2

Essentially the setup I've got is

WAN <-> OpenVPN running on OpenWRT running on WRT3200ACM <-> LAN -> Gigabit Switch -> RPI and synology

The openVPN tun is working fine and dandy. I get an IP address, I can ping the GW on both IP ranges (192.168.1.1 and 192.168.8.1). Internet traffic is also routed through the tunnel. Through a Gigabit switch I have also connected a RPI and a Synology 918+. I have made a simplistic drawing, and I'm sorry that I'm not using standard/conventional symbols and lines.

On my laptop I connect to Internet through another wifi. I open the tunnel through my router and externally I appear with my GWs IP address. From my laptop I can also ping the RPI through the tunnel. All fine so far.

However, my Synology is invisible despite it physically being connected exactly the same way as the RPI. I expect the issue is with the Synology, but I am completely lost to be honest.

(The whole purpose of installing the VPN in the first place is to harden the Synology so I don't have to expose it directly to the Internet as I am doing today)

Routing table of RPI 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         router.lan      0.0.0.0         UG    202    0        0 eth0
loopback        0.0.0.0         255.0.0.0       U     0      0        0 lo
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0

Routing table of Synology

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         router.lan      0.0.0.0         UG    0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

Illustration of setup

ThomasRB
  • 31
  • 3
  • 1
    Is synology available over the LAN (i.e. from RPi or from laptop)? Is it available from OpenWRT itself? If so, have you tried to install tcpdump on OpenWRT and see what is going with traffic going to Synology and if it answers anything? Have you tried to install tcpdump on Synology and do same check there? – Nikita Kipriyanov Oct 08 '19 at 19:26
  • 2
    Yes, all devices on the lan can ping (and reach) the Synology. Using tcpdump I can also see the ICMP requests on the Synology comming in. However, on the router I can see them going to the Synology, but there is no reply to the ping. When I ping other devices on the lan, tcpdump on the router shows both the ICMP request and the ICMP reply. – ThomasRB Oct 08 '19 at 20:10

1 Answers1

1

Turns out it had exactly the expected behavior considering I had enabled a firewall on the Synology.

The firewall on the Synology works.

That was a dumb misstake. Thank you Nikita for pointing out some direction on how to trubleshoot.

ThomasRB
  • 31
  • 3