Hi everyone, as the title says, I’ve recently been having trouble accessing my QNAP devices via VPN. One of them is a TS-431P (Firmware version: QTS 5.2.5.3145).
I can’t access the web interface through any browser while connected to the VPN.
Google Chrome: Version 137.0.7151.120
Edge: Version 137.0.3296.83
Firefox: Version 139.0.4
VPN: L2PT with pre-shared key
SSH works, ping works, and I have access to shared folders via File Explorer in Windows.
The web interface works fine on the local network. Firewall and antivirus are disabled on the computer, and QuFirewall is not installed.
The issue is that when I try to connect to the Web Administration using, for example, port 8080, I get the following message in the browser: “This site can’t be reached. 192.xxx.xxx.xxx refused to connect.”
However, when I enter the same address without specifying the port, I can access the QNAP over VPN. It seems that if I specify the port, QNAP refuses the connection.
Has anyone experienced a problem where the web interface is inaccessible when using a port, but connects immediately without the port?
did you try other ports too?
I use Asus Instant Guard as VPN and I can connect through it.
I changed the ports so I can’t check it out, but if I remember well 8080 was the default port for the Web Server application.
You can try with https with the corresponding port, if it’s enabled.
Yeah, I’ve tried with other ports, and the situation is the same. That’s right, port 8080 is the default port, and that’s exactly why I’m trying to figure out what’s going on, because I’m not using it for access. I set my own port, which used to work until recently, but now none of the ports I set work, not even 8080.
From the local network, if I don’t specify the port, the browser gives me a message that access is forbidden (“Forbidden, you don’t have permission to access this resource.”), meaning I have to define the port (e.g., 192.xxx.xxx.xxx:8080). However, when using a VPN and specifying that same port, I can’t connect at all.
I can connect via the HTTPS port both locally and through the VPN.
I’m trying to figure out what changed, because I can no longer access the QNAP over HTTP from outside the local network. It’s frustrating.
I’m using MikroTik VPN, L2TP and OpenVPN, I get the same result with both when I try to access via HTTP port 8080.
But it’s not the port, since the port is open, I can access other resources (servers, VMs) on the same port if I want to, I just can’t access any QNAP.
If you cannot access the NAS from a VPN connection, it could be the router (can you reach other LAN devices via the VPN connection?) or the did the NAS access protection switch itself on, or QuFirewall install itself ?
When you connect remotely via VPN, your IP address range is different. If other access works as you say, then the first thing to check is the whitelist and security settings in the NAS GUI to ensure the VPN subnet is allowed access.
Regarding your issue with connecting to the NAS via VPN, please try configuring your MikroTik router. You’ll need to forward the communication received by your VPN server (specifically traffic destined for port 8080) to your NAS’s internal IP address, for example, 192.168.100.xxx.
This step often helps in directing the VPN traffic correctly to your NAS. Let us know if this helps!
If you are using a MikroTik router, I would HIGHLY recommend using the built-in Wireguard based “Back to Home” VPN. I use that all the time and I have zero problem accessing my NAS units or any of their applications. In fact, I have an automation on my phone that connects to the VPN whenever I lose my WiFi connection on my home network. Works great.
I also sometimes run the built-in ZeroTier VPN. ZeroTier is a little bit more complex to configure but you literally can run your VPN like you are right on your LAN and pass UDP traffic and other bits that you can’t pass over a normal VPN.