DDNS and/or speedfusion cloud for NAS access

Hi,

New here and new owner of a peplink router - Balance 20X
Just trying to get my head around a few things regards speedfusion cloud
I’m setting up a synology NAS and I was going to do DDNS and the normal things to enable external access to my NAS.
But speedfusion cloud is maybe an alernative option?
Can I enable speedfusion cloud on my router and then after configuring the nas and router for port forwarding… access my nas remotely with my phone or laptop?
If that is possible, will all normal internet traffic also go through the cloud or can I specify it to only be for remote access to the NAS?

Thanks in advance

Which should work, as long as you have a routable IP address to the B20x. Furthermore, if you register your B20x with InControl2 then peplink provides a DDNS service for you (you name your device - say “XXXX20x” - and peplink resolves the domain name “XXXX20X.mypep.link” to the IP address of your device).

If you do not have a routable IP address for the B20x, then:

Depends on what you want to achieve. If you do not have a routable IP address for your B20x then SpeedFusion Cloud (“SFC”) will not help (it does a lot of other cool stuff, of course).

SFC does not provide a routable IP address, for that you could set up your own (free) FusionHub (Solo license) on a cheap server farm (e.g., vultr.com or UpCloud.com). and connect the B20x via that hub (and with the appropriate forwarding rules established at the hub).

It really is a matter of whether your B20x has a routable IP address or not (directly or by way of a FusionHub, see above). Synology provides its own way of dealing with NAT’ed/non-routable IP addresses of the NAS. Check out their QuickConnect and QuickConnect Relay.

If you deploy a FusionHub (SFC or your own) then you determine what traffic goes through the hub and what does not by setting up a collection of outbound policy rules at your B20x.

Enjoy!

Z

Thanks for the reply. I understood some of that :slight_smile:
I think you are saying it’s probably not possible / within my means.

I’m just a home user and wanted to be able to sync/access/stream my files, photos music etc from my phone or laptop whenever I’m not at home.
I wouldn’t mind the annual subscription for the fusion cloud if I could get it to work but wouldn’t want to pay for extra hardware like a server farm.
When I read the fusion cloud description, I’m sure it mentioned you don’t need 2 devices (like 2 peplink routers) so I thought/hoped that maybe I could just connect my phone or laptop to the fusion cloud through a login or app or portal and then as my router is connected to it, get a vpn’d connection back to my home network and voila… no need to setup a ddns.

If thats not possible, I think just paying for a ddns hostname/domain might be preferable. I’m not too keen on the synology quick connect solution.

Thanks again for the reply

That was not my intention - there are very inexpensive ways to achieve what you indicate you need.

Let me first, though, try to articulate what I think your network environment may be. Either

  1. Your router has a routable IP address (either static or dynamic, it does not matter much). Since you refer to DDNS I assume it would be a dynamic IP address.

or

  1. Your router is connected via an ISP that does not provide you with a routable IP (i.e., the IP address your router has for its WAN is different from what you see from the outside, e.g., by checking myip.com).

For (1) you need no additional technology for now. Just register with InControl2 (free the first year) and decide what you want your router to be named. Peplink takes care of the DDNS and you proceed as you describe (port forwarding etc.)

For (2) you need to get a routable IP address from somewhere. The cheapest is probably the FusionHub (free) set-up on Vultr or UpCloud ($5/month). No hardware purchases required, you simply install the FusionHub on a virtual server provided by (e.g.,) Vultr or UpCloud.

In either case SFC will not help you getting access to your NAS.

It is on many folks’ wish-list to get routable IP addresses as part of the SFC service. But alas, not at this point in time.

Understood and agreed. So option (1) above is the least expensive by far.

Cheers,

Z

Thanks again :slight_smile:
The info on fusion hub sounds interesting
I have just bought a domain name with noip and am setting up hostname etc… although the fusion hub option sounds interesting.
I think it sounds more secure, but maybe a little bit more costly - noip pricing is not bad.
Not sure how quick and easy it is to deploy a fusion hub on one of the places you linked - this is not something I’ve tried before - like can i just ask them to install fusion hub or do i request resource, get a login and then proceed to set things up?

I checked myip.com > the wan ip listed is the same as my wan ip on my router. but there is a host with a different ip. I think I’m dynamic (option 1)? or does the host IP mean that I’m not routable?
if I power cycle my router it will acquire a different ip.
I’m sort of commmited to the ddns route now, but I can easily switch to fusion if its easy enough and at first glance am guessing is more secure > but how easy is it to to connect other wan devices to it ? (like roaming phone or laptop)
thanks again

You’ll need to do it yourself. I made a video to show how on vultr there are other peoples guides on here too Setting Up FusionHub on Vultr – Martin Langmaid – SDWAN Architect

1 Like

The terminology can be a bit confusing. You have two routers - the ISP router and then the B20x. Does this picture capture your set-up?

If so, there are distinctions that can tell us what you are working with and possible approaches.

  1. Is [IP1] (the external IP address of the ISP router as seen by the ISP router) the same as what myip.com reports? If so then DDNS (by any provider) should resolve correctly for FQDN traffic to be routed to the ISP router.

  2. Is [IP1] = [IP2] (or [IP2] = the myip.com report)? If so, then your bridge mode works, and all you have to do is direct traffic appropriately to the NAS [IP3] by setting up forwarding on the B20x after configuring the DDNS step above.

  3. Is [IP1] ≠ [IP2]? Then your bridge mode is not working as expected. You have to correct that, or set up forwarding from the ISP router to the B20x (ugh!) or employ the FusionHub (of Synology QuickConnect) option.

  4. Is [IP1] ≠ the myip.com report? Then you have an ISP doing NAT, and your only option is the FusionHub (of Synology QuickConnect) approach.

Cheers,

Z

Ok great, thankyou.
Having bought a domain and ddns serice, I’m commited to that option right now and I may look into this once I’ve got this method figured out.
Thanks again

Thanks
I believe that picture is correct. There’s an assumption about the ISP router part. I have no actual details on that, but I assume it must be something like that - I’m on BT fibre if that helps.

So the WAN IP address listed on my router dashboard is the same as listed in myip.com.
myip.com lists a host which is a different IP range
there is a gateway shown in the details of the router dashboard for the wan connection which is also a different IP range.

So I think the host is maybe the WAN side of the ISP router and the gateway is the LAN side of the ISP router

I used the router tools traceroute, connection - WAN and destination - my new domain.
The result was 30 hops and it displayed the WAN IP address of my router so I think the I have a way from the internet to my router now and I just have to setup the port forwarding - which is currently not successful oooooph!
I type my domain into the address bar of a browser and I get “the site can’t be reached page”
So not sure at the mo where it’s not working.
I tried the quick and dirty upnp router setup through the synology nas just to get some temporary mappings/rules created in the router that should have commonly used ports for the nas, but no joy.

Writing the reply as I try things. Disabled all the upnp & nat-pmp settings and manually created rules using the ports listed from the upnp and hey presto! it’s working w00t!

Disabled it now and need to make sure all my security settings are good in the NAS. Having ports open direct to the nas i guess means it could be targetted fairly soon and often by bots or whatever else is out there.

Maybe I can schedule the activation of the port mappings so they are only active when I need them or turn them off/on though an app on a phone.

It’s fun when it all starts to work :wink:

Thanks for your help

I am afraid I don’t quite follow your description. To anchor this in my experience of one setup:

Here’s what myip.com reports as the public IP address of my laptop connected to a local LAN off a Balance 380:
Screen Shot 2021-03-20 at 14.26.51
(I have removed a bit of the IP address for obvious reasons. Let’s simply call it 108.228.8.xxx)
You see that the ISP is AT&T, and the IP address is routable.

Here’s what the AT&T router reports w.r.t. IP addresses:
Screen Shot 2021-03-20 at 14.30.04
The Broadband IPv4 address is the same 108.228.xxx.xxx that was reported by myip.com.

The AT&T router is in IP passthrough mode, so we expect the 108.228.xxx.xxx address to be assigned to (and reported by) the B380 as its WAN IP address.

And it does just that:
Screen Shot 2021-03-20 at 14.28.04

Finally - the NAS is located behind the B380 on the local network:

So… you see that for this case myip.com = [IP1] = [IP2] ≠ [IP3]

In which case one needs rules at the B380 setting up the traffic connection to [IP3].

DDNS is finally required to resolve your FQDN to the IP1 address because AT*T provides [IP1] as a dynamic address.

Given all of that - does your set-up mirror this exactly? Or do you have breaks where [IP1] ≠ [IP2] or myip.com ≠ [IP1]? It sounds like the former is your situation, but just to make sure I understand…

Cheers,

Z

Hi
Thanks again.
It is working right now, so I’m kinda happy with that. I type in the domain/host name and get to the login page of my nas (when the rules are allowed)

This would be so much easier without having to hide actual IPs. I guess thats the nature of the world we live in

so this is myip.com result

had to split the reply - new user, restricted to one embedded screenie

this is my wan connection on router

The wan ip is the same ( so i guess its bridging between my router and isp router) so Ip1 = 1p2
the host and gateway are different ips but it all works and im not able to change those

Just to clarify though - there is no isp router in my house - I’m assuming that is an enterprise type device in an exchange somewhere.
The ‘local’ isp router delivered to my house was thrown away and replaced with the peplink.

The manually set port forward rules work. now I just need to find out the best/most secure/private apps to use . like a music streamer. so webdav + cloudbeats is looking the best option so far.
I’m keen to keep google off my phone if I can. I have grapheneos - degoogled android and try to use apps from F-droid, but a music streamer that can work with synology is not presenting many options

1 Like