Trying to set up a VPN server on my NAS

[Aleph256]

Figured it would be the best place to post.

I deployed a Drivestor 4 Pro last year.

(I know now it's not the best value hardware, but there was an enticing sale and my needs were "I want a backup that isn't a bunch of external HDDs").

 

Over time I started using it for more than just storage, and now it's running a qBittorrent server.

To be able to manage it remotely, I did some basic port forwarding on my router (and the same for a FTP server a bit down the line).

As I didn't want my data to transit through the Asustor servers, I did not set up a MyAsustor account to use their DDNS service, and log in directly from my router's public IP.

And it's been working pretty mint so far.

 

It's been brought to my attention that raw forwarding like that is not the safest option, and that I should set up a local VPN instead and remote to it.

As such, following this thread and this video, I tried setting up a L2TP one.

I downloaded VPN Server on the NAS and set it up like so...

 

... Then I forwarded the relevant ports on the router...

 

... And finally tried to set it up on my phone, once again using the router's public IP.

 

However, it fails to connect.

I tried both the raw IP and by specifying the ports.

 

So... What's the (probably obvious) thing I seem to have missed?

Do I actually need a domain name and can't just connect from an IP?

Did I miss a parameter somewhere?

Should I give up, buy a Pi and try again there?

[AbydosOne]

1 hour ago, Aleph256 said:

So... What's the (probably obvious) thing I seem to have missed?

Make sure your port forwards are both UDP and TCP.

 

1 hour ago, Aleph256 said:

Do I actually need a domain name and can't just connect from an IP?

I don't believe you need a domain, but I think is somewhat integral to having a "true" crypto cert (which isn't really necessary for personal use).

 

1 hour ago, Aleph256 said:

Should I give up, buy a Pi and try again there?

To the credit of the PiVPN devs, it really does just work (much to my surprise, since the last time I tried to set up a VPN, it broke TrueNAS's VM IP configurations horribly).

[Aleph256]

10 minutes ago, AbydosOne said:

Make sure your port forwards are both UDP and TCP.

Like this ?

 

Changed and applied.
Still doesn't seem to work

 

Might it have to do with my local net being on the "default" 192.168.x.x range instead of 10.10.x.x? I'm a nocive when it comes to network stuff.

Tried changing the dynamic range to that in NAS app but no results.

[Electronics Wizardy]

I'd try using OpenVPN here and see if that works.

[m9x3mos]

6 hours ago, Aleph256 said:

Like this ?

 

Changed and applied.
Still doesn't seem to work

 

Might it have to do with my local net being on the "default" 192.168.x.x range instead of 10.10.x.x? I'm a nocive when it comes to network stuff.

Tried changing the dynamic range to that in NAS app but no results.

I would try using this site to scan those ports to make sure they are actually open. 

It is possible that they are blocked by something else or your isp.

https://www.grc.com/x/ne.dll?bh0bkyd2

[Aleph256]

8 hours ago, m9x3mos said:

It is possible that they are blocked by something else or your isp.

Well that was the start of a solution - appears all three ports are closed.

Tried setting them up open as a custom rule in my router's firewall... Buuuuuut seems like going for a custom filtering rules borks my Internet traffic. Thanks, ISP. I'll be doing some more digging around on that subject.

 

10 hours ago, Electronics Wizardy said:

I'd try using OpenVPN here and see if that works.

Eeeeeeeh I've considered it but I've read it's more of a hassle to set up on the accessing device?

[Electronics Wizardy]

6 hours ago, Aleph256 said:

Well that was the start of a solution - appears all three ports are closed.

Tried setting them up open as a custom rule in my router's firewall... Buuuuuut seems like going for a custom filtering rules borks my Internet traffic. Thanks, ISP. I'll be doing some more digging around on that subject.

 

Eeeeeeeh I've considered it but I've read it's more of a hassle to set up on the accessing device?

Shouldn't be more of a hassle. Depends on the config, but commonly there is a config file you load and then your good.

 

Does your router support hosting a VPN server?

[Aleph256]

5 hours ago, Electronics Wizardy said:

Does your router support hosting a VPN server?

Would probable be much less of a hassle if it could, but alas no - the downsides of an ISP-provided router.

 

I have a coworker who's good at all this networking stuff, I'll pick his brain tomorrow.

[Aleph256]

So... Back to the grinder.

Turned out the aforementionned coworker is away for a few weeks, and I've been busy these last days.
 

Tried again by setting up an OpenVPN server this time.
The flip side is: it works - I do get notifications of the user logging in on the ASUSTOR side of things.

The down side:

• I can't seem to access my NAS as I would expect to do
  • Now that I'm connected, I should be able to just use the local IP and port, right?
• Being connected to the VPN locks me out of the Internet (throws a NAME_NOT_RESOLVED error, which makes me think of a DNS issue)
  • I did check to enable the base 8.8.8.8 Google DNS

 

What's the (probably obvious) step I am missing?