Can't make http requests upon an OpenVPN connection to a Synology NAS

floatingpurr

1/27/24, 5:10 PM

I have a working OpenVPN Server on a Synology NAS. All works fine if I try to connect with Tunnelblick. However, if I use the OpenVPN client on a mobile device, I can't perform any http request. My browser hangs and the request times out. The strange thing is that the VPN connection is properly established, I can even ping my the NAS and see the open ports.

How can I troubleshot this?

EDIT: it looks like it's a problem with my mobile carrier. If I try the same scenario with the very same device under a WiFi network, all works fine. Crazy.

148

1 + 1

http

https

openvpn

synology

floatingpurr

1/31/24, 4:27 PM

It looks like there is a kind of IP conflict with my carrier

Score:1

Server

Netanel Zarihan

1/27/24, 7:44 PM

Did a HTTPS succeed? Have you made sure the WIFI network isn't the same network with the OpenVPN server? Do you have any kind of firewall or logs for the sessions?

I'd recommend checking the logs from OpenVPN service and from any network device that might exist ( and generate relevant logs ). If you don't have any, then try running WireShark etc to see if the reqeusts were received on the server and if they've been forwarded to the NAS.

I'm not familiar with Synology's devices, but is OVPN running as a docker? Does it has it's own IP address or just a port? If it is using port mapping - have you made sure it's port ( or any other docker or service port ) don't interfere with Synology's port?

+ 4

floatingpurr

1/31/24, 4:26 PM

Open VPN runs as a Synology package. It looks like there is a kind of IP conflict with my carrier

Netanel Zarihan

1/31/24, 9:09 PM

@floatingpurr I understand what you're saying - but if the VPN tunnel has been established, then the ISP should NOT been able to see or interfere with the traffic in any way. I can only think of MTU as the culprit. Meaning that your current ISP only supports 1500 for example, but your VPN header takes the 1500-sized packets and adds another 8 or 15 for the VPN tunnel to work. You should be able to decrease it to 1450 and see if THAT solves the problem.

floatingpurr

2/1/24, 12:21 PM

Are you sure that IP addresses like 10.8.0.1 can't be routed outside the VPN, when the VPN connection is up and running?

Netanel Zarihan

2/1/24, 5:11 PM

Just a correction to my previous message - if you limit MTU then larger packets will be dropped. You should limit MSS so that the server will split the packets; Here's an explaination: https://www.sonassi.com/help/troubleshooting/setting-correct-mtu-for-openvpn#:~:text=you%20should%20use.-,Setting%20the%20MTU,for%20the%20MTU%20minus%2040).&text=To%20set%20the%20MSS%20for,1420%20with%20the%20appropriate%20value).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can't make http requests upon an OpenVPN connection to a Synology NAS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.