How to setup VPN on synology NAS in combination with Roon

I’m trying to setup my Synology NAS (DS918+) so it can combine a VPN connection and run Roon Server with the same NAS. Can somebody help who managed to do this successfully?

Goal:

  • NAS should run Roon Server to play my music via Roon in the house (I don’t use Roon Arc, so access to my NAS from outside my LAN is not necessary)
  • I want all traffic between internet and NAS via a VPN connection from a commercial party (I’m using Privado VPN) to guarantee my privacy.

The biggest issue: it works correctly if I uncheck the option ‘Use default gateway on remote network’ when setting up my VPN connection. When I enable that function, it doesn’t work anymore (cannot login into Roonserver anymore). All instruction on the internet explaining how to connect with a commercial VPN server advise to enable this option, but nobody explains why.

My questions:

  1. Can I leave this option disabled and still be assured that all data between internet and NAS runs via the commercial VPN server?
  2. If the above answer is ‘NO’ and I have to enable this option: how can I make Roon Server work to work with this option enabled?

Any help is much appreciated! Thanks!

What software on the Synology NAS do you use by configuring it as VPN client? Where is the option ‘Use default gateway on remote network’ ?

Just from the wording the “remote network” appears to belong to the VPN provider, from the perspective of the VPN client, but that doesn’t make much sense.

This is how I setup the VPN connection:

I used OpenVPN with.ovpn files. The option for ‘Use default gateway on remote network’ is under point 6.

Tick any of the following checkboxes depending on your needs:

  • Use default gateway on remote network: Enable this option to route the network traffic of the Synology NAS to the specified VPN server.

Perhaps this means that all network traffic of the NAS, including the internal network traffic needed to operate ROON, is routed to the VPN server.

A further comment: Wouldn´t it be better to route the internet traffic from your router via the VPN? Then all internet traffic occurring from any client and device including your NAS would be routed to the VPN server and all internal traffic in your network including the traffic between ROON on the NAS and your clients would be allowed normally.

I think that your intended configuration makes only sense if your NAS is the gateway to the internet for your complete network, like a router. To achieve this your NAS should have two NICs and a special DHCP configuration is required, I think. This is rather complicated and I do not see any benefit.

Out of curiosity: What guarantee (conditions) do you get from Privado VPN?

Note: A VPN (service) can effectively mask your “true” internet address (but only if you have a fixed one, most people don’t, this helps with “surfing” privacy), provide encryption to protect you from man-in-the-middle traffic sniffing (but most major internet sites/services use encrypted connections (HTTPS) nowadays) and may offer masquerading your true location (a legal gray zone for sites/services where that makes a difference and likely not needed for when it doesn’t [make a difference]; sites/services for whom that matters have lists of addresses from VPN provider’s endpoints and may refuse to work when any of them are detected; if you have a dynamic IP from your ISP then location information is mostliekly fuzzy already). See also:

For actual surfing privacy more needs to be done on the user side and if this is done properly, offers more privacy IMHO than a VPN service possibly can. See for example:

There may be situations/use cases where utilizing a VPN provider’s service is needed/beneficial for certain users but for most users this isn’t the case IMHO – at least not for everyday surfing-the-web privacy.

Good point. I do agree that maybe setting up VPN for my router would be a better approach (I don’t use the NAS to access the internet with other clients).

I have a modem/router from my ISP. I don’t use the router functionality and use my own router (Linksys E4200). All network traffic runs via the Linksys router. If I understand you correctly, I should setup my VPN for the Linksys router? If I would be successfull, how can I verify all trafic is actually using the VPN connection?

EDIT: I did a quick search, but it seems that Privado only support a few specific routers e.g. Asus that can import .ovpn files and not Linksys. Any idea how I make it work on my Linksys router that cannot import .ovpn files?

If your router is old enough (v1) then you can install DD-WRT. Privado provides a guide for DD-WRT.

Note: I don’t expect you get much throughput (internet speed) out of that hardware.

See also: DD-WRT :: View topic - Linksys E4200 VPN setup

Maybe upgrade your router to something more modern, engineered with VPN in mind (advertised), that supports your use case out-of-the-box. Or a mini-PC with a Linux/Unix router OS distribution.

A rather powerful und rather cheap router for VPN is GL-MT6000 Wi-Fi 6 AX6000 Home Router “Flint 2”

You can check whether the traffic Is routed via VPN to your provider using services like the following:
https://torguard.net/whats-my-ip.php
https://torguard.net/vpn-dns-leak-test.php
PrivadoVPN provides such information as well in a headline:Kostenloses VPN (10 GB/Monat) | Unbegrenzte Geräte | PrivadoVPN

1 Like

I think buying a new router is probably the best solution. I don’t want to end up with slow internet speed because I’m using old hardware.

The Flint 2 is not for sale in the Netherlands. Privado provides explicit support for Asus RT-AC66U. Would that be a good choice for fast internet speeds?

What is the difference between a VPN router and a normal router like the Asus? Will both have the same internet speed? (I don’t want my router to be the limiting factor)

Is installing VPN as easy as uploading a .opvn file as it is for Synology?

Something recent? Not the E4200 or the RT-AC66U, both over a decade old AFAIK and EOL.

VPN is often not supported or at least not a major feature for consumer routers. Manufacturers expect that consumer are using VPN client software on their devices – if at all.
Connecting complete networks over VPN is mostly used for businesses, so this is a feature for their business / pro routers where manufacturers typically make sure those have the hard- and software support needed for fast (fast is relative and depends also on the methods [protocol, encryption, …] used and can be very specific) VPN connections.

I don’t have first hand experience, maybe some other user can come-up with some hands-on recommendations. As this forum isn’t network/VPN specific, you may get more/better/quicker answers from other sources (Privado support or forum if they have one, other network/VPN related fora, the internet (via search engines like Google for example).

It should be possible to order the Flint 2 from the Europe shop of GL-iNet

for shipping to the Netherlands. It is definitely a fast router for VPN purposes.

For the speed achieved via VPN the processing power of the processor of the router is relevant. The Flint 2 has a quad core processor at 2 GHz and achieves allegedly max. 900 Mbps for Wireguard VPN. This is rather fast. OpenVPN is substantially slower, however, apparently because of the substantial overhead of the VPN protocol, but max. 190 Mbps for OpenVPN are also not too bad. The questions remains what speeds are supported by the VPN provider and the underlying internet connection of the internet provider.

A completely different question is whether routing all internet traffic via a VPN tunnel is indeed needed. I dont´t think so, but tinkering can be fun …

The Flint 2 even allows to use the Tor network, and is also enabled for Tailscale and ZeroTier VPN services - many options for tinkering!