Port forwarding to VPN server

Hi folks,

I’m trying to run the openvpn app from a synology DS220. I have it up and running, and can connect to it locally (via the 192.168.1.10 address), however when I try and connect to the vpn from outside this fails.

nMap shows that the port is open on the public ip:

Nmap scan report for xxx.xxx.xxx.xxx
Host is up.
PORT STATE SERVICE VERSION
1194/udp open|filtered openvpn
Too many fingerprints match this host to give specific OS details

Which is the same result that I get when I scan the local 192.168.1.10 address.

However my client seems to time out when trying to connect via the public ip. The synology firewall is off, and my TP-Link router has the correct port forwarding rule;

| Service Port | IP Address | Internal Port | Protocol | Status |
| 1194 | 192.168.1.10 | 1194 | UDP | Enabled |

I’m all out of ideas at this point, so I’m hoping someone here has some.

Maybe your ISP has a cgnat(carrier-great-nat?). Between your router and your internet ip is a network with non routibel ip like in your home network. The home network of your ISP. That blocked it for me. I have to connect via ipv6, IPv4 does not work.
My solution was:

1. Create a ddns via the Nas. Use the Synology ddns(it’s support ipv6).
2. Open the 1194 port for ipv6 on your router.
3. Modify the OpenVPN config for ipv6.
   If you want you can enable the ipv6 server for OpenVPN on your nas, but its not necessary.

Turns out my ISP uses CGNat and that’s why this wasn’t working. They’ll give me a unique static ip though to get this working, so that’s nice.

Thanks for all your help troubleshooting.

Thanks for the suggestion. I tried my isp support yesterday and the cs agent wasn’t much help (not at all technical), I’m going to try them again when their dedicated tech team is in.