I have been using the OpenVPN server on my ASUS router for quite some time to remotely access my LAN resources when I am away. I'm able to access my hubitat hub, an always-on Windows 10 PC, a few IP cameras, etc. It works very well for me.
But recently I tried to browse to my QNAP NAS' web login page remotely and I realized I can't connect to it. Can anyone suggest where to start troubleshooting? Could it be something in the NAS' settings? Since I don't have any problems connecting to any other device and they're all on one subnet at home (192.168.0.0/24).
Here is the router's OpenVPN server settings page, if that helps:
You can access other devices such as hubitat, that suggest qnap itself blocking access.
Make sure that access permissions in qnap settings are correct.
I do not have Qnap, i have synology but it also requires specific permissions for remote access
Mark I just tried and I was able to access my Qnap login page. It detected my phone and presented the mobile version. I also have an Asus router running Merlin and my VPN server.
Have you tried using a private/incognito browser instead to make sure it’s not a caching issue?
That's a good thought, I hadn't tried that but just did. No dice. Since I can still get to my windows 10 PC through the VPN, I might put teamviewer on it and see if I can login to the NAS' browser UI that way to take a look through the settings.
But I wonder if it could be a difference between the stock ASUS firmware's VPN server settings and yours since you're running Merlin?
I think I figured it out. Sometime in the past, when playing around with the QNAP container station, it created a virtual switch, which TBH I'm still not sure I understand how it works after trying to google it for a minute. However, deleting that virtual switch seems to have done the trick!
hmm, i may have spoken too soon. It was working for a few minutes there, now back to the same, can't even connect to it. Not sure what I did there.
Believe it or not the reason I started to shy away from container station for running those types of server apps (node red, homebridge etc.) was because I found the network settings when setting up the containers to be kinda confusing!
They are pretty good, just select NAT in the Advance settings and give them static IPs.
The only thing I don't like is the memory Container station consumes.
I upgraded my TS-251A to 16GB (which isn't supported, but is working :P) And it's now somewhat better.
This . I did the same and it makes life easier. If you hadn’t done this all the containers use your NAS IP address via different ports. Wondering if this is your issue actually. The NAS web login uses port 8080 so make sure you are using that URL vs one assigned to your containers.
True but I don’t assign a lot of memory to my containers so I can “contain” them . I also upgraded my TS-451 years ago when I bought it. Now that you say 16GB I need to check mine because I cannot remember what I installed.
So it turns out I was able to determine that the reason I thought I could access the NAS through my VPN was that I added port 8080 to the IP address lookup in my browser, and it returned a cached version of the login page. In an incognito window, I'm back to the same as before, can't acess remotely.
I disabled all the containers, and still no dice. This is getting to be a bit frustrating .
@marktheknife curious why you need to access the Qnap web login remotely. While I can, I really don’t do it that often. I mostly need to access files remotely and instead use an app called FileBrowser in my iOS devices where I can navigate the file system to view and download files. I’ve been using it for years and love it.
Not the web login specifically, I can't seem to access the NAS local IP address through my VPN at all. For example, Qmanager app on my iphone, or the file station app. I agree, it's not the web UI I need, it's primarily access to the NAS filesystem and I can't get at that either!
Are you using the myQnapCloud?
There is a test you can do to check your router through it. (worth a shot if you haven't already?)
TBH I could never get OpenVPN running on the NAS, although never tried my router. Then again I have a unify USG and use L2TP, sorry have no experience with the Asus routers.
Gotta love YouTube, found a video of a guy with exact model of mine and he lad link to exact Crucial memory which I ordered.
Given I use Asus Merlin my VPN server settings are a little different but I compared your to mine and they are mostly the same. Very strange you cannot access the NAS IP.
You may want to add Merlin to your list of projects since it offers additional features such as a local NTP server that folks like @ogiewon use as well.
Nope, since I have a VPN server running on my router at home, I'd prefer to just point any of my remote devices to the local LAN IP of the NAS and avoid going through anyone else's cloud if possible.
Yeah this is indeed on my list of projects. If I've been reading correctly, I'll need to reconfigure the router manually once I flash the merlin firmware. Having to re-do the list of DHCP reservations (which has gotten pretty long at this point) is probably what's holding me up the most.
I have a thought and don't seem to see if anyone has asked you this, can you ping the ip of your NAS and get a response? If yes then i would look more towards your NAS. I dont have a QNAP, however most have a builtin firewall rule that my be blocking your VPN's ip range (I've had this happen before). Another thought i had was, if the ping provided a reply, can you go to the machine from a share (ie. \machinename(or ip)\networkshare? This would tell you if maybe your network side of things is fine and the machine's smb (or other fileshares) are working, but the web portal for your NAS has issues getting from your NAS to you via your VPN. I too have an ASUS and I use my VPN ALOT, both from my mobile devices as well as my computers. one thing i don't see in the screen shot for your VPN settings, which may be further down, is "Allow client<->client" and "Allow only specified client" these two settings may or may not be applicable to your Asus router, but if you have them, make sure the former is enabled and IF you have the other enabled make sure both you have the computer name (and/or IP) of both your computer (both local and VPN, remember 2 different ip's and MAC's), AND your NAS (if you are using 2 NIC's with 802.3x or some sort of bonding) ip!!! I have included some of my settings from my Asus in a screenshot below, hope this helps a bit!!.
Good question. @marktheknife you can download a free iOS app called Ping Lite to verify if you can ping your NAS IP.
Those settings come up IF you set Manage Client-Specific Options to Yes. FWIW that setting on my router is set to no and I am able to access my NAS.
Mark, I did another side by side comparison of your settings to mine and they are pretty much the same. The only additional idea I have is QNAP has security features to block access from specific IP ranges. In your Asus settings your VPN clients are assigned a 10.8.0.0/24 IP address which is obviously different than when you are connected to your Wifi getting a 192.168.0.0/24 address.
Login to your QNAP, go to Control Panel and in the System section click Security. Check your settings on the Allow/Deny List. What is your top setting? If set to allow from list, make sure 10.8.0.0/24 is included if deny connections from list make sure 10.8.0.0/24 is not listed as "block forever".
@steelz1 good thought re: trying to ping the NAS. Doing that from a cmd prompt in Windows times out on each request.
I'm certainly no expert at all this stuff, but I've seen the "allow client<-->client" option you mentioned in my asus router's settings, and I think that shouldn't matter, as @ritchierich mentioned.
@ritchierich another good thought re: block list, but it's set to allow all connections.
. I did the same and it makes life easier. If you hadn’t done this all the containers use your NAS IP address via different ports. Wondering if this is your issue actually. The NAS web login uses port 8080 so make sure you are using that URL vs one assigned to your containers.
. I also upgraded my TS-451 years ago when I bought it. Now that you say 16GB I need to check mine because I cannot remember what I installed.
.
