Port Forwarding Help Needed. Asus RT-N56U.

First and foremost you will need Merlin, DD-WRT or Tomato firmware to do this, the stock ASUS will not have the ability to do this. So if you have the stock ASUS firmware then sorry, you are going to have to reconfigure everything again.


There are two ways you can tackle this:

1) Custom Script for DDNS:
If you use a DynDNS (or affiliate) DDNS you can do a custom script to have it update with the vpn ip instead of the wan ip.
Now while this method is easier, from what I had read, PIA does not really support you forwarding a bunch of ports through their VPN so if you are needing to connect to several services then this will not be a good option for you.

2) Selective Routing with secondary NIC.
What I ended up doing was using selective routing that is built into Merlin firmware.
Now to do this you either need a second NIC on your Synology or run your software services (transmission, utorrent, sftp, etc) from a different computer.

With Selective Routing you need to specify which computers you want VPN on, you need to put all computers in this list and specify which IPs get WAN and which ones get VPN. It seems like any computer not in the list will default to WAN but I put the devices I specifically needed WAN for in the list anyways. For this control list to work the devices will have to have static IPs. Instead of setting static IPs on the device itself (which would suck for mobile devices) I use the static IP table on the router that way i get all the benefits of static IP but can leave the device itself set to Auto DHCP.

If you switch to using an additional computer to run the software services on then just setting that PC in selective routing will do it.
If you are using a secondary NIC on your NAS (or any other machine for that matter) you will need to not only setup the IP address (For windows I had to set gateway address for the second adapter) but you will also need to set connection that will VPN to 0 or 1, and the NIC priority of the WAN connection to a number lower then that (I used 5). This way the machine will use the VPN nic for normal traffic and only use the WAN adapter to respond to traffic that is specifically requested from that IP.
On my "server" computer running Win 7, just setting the adapter priority did not work, I had to set the Automatic Metric http://www.speedguide.net/faq/how-to-tell-windows-7-to-use-a-different-default-350

In regards to setting the priority on a Sinology I could not find any information (although I am on my work network right now so half the sites I went to just don't work like reddit).



On most of my services i have port-forwarded (I have quite a few) using either IP address locally would allow it to still connect to the service so before you start reconfiguring the service with the different IP go ahead and test it.


Using option 2 I have address 1 connecting to VPN and all downloads and general internet traffic go through it, but I can still access my security cameras and all my other services from outside my network over the internet through my second NIC. I verified it was working the way I wanted by checking IP from internet browser on server as well as running wireshark to confirm network traffic.


Pretty lengthy write-up but hopefully it helps.