See LAN host (NAS) through L2TP VPN

TorstenB
TorstenB Posts: 8  Freshman Member
First Comment Friend Collector Second Anniversary
edited April 2021 in Security

MacBooks are connected through L2TP VPN.

Shared drives on NAS can be accessed through the Finder's 'Connect top server' dialog, entering the NAS IP.

However, the NAS is not listed in the Finder's 'Locations/Network section' This only happens after mounting a folder through 'Connect to server'. Obviously the connection is lost when the VPN is terminated. Users would like to see the NAS and browse available folders as if directly connected to the LAN. How can this be achieved?

Router: USG20-VPN

Switch: GS1900-24E

NAS: Synology 318


MacBook -- VPN -- Router -- Switch -- NAS


LAN: 192.168.2.0/24

VPN: 192.168.10.0/24

Accepted Solution

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @TorstenB

    Welcome to Zyxel community 😀

    As I know, Client NAS finder only can search local subnet. 

    Since it’s different subnet, the NAS server cannot be found by NAS finder.

    In this case, you can get share folder via UNC.

    e.g. \\x.x.x.x\sharefolder

  • warwickt
    warwickt Posts: 111  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary

    Hi TorstenB the explanation why is that multicast Bonjour (mDNS) broadcasting is not performed to VPN L2TP subnets.

    So here's what you do:

    1. make sure your NAS setup (FreeBSD, Linux or otherwise) has the directories/volumes as an AFP and/or SMB share - you probably have done this earlier)
    2. on MacOS Clients connected via L2TP, use cmd+k (Connect to Server) with a path to the server and optionally the shared object (else a prompt) such as:
    3. afp://useraccount:password@server-name.server.domain/sharedvolume and or
    4. smb://useraccount:password@server-name.server.domain/sharedvolume

    We use all the time.

    The Volumes are lost when the server hosted is terminated.

    Should you MacOS clients rely on Finder favourites in in the sidebar, then you simply need to make a directory inside the $HOME directory of each mack user and add the server aliases in there. This way they don't get deleted when the server connection is lost.

    Simply use Macs' option+cmd and DRAG the aliases into this folder.

    Lastly add the server_shortcuts folder to the clients Finder sidebars.

    In the USG20 , ensure you have Security Policies and Policy Routes set up to allow:

    L2TPVPNsubnet to LAN(x)subnet to the files servers (which ou have probably already done)

    This is all you need to do.

    HTH


    WarwickT

    Hong Kong

  • TorstenB
    TorstenB Posts: 8  Freshman Member
    First Comment Friend Collector Second Anniversary
    edited July 2019

    Hi Zyxel_Cooldia and WarwickT

    Thanks for your prompt answer. This is how we actually proceed. The network of my (growing) company was moved from the Providers SOHO router and home network equipment to enterprise-grade appliances. Obviously there is less plug-and-play and more security now. However, staff is looking for the SOHO-style ease of use...


    Torsten

    Switzerland

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)