Download Manager, VPN's, and access to your NAS from the outside setup

I just wanted to share my setup with others that may be looking to achieve the same thing. Essentially I was looking for a way to use a VPN for my torrents/Download Manager while still being able to access my NAS from the outside. After much searching and testing, I’ve got it working. Here are the steps (I’m using IPVanish and a DS214play running DSM 5.1-5021)

  1. Open up your Control Pannel and create a new VPN connection
  2. If you are using IPVanish and can figure out how to get OpenVPN to stay connected for more that 30-40 seconds let me know - I had to use PPTP instead.
  3. Connect to the VPN. Assuming you connected correctly, you should be able to set the Service Order of the VPN by clicking on the Service Order button inside Network Interface.
  4. Once you set the service order to the VPN on top/first, all the traffic from the NAS will now go through the VPN. While great for torrent security, this will cut off remote access to your NAS from outside your network. Here’s the fix (not sure why this isn’t better documented)-
  5. Still in the Network Settings click on the general tab, you should see somthing like this. The gateway should be your VPN address, DNS can be whatever (I have my router with a fail-back to Google). Now click on the Advanced Settings button.
  6. Make sure both options are checked here in the Advanced Settings.
  7. Apply everything and check to see if you can now access the NAS from the outside; you should be able to. All of the Download Manager traffic should still be going through your VPN. To find out for certian what IP address the Download Manager is using follow these instructions.

Full disclosure- I’m not quite sure how this works. I think the Advanced Settings feature(s) makes it so that if a request comes from the WAN side to the Synology LAN IP, that the Synology will respond using that same gateway instead of the VPN. Anyone who knows more please chime in.

Important note-
I’m fairly sure this will break any DDNS services on the NAS (like the built-in Synology service you may have set up) because the service will report the VPN IP instead of the true IP. An easy work-around is to use DDNS on your router instead. That way your firewall can still direct traffic to the NAS regardless of the VPN in use on your NAS (Router may have been set up using UPnP when you set up the service - be sure to check firewall settings thoroughly).

This is my first Synology and I must say I’m impressed (though I’m coming off of an 8 year old WHS server that just died). Not getting this to work may have been a deal-breaker for me as I’m looking to cut the cord. With this VPN solution, the Download Station’s RSS automatic download feature, Plex, and some SickBeard file moving mojo, I may have found my golden egg.

The only pitfall I’ve seen are download speed issues, though I think that’s more a factor of IPVanish and having to use PPTP instead of OpenVPN. If anyone is able to get OpenVPN to work or knows of a faster VPN for torrents, please let me know.

Merry X-mas and let me know if this works for you, 'd be interested if I just got lucky or if these setting will work for everyone.

*Credit goes to guarak’s comments on this thread.

This is a good post and you are a good person.

is there a way to encrypt traffic from the diskstation without using ip vanish?

Like creating a VPN server on the synology and connecting the synology to that.

Thank you for this post

Thanks, will try tomorrow… Never was able to before.

Thanks. I was planning on setting this up this week. Your post will save me a lot of time

I just signed up for Private Internet Access and was following your instructions, when I realized I am using DSM 5.0-4493 (there was no option for changing the service order).

I configured using openvpn, and it seems to work right off the hop. My torrent IP is changed (followed the instructions in your link). I have a static IP address - and I can access my server via external/mobile networks.

Will upgrading to 5.1 break this functionality? What other features for vpn’s does 5.1 provide?

I don’t see why you want to set-up a VPN on Synology, while you can get your router do this job for you.

Set an openVPN connection on your router and VPN back to your network any time you want without compromising Syno’s functions or loading precious resources.

I got this set up and it’s working, I’ve moved the synology.home DDNS account to my DD-WRT router so that still works for me. Though, there are a few things that it disables:

  • VPN server unreachable
  • Madsonic (3rd party package for Subsonic)
  • SSH/SOCKS proxy tunnel

Alas, I wish there was a way to just pipe my bittorrent or bittorrent port traffic through the VPN.

Great guide!

Any solutions on how to keep OpenVPN connected? I’m using IPvanish and mine too disconnects as soon as it gets an IP address. L2TP/IPSEC works fine and stays connected and is a better option than PPTP.

This is a good guide for automatically reconnecting the VPN when the connection drops: The reconnection of VPN profile on Synology NAS has failed [Fixed on DSM5] - DerZyklop (note this is for openVPN, you’ll have to change the script slightly for L2TP.

ive got to figure out if theres a way to do this via a cronjob or script in command line, bxc every time it reboots , i have to repeat these steps to get external access to my device going again.
(i use the router for ddns, so its not the prob).

fuck this kludgy solution in its dirty hairy ass hole

D’oh! Update - Well, it worked for a bit. The IP check torrent changed to my home IP address after a while, and checking the service order showed that the VPN and LAN had switched order again. My suspicion is that the VPN disconnected briefly, and on reconnect the service order was forgotten. That makes the whole thing rather untrustworthy unless the VPN connection is utterly reliable. Which they never are. Does anyone know a way to force the service order to be remembered?

Thanks very much.

In all honesty I mothballed my Synology for about two years and need to now get it back up and running with this setup once again.

I’ll update the list of instructions with any changes I come across.

I’m afraid this is my first Synology NAS so I’m not exactly sure what you’d gain / loose from upgrading. Though I do subscribe to the “ain’t broke, don’t fix it” train of thought. If it’s working for you then stick with that.

Would this setup still mask your WAN IP address when torrenting? That’s a great solution if you want to VPN back into/through your internal network from the outside, but not if you want to mask your WAN IP address and associated traffic from outside parties.

you really do want your router doing this but stupid ass synology doesnt let you isolate download station traffic to a particular interface

Surely the VPN on the synology is so that the synology connects to the torrents via VPN not that you are connecting back to your home network via VPN?

if you have the VPN on your router to connect back to that is great but when you are using the synology to torrent then that will report back your ISP IP address rather than an obfuscated one.

Seems too much hassle to me - simple answer dont torrent!!!

Er, how many times do you reboot your nas? I’ve only done it when there been a software update…pretty rock solid all other times.

Hmmm…did some testing and I can confirm the same thing. Even after reconnecting to the VPN and I actually didn’t have the option to prioritise the VPN over the regular connection. A reboot fixed the issue, but I hope that’s not the only solution.

I also just upgraded to DSM 5.1-5021 Update 2 to see if that helps the issue…