Everything was fine until I got the new ISP modem. Here’s how everything is connected:
- Synology NAS is connected directly to the ISP modem. The modem has default firewall settings.
- Asus router is connected directly to the ISP modem (modem LAN to router WAN). The router has default firewall settings and is the primary source for wi-fi/ethernet connections.
- Everything else is connected to the Asus router. Synology NAS is the only thing that’s connected to the ISP modem. I’ve disabled Wi-Fi antennas on the modem.
- I am unable to connect Synology NAS to the Asus router directly via ethernet cable due to both being in different locations in the house.
When NAS was connected to the Asus router, everything was fine and I was able to connect to NAS with PIA running on a Windows/Mac. Now that the NAS is connected directly to the ISP modem, I’m only able to access it with PIA disabled. Once I enable PIA I’m unable to access any internal IP addresses registered with the ISP modem, including NAS.
Please help!
Need more information to know for sure, but this *could* be a double NAT issue. Most modems these days aren’t just modems, they’re also routers.
For example, let’s say your modem is dishing out IPs in the 192.168.1.1/8 range, and your Asus router is dishing out IPs in the 10.0.0.0/8 range. In this case, we’ll say your NAS will have an address like 192.168.1.50 (NAS), and your PC will have an address like 10.0.0.23 (PC).
When you aren’t connected to the VPN from your PC and try to access the NAS, your PC will say ‘I don’t recognize 192.168.1.50 (NAS) as being anything I can talk to directly’ and it will send that traffic to its default route, which is your modem. Your modem knows all about 192.168.1.50 (NAS), because it’s on that network, and it will route the traffic accordingly.
When you’re connected to the VPN from your PC and try to access the NAS, your PC will say ‘I don’t recognize 192.168.1.50 (NAS) as being anything I can talk to directly’ and it will send that traffic to its default route, which is a tunnel adapter to your VPN provider. Your VPN provider has no way of routing to 192.168.1.50 (NAS) because it’s an internal IP.
There is only one way of solving this issue that I’m aware of (outside of not doing double NAT), and that is with the configuration of your VPN connection. I haven’t used PIA, but if it’s using OpenVPN, and uses an .ovpn profile, you can add a line like this to explicitly tell your VPN tunnel to route NAS traffic to your original default route, rather than the VPN tunnel:
route 192.168.1.50 255.255.255.0 10.0.0.1
You are running a nested network, that is a network inside of a network.
however your NAS is not on the same network as your computer so it will not work.
you need to put all of your devices behind the same router (your ISP modem has routing functions too!)
Your VPN client is probably routing all traffic down the vpn tunnel. That includes your attempts to reach your NAS.
Consider using the Asus router in bridge mode instead of router mode. That will make your LAN behave like one network again instead of two.