network/firewall issue. Even with the NGFW firewall app disabled. Do I need to create some sort of additional rule to allow this?

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,111

    Default

    Nope, if you can access other devices again the problem lives with the singular device in question. (synology) I know you say the firewall on it is disabled, yet everything you've described is screaming it isn't.

    Untangle blocks nothing by default, you'd have to have created a firewall rule to prevent communications.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    219

    Default

    With the NGFW disabled, should I not be able to ping or telnet from a client connected to the Untangle OpenVPN interface to the internal NAS (192.168.0.129) if OpenVPN includes the internal primary network among the list of Exported Networks?

    I can currently only do either from another client on the internal interface.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,111

    Default

    If Untangle is powered off, openvpn doesn't work, and you aren't connected to squat.

    But perhaps you're feeling the firewall module itself? That's powered off?

    Again that module doesn't block ANYTHING by default, so unless you told it to stop something, it's not stopping squat. Turning it off means no rules in there get processed, so that means sure... nothing can be blocked by it.

    But the rub is... you said your VPN client can ping other devices on the network, and it can access other devices on the network. That tells me the VPN client is fine, Untangle isn't blocking jack, and you're back to that synology not responding to a non-local client. Which is DEFAULT BEHAVIOR. You can't just "disable" the firewall on those things, "disabled" means, only the LAN I'm attached to can talk to me.

    You have to configure the Firewall on the Synology, I don't know how to be more clear here.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2