How to route network shares over VPN while not running any other traffic through the VPN

There is the Synology Drive Client for your Mac, which is similar to DropBox, OneDrive, etc... which will give you a Folder tree of files stored on your Synology.

You should look at TailScale.com which provides a secure connection that makes your remote Mac (iPhone, iPad, etc...) appear as if they are on your home LAN. TailScale.com has a Synology client, as well as Mac, iPhone, iPad, Windows, Linux, etc...

If you want to play games vectoring some traffic to your Synology and other traffic somewhere else, then you are going to have to look at the 'route' command, which you access via Applications -> Utilities -> Terminal. You will also need to get comfortable with the 'sudo' command because it will require privilege to execute the 'route' command. Google 'macOS route command' and see if you can find examples. The last time I really played with the 'route' command was back in the early 2000's, so I am very rusty on how to use it these days.

alexleonard24 wrote:

So I'm in the process of migrating from a Desktop+Laptop setup to just using a single MacBook Pro for everything. I have a Synology NAS setup at home which is absolutely crucial to all of my work, and previously with the Desktop PC I just had all my network shares mapped as 'drives' on the PC.

Oh boy. You're in for some pain and gnashing of teeth.

Now that I'm moving to the MB, I would love to replicate this functionality - and I can access the NAS on the home network fine, but when I go outside of the home network I would love to retain those exact same mounts.

That's tricky stuff. I strongly recommend dumping the old NAS setup and using some kind of file sync solution instead. I use iCloud and it usually works.

You can make the NAS available by opening/redirecting ports on your ISP modem. But to be honest, this is a path of pain.

I've read some stuff suggesting using WebDAV

OMG! Stop reading now. Close that book - it's cursed!

I also read some suggestions to use CloudMounter which would allow mounting of SFTP accessed shares. This might be plausible, although would presumably mean leaving the NAS open to external SSH access.

The horror of WebDAV aside, once you say you want to access the service from the outside, there's no other way to do that. You have to expose it. There are some really, really funky ways to do that more safely. But those methods are above the pay grade of anyone here. Technically, it's possible. But iCloud is so much easier. And even if you do eventually get it running, I'm sorry to tell you that the Mac's network file system support is just awful. You're not on Windows anymore. Use that NAS as a doorstop instead.

From what I can tell the most secure option would be to VPN to the NAS and connect to the shared drives over the VPN.

That's the technically complicated part I mentioned before. But it's actually more complicated than that. I can give you pointers if you want, but have I mentioned a few well-supported and easy-to-use alternatives like iCloud yet?

I found this: https://blog.arrogantrabbit.com/vpn/OpenVPN-Split-Tunnel-on-Synology/

OMG! You mentioned something you read online and then gave us the link to review it ourselves? You're the second smart person I've encountered today! What's going on here???

Is there a way to set things up so that I can permanently mount my Synology NAS shared folders on my MacBook such that they always connect over a VPN to the NAS without impacting any other network traffic on the MacBook?

To make a long story short, there's no easy and satisfying way to do this with consumer-grade equipment and practices. You've got barriers all over the place. In theory, the way to properly do this would be to setup a real VPN. I'm not talking about the internet scams that you're seeing advertised all over the internet. I'm talking about a real VPN on something like AWS. AWS would host your network, ideally using your own domain. All of your clients would connect to that VPN. This includes clients providing services like your NAS. It would connect securely to the VPN and expose its services only to the VPN.

Pros:

• This is a secure solution
• Your resources are always in one place
• This is a stable and reliable solution, especially with consumer-grade devices

Cons:

• AWS is really hard to use
• AWS can cost money if you aren't careful
• Your connection is going to be slow
• Your still using networking on a Mac, which is going to cause you to scratch out your eyeballs even if you were running it all locally

Caveats:

• I don't think this would be all that expensive on AWS
• Some of the more (relatively) reputable VPN services also offer private "mesh" VPNs that save you from having to figure it out on your own on AWS. This would be more expensive than AWS.

alexleonard24 wrote:

I've got nearly 10TB of data there

How much data can a single person really process in a day? And how much of that would you be able to access across two low-speed uplinks on each side?

However, I do think the split tunnel Open VPN thing looks like a really viable option though - the author replied to a query there and I think I just needed to dig a bit deeper to get it working.

That is one of the problems with this forum. There are so many social media influencers spouting off so many bad ideas. In most cases, people only come here after they've spent a lot of time and money, asking us to fix it for them. That's always an awkward conversation.

Good luck!

what ports and traffic is transported over the VPN and what is left on the local network is handled by the VPN server one connects to