NAS setup for homeoffice

[skarpeta]

Hi,

 

I we just got a NAS (Synology DS920+) and a static IP address from our carrier. 

Now is my big question, how to set up access from outside (homeoffice) the best way?

 

The problem: When we don't had a static IP, I thought the best way is a VPN with a DynDNS service. That didn't really work for some reason and I called our carrier to get a static ip.

The carrier told me, that I have to open the desired ports for the nas to access it from outside.

 

So I opened the ports that I needed for synology filestation, smb etc.

 

Vodafone (our carrier) messaged me then and told me that it's a high risk to open smb port and expose them to the outside.

 

So now I use WebDAV to connect to the NAS via https.

It's working great so far we don't have issues with it, besides the fact that both our macs and windows machines can't see what the total storage and storage available on the nas is.

Why this is a problem is, because for example lightroom tells me that I don't have free diskspace on the nas and won't let me save stuff on there. 

Also in the finder it says --/-- instead for example 1TB/10TB.

 

How do I correctly set up the vpn? I mean exactly the reason to use a vpn is to not expose the smb ports, am I right?

Also, how do I connect our local machines to this nas? If the smb ports are still closed, the windows pc can't find it without Webdav, and it would be kind of weird to connect with a vpn to the network the computer is actually in.

 

For any solutions, please notice that we use mac and windows.

 

 

Thank you very much.

[Master Disaster]

8 minutes ago, skarpeta said:

snip

Setting up a VPN server is pretty straightforward on Synology devices but rather than preach to the choir I'll just link to Synologys own tutorial.

 

https://www.synology.com/en-global/knowledgebase/DSM/help/VPNCenter/vpn_setup

 

Your ISP is correct, exposing SMB to the internet is generally a bad idea.

 

The incorrect reporting of free space is a limitation of the WebDAV protocol, AFAIK there's nothing you can do to correct this.

 

As for local machines, your router firewall should not be blocking internal connections. There should be no need to forward any ports for local machines to connect to the NAS. What happens when you try to connect locally? Is the firewall on the NAS running?

[skarpeta]

Just now, Master Disaster said:

Setting up a VPN server is pretty straightforward on Synology devices but rather than preach to the choir I'll just link to Synologys own tutorial.

 

https://www.synology.com/en-global/knowledgebase/DSM/help/VPNCenter/vpn_setup

 

Your ISP is correct, exposing SMB to the internet is generally a bad idea.

 

The incorrect reporting of free space is a limitation of the WebDAV protocol, AFAIK there's nothing you can do to correct this.

 

As for local machines, your router firewall should not be blocking internal connections. There should be no need to forward any ports for local machines to connect to the NAS. What happens when you try to connect locally? Is the firewall on the NAS running?

Thank you. Currently I use a FritzBox 6591 Cable and I didn't set up a firewall for local devices. When I try to connect with windows and enter the nas name, it can't connect and I have no access. Only if I forward the port for smb, I can connect from the local network to it.

 

For the static IP, now our router and the nas have a static ip address. Do I set up the vpn with the router or the NAS ip?

 

The firewall on the nas is running, yes.

[Master Disaster]

Can you clear up a few things...

 

Is your Fritzbox a router or just a modem?

Does the Fritzbox have a firewall?

Your Fritzbox has a static IP from your ISP but I assume the NAS is connected to the router and only has a static internal IP (most like something like 192.168.x.x), correct?

Which firewall do you have to forward the SMB ports with for local access? Router or Synology?

Have you tried connecting internally using the IP instead of the Domain Name?

[skarpeta]

The Fritzbox is a modem, it got a firewall I think. Because I can't find anything about it to disable or active it. The documentation says it's always on. 

The Fritzbox has a static ip ending with for example 113 and the nas also has a static ip ending with 114. It's not a internal static ip with 192.168.XXX.

 

No specific firewall for smb forward. I've also tried the ip, it's not working.

[skarpeta]

I think the "second" static ip is the problem.

Wouldn't it be easier to just have a static ip for the router and a local ip for the nas, and have everything in the local network like normal. And when I want to connect the nas from outsite, I connect via vpn with the whole network and not only the NAS.

Am I correct or do I overlook something?

[SupaKomputa]

The one with the static IP is the modem (fritzbox), you have to route the port to your NAS so it will be available on the net.

The NAS should have an internal IP address : 192.168.0.XXX to be available to the local network.

Why don't you set the ip address for the nas like 192.168.0.100 and then in explorer type : \\192.168.0.100 (just an example).

note: the third segment should follow the segment of your router (can be 0, 1 or 100).

[skarpeta]

Just now, SupaKomputa said:

The one with the static IP is the modem (fritzbox), you have to route the port to your NAS so it will be available on the net.

The NAS should have an internal IP address : 192.168.0.XXX to be available to the local network.

Why don't you set the ip address for the nas like 192.168.0.100 and then in explorer type : \\192.168.0.100 (just an example).

note: the third segment should follow the segment of your router (can be 0, 1 or 100).

Yeah, I will try this now. I ordered just a single static ip from our ISP. They gave me one for the modem and also one for a single device. I think that counts as one.

[SupaKomputa]

Yes, try to make the local sharing work before setting up internet share.

Synchronize the IP address so your NAS is available locally.

What i would do is to reset the settings of the NAS, set the internal IP as static following the same IP pattern as the local network.

If SMB is enabled you should automatically see the nas in explorer.

After that working, we'll try to make it available on the internet. 

[skarpeta]

Ok, I think I got it working. I can connect via SMB and also the OpenVPN connection is working.

Thank you very much.