Synology/ Docker/ rTorrent... behind a VPN
Im going to do the best I can to explain this, but since a picture is worth a thousand words, Ive included some diagrams too. The short version is, I need to have a VPN Profile on the NAS, but cant figure out how to add a port forward for incoming connections on a specific port.
Here's the scenario: Like many others, I want to use the Synology NAS as a Seedbox, using rTorrent/ruTorrent to manage the files.
- I used this Dr Frankenstein guide to set up Docker/Linux/rTorrent/ruTorrent.
- It worked great, except the Listen Port was closed because he forgot to add the Listen Port to the port settings on the Docker container, which caused a "Port closed" issue in ruTorrent, which I have since fixed.
- (For anyone who bumps into this problem later, you have to add a port forward on the Docker Container and possibly on your edge router. I wrote up instructions to help you fix that.
Ok... so now I have Docker/Linux/rTorrent set up and running on the NAS. It basically looks something like this:
So this is great... except that I dont want to be blasting out my home IP address, which means I need to connect the Docker container to a VPN.
So I added a VPN profile on the NAS and connected to the PIA VPN.... and rTorrent still works.
So I added a VPN profile on the NAS and connected to the PIA VPN.... and rTorrent still works.
- The good news is, I can DL files, and I can seed files, and my true IP is hidden behind the VPN... and I didnt have to do anything particularly special.
- The bad news is, the Listen Port is now closed again.
To solve this, I think I need to set up a port forward on the NAS, to allow the Listen Port thru the VPN.... but I cant figure out how to forward ports on the NAS itself. Im guessing I need to add a Traffic Control rule, or a Static Route rule. But maybe I should be looking for something else?
Here is a diagram to help depict all this... its a little crude but hopefully this will help explain the problem as I see it.
So... can someone point me in the right direction to port forward on the VPN for incoming connections?
Comments
therefore, shouldn't you have to create a port forwarding rule at the Edge Router each time you request and obtain a forwarded port X' from PIA?
then the edge router rule is external-intf-ip:X' -> internal-intf-ip:51413 , right?
The problem, as far as I can tell (and I could be wrong)... isnt on the edge router... its a connection between the Docker Container and the NAS itself.
The main reason I think this is, when I have the VPN Profile turned off, everything connects just fine and the Listen Port is active. So I definitely have the port forward on the Edge router set up correctly. And I have the port settings between Docker and the NAS set up correctly. But once I turn the VPN profile on... the Listen port gets closed again. That tells me that somethign isnt getting past the PIA VPN.
In this case, when I set up the VPN Profile on the NAS, I get an IP and Gateway from PIA (the 10.x.x.x). (Edit: this changes every time you Disconnect and Reconnect the VPN Profile.)
Although... you could be right... maybe I need to change something on the edge router, bc with the VPN turned on, it wouldnt see the NAS device IP anymore, it would see the VPN IP.
Augh. There is probably an incredibly simple solution to this, but I am just not seeing it yet.
Now you have me wondering if I need to be doing something with the IP tables on the NAS. There is a little widget in the NAS with a "Static Route" panel, which looks like this:
You'll notice that button called IP Routing table. When I open that, there are several IPs related to the VPN, but I dont know what some of them do... but now maybe I think I need to look at this more closely.
there are multiple posts in this forum category about scripting the request (using curl) to open a port.
Connecting Synology NAS to PIA VPN (specifically, PPTP)
https://www.youtube.com/watch?v=Qc2ZjP-ymrI