Refi
Remove Ads

Share on Facebook Share on Twitter

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
VPN Kill switch possible?
#11
Finally I have decided not to do this on this particular Synology.
The possible extra load (network traffic mainly) in combination with the main duties of my NAS are the main reasons.

I just took an older celeron NUC with SSD/4GB, installed Debian type of linux, nomachine, Deluge and Nordvpn. This headless box keeps the downloads completely separate from my precious data, webserver and backup server :-)
The killswitch, I took your advice to setup the linux firewall in a way that the only allowed IP is the external Openvpn server and the ports related to Deluge and nomachine. Deluge is configered in a way that completed download files are moved over to the DS.

Very happy with the way it runs so far. Thanks to your input anyway, it made me realize that separation (in a docker, VM or ultimately ohter machine) was needed, and gave direction for a solution.
Reply
#12
(30-01-2019, 08:10 PM)Rusty Wrote: Well if Docker is an option the you can do it a few different ways. Personally I have a DDSM running via docker as a small added dsm installation for 2 things.

1st: ddsm is under constant vpn towards nordvpn and as such I use it’s local ip address (separate from the nas host) as a gateway parameter for all my lan devices. This gives me a secure encrypted communication for all my devices no matter what the destination on the internet is.

If I have Sonarr & qBittorrent running under Docker, how do I point them to use the DDSM VPN client instead of the NAS host?

Do I set them up under a Docker inside the DDSM, or is there another way?
Reply
#13
That’s one way to do it. The problem is that you can’t by default change gateway for specific container. You will have to change whole docker setup to use custom gateway. Then you could change them to use custom gateway.

Atm running them inside ddsm is your best bet
Synology DS918+ (4x4TB WD RED - RAID 5 with 2x250GB 970EVO NVMe) | Synology DS412+ (4x3TB WD RED - RAID 5) | RT1900AC
Reply
#14
I did this without using Docker.
I run Download Station on a Synology NAS.
On that NAS, I run Synology's VPN Client, which connects to a VPN service. I set the VPN to restart if it gets disconnected, and use Ian Harrier's VPN reconnection script in Scheduled Tasks.
On the router, I set firewall rules that permit that particular NAS to connect only to the IP address of the VPN provider, with the following exceptions:
- Permit the NAS to send packets to port 53, regardless of IP address (so it can make DNS requests, which it needs to do to send email and get Synology DSM and Package updates);
- Permit the NAS to send packets to port 587, regardless of IP address (so it can send email). (Otherwise, it can't alert me to problems it might be having).
Reply
#15
(17-03-2019, 04:06 PM)akahan Wrote: I run Download Station on a Synology NAS.

[offtopic]
does that shit package even work? i always get errors (with no valuable info) when trying to downloading torrents....
[/offtopic]
Reply
#16
Works just fine, no problems with any transfers.
Synology DS918+ (4x4TB WD RED - RAID 5 with 2x250GB 970EVO NVMe) | Synology DS412+ (4x3TB WD RED - RAID 5) | RT1900AC
Reply
#17
(17-03-2019, 04:02 PM)Rusty Wrote: Atm running them inside ddsm is your best bet

Apparently, that's not my destiny. I tried to start the DDSM process and was informed I had to go into network settings to allow vSwitch. That's not an available option on my 418play, so it appears I'm at a dead end.

Saw this...
Reply
#18
Aha, thought you had docker support from your previous post. If its play model then yes, you will have trouble getting that running.
Synology DS918+ (4x4TB WD RED - RAID 5 with 2x250GB 970EVO NVMe) | Synology DS412+ (4x3TB WD RED - RAID 5) | RT1900AC
Reply
#19
(20-03-2019, 10:06 AM)Rusty Wrote: Aha, thought you had docker support from your previous post. If its play model then yes, you will have trouble getting that running.

Must be a Synology conspiracy Sad as I have docker for sonarr, radarr, bitwarden, and qbittorrent running successfully. So it seems Synology won't let the 418play access the DSM image. O well! It's quite the challenge to buy a NAS when its limitation isn't clear upfront. I thought I was doing fine with the 64-bit Celeron. In retrospect, I should have sprung for the 918.
Reply
#20
(18-03-2019, 10:15 PM)Shadow Wrote:
(17-03-2019, 04:06 PM)akahan Wrote: I run Download Station on a Synology NAS.

[offtopic]
does that shit package even work? i always get errors (with no valuable info) when trying to downloading torrents....
[/offtopic]

Works just fine for me.
Reply


Forum Jump:


Users browsing this thread:
Refi
Remove Ads