Jump to content
Not connected, Your IP:

AirVPN running on DDWRT Synology access from Internet

Recommended Posts

Let me start by saying I am not that confident with networking but have some limited experience. 

I was having problems connecting to my Synology DS1817+ from the internet. I am running OpenVPN on a ddwrt router on which I have made no changes. 

I did forward 2 ports to 5000 and 5001 in the AIRVPN Client Area but nothing was working.

I read everything I could find within the AIR VPN forums ,Synology's , and beyond.

In the end my problem was solved when I changed my DDNS address in Synology -Control Panel - External Access - DDNS to something like

Sorry to just now get to the point.

1. Did I create a security vulnerability?

2. Is this the correct method to setup external access to my N.A.S.?

3. Should I consider entering an ip table into the ddwrt that only forwards those ports to my N.A.S.?


Thank you in advance for any advice/information here.



Share this post

Link to post

After more tinkering, I see now that the external address which Synology chooses for you is a problem. Although it is your public address it is no good as a DNS. Choose something else like and everything should be fine. So if anyone is interested in getting Synology access from outside their LAN while connected to AirVPN running on their router, my solution was to simply forward ports to 5000 and 5001 through AirVPN's client area and change the DDNS address in Synology -Control Panel - External Access - DDNS to something like That's it.

Then you could add something like this to your firewall::

From AIRVPN Forum on setting up Tomato router....[

  • destIP is the IP address of the destination device
  • port is the port you wish to forward to that device
  • tun1 is the tun interface of your router (please check! on some routers it can be tun0, on Tomato it can be tun11)
  • you need to forward both TCP and UDP packets

you need to add the following rules.

Please note that the following rules do NOT replace your already existing rules, you just have to add them.

iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP


hope someone finds this helpful.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...