Hey, i need to figure something out, im not sure its possible.
I bought a VPN, and install it on my ASUS router.I bought it from PrivateVPN, because i figur it should use Portforwarding.
I wanna access the my Synology NAS server DSM and Plex remote.
Can i do that?
I can’t get the normale access to work when the VPN is activited (as i expected)
But I’m not sure what to change, to get it to work…Plex work though… After going to plex though Synology and refresh remote access.
What exactly are you trying to hide with your external VPN? You can put your torrents behind that via Docker and not have it mess the traffic of your entire network. Plenty of threads on how to do that. Then that would allow you to VPN into your network
the whole point of the VPN you paid for is to make your access hidden, when your outbound traffic goes out its passes through 1 or more addresses to cloak the originating IP, and the servers at those addresses when the traffic is returned, use a LUT in essence to reroute the traffic returned to you.
you would need to do a Lot of work to get your inbound traffic to be directed to your synology NAS while also having outbound / inbound data not associated with that traffic no go to your private VPN.
check out zerotier - its a virtual network and works beautifully with plex
If this is a VPN client (outbound), google up “split tunnel”. Good luck.
What I’m understanding based off of your requirements you want a VPN server to be hosted on your Synology, not client. You can set it up via the VPN server application on Synology. You purchased a VPN client which will make it so that you connect to their servers and not your NAS. Let me know if I’m misunderstanding your needs.
I might be missing the nuance of the situation, but I connect my NAS to external network via NordVPN and then use Synology quick connect to access DSM remotely.
YOu may need to install a VPN docker.
You need to enable access to the network. REMOTE access etc. Softether easily allows this.
It will use the DHCP of your network in order to grant access to the network and when connecting you will see the entire network as if you were on it.
Otherwise the VPN built into the NAS has its own IP ranges it gives out which doesn’t communicate with the rest of the network.
Plex allows you to forward the port it uses so you can get remote access just by logging into your account on the server and on your device and you are good to go.
The NAS has a cloud login feature you can use without forwarding ports.
Setup vpn on router to connect entire network to vpn. Port forward ports http/5000 or https/5001 to your Synology. Use external IP:5000/5001 and you should still be able to get to the web interface of the Synology. You can forward ports for other services as needed. I personally had issues with Plex mobile app outside my network since the server is behind the VPN. I ended up creating a virtual dsm and set it up to vpn for download station to hide my downloader traffic while everything else goes without outgoing vpn including my Plex server so it works properly. I then use a raspberry pi running pi-hole to provide encrypted DNS to all the clients running on my network.
Try ZeroTier, there is Synology spk as well.
Best solution I just found was to set up a DSM Virtual Machine on top of Synology and then use DS download on the virtual machine for torrenting that you can then protect with a VPN setup just inside the virtual machine (NordVPN works great in the native networks settings inside the virtual machine!).
You can map “network” drives into the VM from regular Synology storage (CIFS network share) so that your downloads are deposited in their regular folders and your VM image doesn’t need masses of own separate storage.
So you get the ease of use of keeping regular Synology unit operating as usual in addition to the Download Station in the VM doing the protected work (and it’s even possible to connect straight into Download Station on the VM with regular mobile app using QuickConnect!!!)
Maximum convenience and no messing around with Docker configurations and sub-par torrent clients!
“1. you want your router to act as a client to give your entire network privacy from your ISP” - is correct.
Im not only look to remotely access Plex, but also the Synology NAS, but i still wanna hide, and that the reason why i bought a VPN-client.
Some systems (untangle, pfsense) can use rules to assign which objects in the network will use established VPN tunnels.
It sounds like he wants to be able to VPN back to his machine but also send specified traffic through a VPN going out for privacy.
Either of the above can do that.
I believe you can also in network settings on synology nas setup a VPN gateway as a preferred connection. That might work as your main network would still be open for a VPN server app if installed elsewhere.
Quick google - No “split tunnel” for PrivateVPN 
I have purchased a VPN client to be hidden on all my devices (install on router)
But when im out, i wanna connect only to my nas remotely.
This is not how vpn works. You are tunneling your whole lan outbound traffic through third party network (why would you do that is beyond this discussion)
If you want to connect to your lan remotely you need to setup vpn server on your gateway or lan and connect to it.
It has nothing to do with the commercial vpn subscription you have bought.
yeah, it seems like. And i thinks “split tunnel” could help me out - Have you experience with that?
Why is that beyond? I wanna be more safe on the internet?
I thinks tunnel split, as PaleMongo reply, could help me?
Split tunneling would get what you want. Your easiest way forward is to setup a VPN connection on your router, that will act as the network for services on your NAS and other devices in your network that you want to be hidden. Each of these services needs to be bound to that VPN connection via the VPN IP that your router will get.
The rest of your servers and services will use the default router connection to your ISP and will be accessable as usual.
It requires that the router can handle this, and probably done trial and error on the way to get it exactly like you want it to.
Why is that beyond?
Because you asked how to do something, not whether it’s a good idea
I wanna be more safe on the internet?
Your ISP has responsibility and/or incentives to protect you from abuse. Third party VPN provider does not and if something does happen — they can’t/won’t help, because they “don’t keep logs”
I thinks tunnel split, as PaleMongo reply, could help me?
I don’t fully understand how his/her advice is applicable to your usecase.