ANSWERED VPN Disconnection Issues on Synology NAS: Port Forwarding Loss and Unstable Connection

[Bo5cT4Pp 0]

Hello everyone,

I’m facing an issue with my current setup and would appreciate your help.

Here’s my configuration:

    •    NAS Synology, DSM 7.2.2
    •    OpenVPN profile set up in the network interface
    •    I followed this tutorial for the setup: (How-to: AirVPN on Synology DSM6 and DSM7 complete guide)
    •    Port forwarding works fine with Download Station

For several weeks now, I’ve been experiencing frequent VPN disconnections without any clear explanation. For over a year, I didn’t have any issues—my sessions were stable for weeks or even months. However, recently, my connections keep dropping, and I lose port forwarding. Oddly, on the AirVPN “Session” page, the connection still appears active. On the port forwarding page, I get the error “Connection timed out 110.”

In DSM, the default gateway switches to LAN when the connection drops, even though the network interface shows that I’m still connected.

I’ve tried changing servers and updating everything, but the problem persists. This is quite frustrating because when the connection drops, port forwarding with Download Station becomes ineffective, leaving me unprotected.

If anyone has any ideas or solutions, I’d greatly appreciate your input.

Thanks in advance for your help!

[silxx 0]

Same here. I'm getting crazy, dunno what's going on, I'm facing your same experience.
The VPN gateway literally disappears after a while connection is running.

Edited ... by silxx

[Bo5cT4Pp 0]

I'm relieved to know that I'm not the only one with the same problem. I've tried everything, but I don't know where it could be coming from, AirVPN or DSM7.

[DaDD24 0]

On 10/16/2024 at 6:01 PM, Bo5cT4Pp said:

Hello everyone,

I’m facing an issue with my current setup and would appreciate your help.

Here’s my configuration:

    •    NAS Synology, DSM 7.2.2
    •    OpenVPN profile set up in the network interface
    •    I followed this tutorial for the setup: (How-to: AirVPN on Synology DSM6 and DSM7 complete guide)
    •    Port forwarding works fine with Download Station

For several weeks now, I’ve been experiencing frequent VPN disconnections without any clear explanation. For over a year, I didn’t have any issues—my sessions were stable for weeks or even months. However, recently, my connections keep dropping, and I lose port forwarding. Oddly, on the AirVPN “Session” page, the connection still appears active. On the port forwarding page, I get the error “Connection timed out 110.”

In DSM, the default gateway switches to LAN when the connection drops, even though the network interface shows that I’m still connected.

I’ve tried changing servers and updating everything, but the problem persists. This is quite frustrating because when the connection drops, port forwarding with Download Station becomes ineffective, leaving me unprotected.

If anyone has any ideas or solutions, I’d greatly appreciate your input.

Thanks in advance for your help!

I'm having the exact same issue with my VPN setup using NordVPN.  Started right after DSM 7.2.2 update.  Contacted Synology support, sent them my logs and they said they saw errors relating to the 7.2.2 update.  They want to remote into my server to investigate further.

[Bo5cT4Pp 0]

Not finding a solution, I decided to change the configuration. I switched to Container Manager with WireGuard. I no longer have any issues.

Thank you anyway for your response.

[kingkong32 0]

Hello everybody

Like here , i'm going crazy about those disconnections 😤

Anybody have a solution ?

thx 

[kingkong32 0]

Hi
Someone give me an answer, there is a probleme with the update
you have to edit /usr/syno/etc.defaults/synovpnclient/scripts/ovpnc.sh

and change with this 

Quote

#!/bin/sh
#
# Startup script for openvpn client
#

CONF_DIR="/usr/syno/etc/synovpnclient/openvpn"
OPENVPN_CONF="$2"
IPTABLES_MODULE_LIST="/usr/syno/etc.defaults/iptables_modules_list"
OVPNC_MODULES="tun.ko"
SERVICE="ovpnc"
BIN_IPTABLESTOOL="/usr/syno/bin/iptablestool"
BIN_SYNOMODULETOOL="/usr/syno/bin/synomoduletool"
SYNONETD_TOOL="/usr/syno/sbin/synonetdtool"
VPNC_CURRENT="/tmp/vpnc_current"

. ${IPTABLES_MODULE_LIST}

Ovpnc_Mod=""
for mod in $KERNEL_MODULES_CORE; do
	if [ -e "/lib/modules/$mod" ]; then
		Ovpnc_Mod="${Ovpnc_Mod} ${mod}"
	fi
done
for mod in $KERNEL_MODULES_COMMON; do
	if [ -e "/lib/modules/$mod" ]; then
		Ovpnc_Mod="${Ovpnc_Mod} ${mod}"
	fi
done
for mod in $KERNEL_MODULES_NAT; do
	if [ -e "/lib/modules/$mod" ]; then
		Ovpnc_Mod="${Ovpnc_Mod} ${mod}"
	fi
done
for mod in $IPV6_MODULES; do
	if [ -e "/lib/modules/$mod" ]; then
		Ovpnc_Mod="${Ovpnc_Mod} ${mod}"
	fi
done
for mod in $OPENVPN_MODULES; do
	if [ -e "/lib/modules/$mod" ]; then
		Ovpnc_Mod="${Ovpnc_Mod} ${mod}"
	fi
done

reverse_modules() {
	local modules=$1
	local mod
	local ret=""

	for mod in $modules; do
	    ret="$mod $ret"
	done

	echo $ret
}

load_module() {
	local service=$1

	if [ -x ${BIN_SYNOMODULETOOL} ]; then
		${BIN_SYNOMODULETOOL} --insmod ${service} ${Ovpnc_Mod}
	elif [ -x ${BIN_IPTABLESTOOL} ]; then
		${BIN_IPTABLESTOOL} --insmod ${service} ${Ovpnc_Mod}
	fi
}

unload_module() {
	local service=$1
	local modules=`reverse_modules "${Ovpnc_Mod}"`

	if [ -x ${BIN_SYNOMODULETOOL} ]; then
		${BIN_SYNOMODULETOOL} --rmmod ${service} $modules
	elif [ -x ${BIN_IPTABLESTOOL} ]; then
		${BIN_IPTABLESTOOL} --rmmod ${service} $modules
	fi
}

del_gateway_info() {
	local ifname=`/usr/syno/bin/get_section_key_value ${VPNC_CURRENT} curr_info if`

	logger -p user.err -t "ovpnc.sh" "${ifname} is down"

	${SYNONETD_TOOL} --del-gateway-info -4 ${ifname}
	${SYNONETD_TOOL} --del-gateway-info -6 ${ifname}
	${SYNONETD_TOOL} --refresh-gateway all

	local enable_multi_gateway=`/bin/get_key_value /etc/synoinfo.conf multi_gateway`
	if [ "xyes" = "x${enable_multi_gateway}" ]; then
		${SYNONETD_TOOL} --del-policy-route-rule -4 multi-gateway ${ifname}
		${SYNONETD_TOOL} --disable-route-table -4 ${ifname}
		${SYNONETD_TOOL} --del-policy-route-rule -6 multi-gateway ${ifname}
		${SYNONETD_TOOL} --disable-route-table -6 ${ifname}
	fi
}

case "$1" in
  start)
	echo 1 > /proc/sys/net/ipv4/ip_forward

	# Make device if not present (not devfs)
	if [ ! -c /dev/net/tun ]; then
  		# Make /dev/net directory if needed
  		if [ ! -d /dev/net ]; then
        		mkdir -m 755 /dev/net
  		fi
  		mknod /dev/net/tun c 10 200
	fi

	load_module ${SERVICE}

        echo "Starting openvpn client..."
	/usr/sbin/openvpn --daemon --cd ${CONF_DIR} --config ${OPENVPN_CONF} --writepid /var/run/ovpn_client.pid

        ;;
  stop)
        echo "Stopping openvpn client..."
        /bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null
		del_gateway_info

	#sleep 2
	#unload_module ${SERVICE}
	;;
	unload)
		service=${SERVICE}

		if [ -n "$2" ]; then
			service=$2
		fi

		#unload_module ${service}
	;;
  load)
	service=${SERVICE}

	if [ -n "$2" ]; then
		service=$2
	fi

	load_module ${service}
	;;
  *)
        echo "Usage: $0 {start conf|stop}"
        exit 1
esac

exit 0

# [EOF]

 

[silxx 0]

KingKong32 you're my saviour! Thank you so much!!!! It works!
Gonna block dsm updates for loooooong time!!!

 

Edited ... by silxx

[kingkong32 0]

7 hours ago, silxx said:

KingKong32 you're my saviour! Thank you so much!!!! It works!
Gonna block dsm updates for loooooong time!!!

 

With pleasure ! 

[Peter Laanstra 0]

On 11/8/2024 at 11:25 AM, Bo5cT4Pp said:

Not finding a solution, I decided to change the configuration. I switched to Container Manager with WireGuard. I no longer have any issues.

Thank you anyway for your response.

Hi, What configuration is this "I switched to Container Manager with WireGuard"? Do you use Docker containers? I tried some with Gluetun and a aMule docker container. Did work but has many manual work. Please share.

[Bo5cT4Pp 0]

Hello, I used this tutorial, which is very well done and detailed:
https://drfrankenstein.co.uk/qbittorrent-with-gluetun-vpn-in-container-manager-on-a-synology-nas/

Edited ... by Bo5cT4Pp