I have a UniFi network and currently my Synology NAS is simply a client. It does not run any routing at the moment other than being an OpenVPN server by means of port forwarding from my USG.
I have a problem with Plex (hosted on DS) being accessed by a certain remote ISP that I am frequently on. Bandwidth is sub 1Mbps and I have 1Gps symmetric so there’s an internet route or ISP policy that’s jacking up my connection. To mitigate the issue I’m trying to use PureVPN with a dedicated IP and port forwarding to make my Plex server appear elsewhere on the internet and hopefully (fingers crossed) fix my accessibility issue.
All that said, what I’d like to see if I can accomplish is the following:
- Connect to PureVPN with the Synology VPN client.
- Allow Plex to use VPN tunnel for internet access and remote access.
- Maintain local network access to DS for local Plex viewing, Surveillance Station IP cameras, and other network storage needs
Is there anything special I need to do as far as static routes go to allow the DS to use the VPN for external/internet access but also allow it to use the local gateway for local networks? I’ve read mixed reports on this type of thing but most of the posts were old.
If I can get the above working, a plus would be to be able to route a VLAN on my network to use the VPN tunnel on the Synology for external access so I could effectively have a VPN VLAN for clients that do certain tasks for me online. I would do all this on the USG, but it appears the VPN Client on it is all or nothing and I don’t want everything going through the VPN all the time.
Maybe you could accomplish this by creating a docker container for the VPN connection, and a docker container for Plex that tunnels through the VPN container. Of course that would require Plex running in docker.
Have you tried connecting the Plex client (assuming your phone) to your local network via VPN? Maybe the ISP is deprioritizing the streaming video, and the VPN connection will prevent the ISP from knowing its streaming video. Also make sure you have encryption enabled on your Plex server.
Hey u/ciphersh0rt, we’d recommend you to set up the Dedicated VPN IP on your NAS. Once you do that, all connections & networks connected to the NAS (including your plex server) will have the dedicated IP connection. You won’t be able to use the Split Tunneling feature in NAS since it doesn’t support that. However, you can use PureVPN along with the dedicated IP & port forwarding add-on to access NAS remotely.
Why not use Plex over the OverVPN connection?
Running both in docker is an option but, seems a bit painful to me. I used to run things in docker on the NAS, but performance became an issue so I’ve offloaded all my docker containers to a raspberry pi which handles things a lot better. Plus, running Plex in docker doesn’t give me good feelings as I’m not sure how the transcoding would be affected for remote playback.
The ISP bottleneck isn’t just affecting streaming video. It’s affecting all traffic testing I’ve tried (local speediest, iperf, etc) so it would appear I’m going through either a congested link somewhere or they are traffic shaping based on source and destination and don’t think they need to give bandwidth to clients between AT&T and Suddenlink.
The lack of being able to split tunnel is the draw back. I don’t want to have to go out to the internet to stream content local in my home. Something I might do is setup the VPN on a raspberry pi and see if I could route internet traffic from the NAS to the pi and local traffic to the local gateway. If this would work, I could also route other VLANs to the pi that I would want to go out the VPN.
Ok so I have things configured the way I’d like them. The only thing currently broken is Synology Quickconnect and I can’t figure out why but that’s a separate issue.
While you can’t do split tunneling on an application basis on the NAS, it does respect static routes. I simply created static routes for all my home networks and pointed the next hop to be the gateway of the LAN interface. This allows all local access to the NAS to remain and the only traffic routed through the VPN from the NAS are things destined for the internet.
Only thing I had to switch on the Plex side was the port that was being used on the outside. Since PureVPN is a straight 1:1 port forward, inside and outside ports have to match. I wish they would let you map ports so I could avoid using the default Plex port on an outside connection, but that looks like something that would break things if I changed it on the Plex server (if you even can).
Now on to figure out why QuickConnect is broken…
I’m fine using it over the VPN when I’m remote. I don’t want to use it when I’m on the local network because the local network speed will far surpass anything I could get over VPN and I don’t like my content downgraded at home.
I haven’t used VPN client or multiple network adapters on Synology, but rather than ras pi could you add a second network connection to your NAS and put the VPN connection on it, then configure routing tables accordingly? Basically what you were describing but all on the NAS.
If you have a device you use on your home network and off it then OpenVPN lets you use split tunneling so you only use the VPN when remote.
Ah now we’re talking. My NAS has two ethernet ports but I’m currently bonding them and using LACP on my switch because I can. I don’t really need 2G of connectivity to the NAS. So I could break the bond and use one of the interfaces for the VPN and the other for local connectivity as long as routes are set up correctly?
This is the setup I ended up going with. I just had to have some static routes on the NAS for my local networks.