Mounting remote QNAP server without using VPN for non-local traffic?

[partounian]

Is it possible to mount a remote QNAP server onto macOS without using the QVPN for non-local connections? The purpose of this is that I'm trying to avoid the lower non-local internet speed

[dolbyman]

unclear what you mean ...how do you want to connect to a device faster than it's internet connection allows ?

[partounian]

I want the VPN client to use the VPN only for connecting to the server, and to use the VPN client's network for regular internet browsing.

[dolbyman]

Setup the VPN to NOT be the default gateway, this way only traffic send to/from the far subnet is actually routed through the VPN and NOT all of it

[partounian]

How?

[dolbyman]

What VPN server are you using ?

for OpenVPN on QVPN it would be the tickbox

"Use this connection a default geteway for remote devices" [unchecked]

[spile]

The same for Wireguard. It is normally off because I am usually within my lan. If I am outside the lan and try and access a NAS or other lan only service I get an error. That prompts me to flick the switch in Wireguard. A notification on the task bar reminds me to turn it off when within the lan.

[partounian]

I tried that, but then I couldn't see the App to mount the QNAP server as local server.
Sorry for the lame "screenshot".

2021-03-22.jpeg

2021-03-22.png

[dolbyman]

I never used the QNAP Apps.. but as said before, switch to OpenVPN and the option is right there

QVPN has openVPN as an option.

Best option would be a site2site VPN with capable routers

[Bob Zelin]

Hi Partounian
I mount remote QNAP systems on macOS computers all the time.
You open up port 1194 on your router where the QNAP is located. If you don't know how to do port forwarding, none of this is going to work.
You install QVPN on the QNAP, enable it, and get the DDNS Address from the MyQnapCloud application.

On your Mac, you install tunnelblick.net, which is OpenVPN for the QNAP. You get the QVPN Configuration file from your QNAP (you can email this tiny file to the remote computer, or put it on a flash key) -
and put this into Tunnelblick (you literally drag the file onto the Tunnelblick icon). You connect to your QNAP. Now , on your Mac, you click on GO> Connect To Server> enter the local IP address of your QNAP (just like you
were in the office), and now the QNAP mounts on your remote Mac computer.

Let's say you are non technical. If you have the luxury of having a UPnP router at the location of the QNAP, then once you enable QVPN, you go into MyQnapCloud, click on QVPN Port 1194, APPLY TO ROUTER, and now the port forwarding is done for you. (Many people feel that UPnP is very unsafe, and opens the doors for hackers). But if you say "I have no idea of what you are talking about, or what port forwarding even means" - then you will NEVER get this to work. You need to hire someone to help you.

That's it. I do this for clients constantly.
Bob Zelin

[Sean.Kane]

How about using zerotier.com for your connection? It is an open source SD-WAN that negotiates an encrypted connection between your computer and the QNAP using UDP.

Sean Kane

[elvisimprsntr]

Hi Partounian
I mount remote QNAP systems on macOS computers all the time.
You open up port 1194 on your router where the QNAP is located. If you don't know how to do port forwarding, none of this is going to work.
You install QVPN on the QNAP, enable it, and get the DDNS Address from the MyQnapCloud application.

On your Mac, you install tunnelblick.net, which is OpenVPN for the QNAP. You get the QVPN Configuration file from your QNAP (you can email this tiny file to the remote computer, or put it on a flash key) -
and put this into Tunnelblick (you literally drag the file onto the Tunnelblick icon). You connect to your QNAP. Now , on your Mac, you click on GO> Connect To Server> enter the local IP address of your QNAP (just like you
were in the office), and now the QNAP mounts on your remote Mac computer.

Let's say you are non technical. If you have the luxury of having a UPnP router at the location of the QNAP, then once you enable QVPN, you go into MyQnapCloud, click on QVPN Port 1194, APPLY TO ROUTER, and now the port forwarding is done for you. (Many people feel that UPnP is very unsafe, and opens the doors for hackers). But if you say "I have no idea of what you are talking about, or what port forwarding even means" - then you will NEVER get this to work. You need to hire someone to help you.

That's it. I do this for clients constantly.
Bob Zelin

Have we not learned anything this week how wrong it is to use UPnP, myqnapcloud, and opening ports?

There is no hope for humanity!

:facepalm:

[OneCD]

Have we not learned anything this week how wrong it is to use UPnP, myqnapcloud, and opening ports?

Yup, although - to be fair - Bob wrote this before the recent "unpleasantness" began.

I think (I hope) he now knows better.

[elvisimprsntr]

Have we not learned anything this week how wrong it is to use UPnP, myqnapcloud, and opening ports?

Yup, although - to be fair - Bob wrote this before the recent "unpleasantness" began.

I think (I hope) he now knows better.

Bob, by his own admission, is busily trying help his clients who were affected because they trusted his advice, which may have legal and liability consequences, not to mention degraded reputation.

[Bob Zelin]

Let me be absolutely clear about this. This will be an inappropriate analogy. Do you know why ** transmitted diseases still exist in society ? Like Ghonnerria, Syphilis, Herpes, and AIDS ? Because people WANT TO HAVE **.
OK - you understand that, right ?
Now that QNAP has "closed the vulnerabilities" in Hybrid Backup Sync, Multimedia Console, the QTS 4.5.2 updates, Malware remover, and it is now (allegedly) safe to go back into the water. Do you know what 100% of my clients that got infected want to do ? They want to get REMOTE ACCESS BACK via QVPN - and they want it NOW !

So you sensible people reading this - are they looking for trouble ? Is remote access worth "getting Covid 19" or "getting an STD" - YOU BET IT IS. THEY WANT REMOTE ACCESS - and if QNAP says they fixed it (and it appears they have fixed it for now) - these people want to get REMOTE ACCESS BACK NOW.

And I will do exactly what they tell me. And just like I believe I was the first, or one of the first to report QLocker to this forum, and to QNAP - I will probably be the first person to report the next problem as well.

Bob Zelin

ps - I wrote this after the fact. People want their ports opened. For remote backup to another QNAP off site, and for remote access to remote clients. Lets just say there was NO Malware, or Ransomware. Don't you think it's dangerous to let a "remote employee" have write access to files on your NAS ? I live in the real world.