I get an e-mail every time I connect to the VPN server on my Synology rt2600ac

jwnewmanjwnewman Member Posts: 6
5 Likes Name Dropper First Comment Photogenic
I reported this some time ago on the Facebook page, but never really got much resolution, so I'll post again here.
I have the built-in VPN service running on my Synology rt2600ac router. Whenever I connect to the VPN from a remote location (say, coffee shop), within a few minutes I get an alert from Fing saying that a new device has connected to my network. I'm guessing that the VPN is spoofing the MAC address so that Fing always sees me as a "new" device, but is there any way to stop this when it's coming via the VPN?
kltaylor

Answers

  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    edited October 2019
    jwnewman said:
    I reported this some time ago on the Facebook page, but never really got much resolution, so I'll post again here.
    I have the built-in VPN service running on my Synology rt2600ac router. Whenever I connect to the VPN from a remote location (say, coffee shop), within a few minutes I get an alert from Fing saying that a new device has connected to my network. I'm guessing that the VPN is spoofing the MAC address so that Fing always sees me as a "new" device, but is there any way to stop this when it's coming via the VPN?
    That doesn't surprise me at all.

    Synology has a pretty solid hardware device for sure, the very essence of connecting to your VPN means that you're also provided with an alternate IP address, but still associated with your private IP subnet.

    As an example, my internal subnet for home is 192.168.2.xxx/24.  When I use my VPN to use public wifi after I connect I am assigned an IP address of 10.8.0.xxx, yet I can still ping and access 192.168.2.xxx devices.

    Receiving a notification like that, for me, would be peace-of-mind simply so I can see who connected and when.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    VioletChepilRobin
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Thanks @kltaylor - anything else to add on this one? @SimoneSpinozzi @Hronos @Marc @Pooh

    Community Manager at Fing

  • PoohPooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    @VioletChepil nowt more than my colleague's post. Welcome to VPN. A connection there is a new one to the local network. The trouble you have @jwnewman , is that your VPN endpoint is also your router. This being the case, it's hard to know easily how to distinguish a local connection and one via VPN.

    The best way to do this might be via an inline connection that can then examine packets, however the Fingbox isn't inline (for any number of reasons, not the least, speed). So that may make it harder. Are there any other common identifying features you can see from the connection? If there are then bringing @Robin and @Carlo_from_Fing into the conversation might help in being able to use these 'fingerprints' to help eliminate these alerts...
    People say nothing is impossible, but I do nothing every day.
    MarcVioletChepilRobin
  • SimoneSpinozziSimoneSpinozzi Member, Beta Tester Posts: 88
    25 Likes 10 Comments 5 Awesomes 5 Agrees
    ✭✭✭
    See if you can tell Fing to identify the device you use to connect not by an IP but by its mac address. Windows today usually masks the last digits of your mac address by randomizing them, but you should be able to undo this via your net options and/or your privacy options.

    If it's still unrecognizable by Fingbox after that check your router settings to see if you are masking the people connecting via VPN to your router.

    After your fingbox reliably recognizes your device wherever it is connected, you can tell then fingbox to not warn you about the specific device connecting.

    Or create a "user" for all the devices you do not wish to be warned about, and then "mute" that user. :joy:

    As usual these are basic things which you did not mention doing, if you have done them, disregard them.

    Overall, though, i agree with @kltaylor in that it gives me a better sense of security to know when and where somebody connects, and therefore i would not disable it.
    VioletChepilkltaylor
  • MarcMarc Moderator, Beta Tester Posts: 1,791
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭

    I agree with @Pooh as I think we have now wandered into feature request, rather then a how do I? Fing was could not have been designed with all of our possible and myriad network configurations from the get go but I am pretty sure that as the Fing teams see what’s happening, these will get on their radar for vetting on future releases.

    Thats Daphnee, she's a good dog...
    PoohVioletChepilkltaylorHronosSimoneSpinozzi
  • jwnewmanjwnewman Member Posts: 6
    5 Likes Name Dropper First Comment Photogenic
    @kltaylor I understand your point, but the likelihood of someone knowing my VPN IP address AND knowing the credentials to log in on that VPN are pretty slim to non-existent.
    For all, I wanted to check whether Windows was randomizing the last digits of my MAC address, so I decided I would save the e-mails for a while to compare the address that's reported. Much to my surprise, I don't get those same messages anymore -- now I get a message that my Fingbox is offline, and I get another email that it's online again after I disconnect from the VPN.
    VioletChepilkltaylor
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    @jnewman
    For most of the VPN connections to work with Fingbox effectively, we ask to assign a static MAC address to the VPN connection. I've checked with some of my team, and since the VPN connection is inbuilt with your router the MAC address for the VPN connection is likely static.

    If you've accepted the device alerts and have a static IP assigned - I'll need to keep going in the investigation. If you could however confirm to me this. Thank you! 

    Community Manager at Fing

    kltaylor
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    jwnewman said:
    @kltaylor I understand your point, but the likelihood of someone knowing my VPN IP address AND knowing the credentials to log in on that VPN are pretty slim to non-existent.
    For all, I wanted to check whether Windows was randomizing the last digits of my MAC address, so I decided I would save the e-mails for a while to compare the address that's reported. Much to my surprise, I don't get those same messages anymore -- now I get a message that my Fingbox is offline, and I get another email that it's online again after I disconnect from the VPN.
    Which would happen once the VPN connection went LIVE and assigned a different subnet IP to the machine/device.  I don't believe that its an issue of MAC address spoofing, more-so than the VPN assigning a temporary MAC address to the connection itself.  A virtual MAC address, if-you-will.
    Are you using any sort of communication redirection to the Synology while using the VPN?
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    VioletChepil
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    @jnewman let us know on the above static IP and if @kltaylor post has helped you

    Community Manager at Fing

    kltaylor
  • jwnewmanjwnewman Member Posts: 6
    5 Likes Name Dropper First Comment Photogenic
    You refer to a "static IP" and a "static MAC"; the context suggests you're only talking about one thing. SInce MAC Address and IP Address are two entirely different things, which are you actually referring to? Or are you in fact referring to static assignments for both IP and MAC?

    That said, I haven't explicitly taken any action that would knowingly force either to be static.

    The offline/online messages perhaps confuse me the most. The FIngbox is connected to the router by a cable and necessarily has a fixed IP address with regard to the local network. So why would it be appearing to go offline and then back online? And if it's truly going offline when I establish a VPN connection, that would suggest it's no longer providing any network security for me.
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    @jwnewman just to update you I'm checking with my colleagues on this one. I'll be back soon when I have more information.

    Community Manager at Fing

  • RobinRobin Administrator Posts: 3,079
    2500 Comments 100 Answers 250 Likes 100 Awesomes
    admin
    HI @jwnewman
    For best practice, I would suggest you assign a static IP address and MAC address to your VPN connection. If your Fingbox is going offline as soon as you connect the VPN connection then it could be related to Network size. Please try to check the network size is set to all the devices in your network or if you want you can increase the network size as well and then check if the issue persists.
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • jwnewmanjwnewman Member Posts: 6
    5 Likes Name Dropper First Comment Photogenic
    edited October 2019
    And . . . now it's not doing the offline/online thing and is back to telling me a new device has connected. It appears the last 3 segments of the MAC address changed from the previous connection to the current one. Edit for correction - on Saturday, I got "new device" and "offline" - today I only got "new device".

    I haven't made any change for static IP or MAC addresses as Robin suggested. I did, however, for other reasons upgrade the rt2600ac software to the most current version (it was only one level back - not some ancient version), and that was in between the two connections cited above.
  • RobinRobin Administrator Posts: 3,079
    2500 Comments 100 Answers 250 Likes 100 Awesomes
    admin
    Hi @jwnewman
    I believe it is related to VPN connection for detecting it as a new device. Can you make the changes I suggested and see if anything improves?
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
    VioletChepil
  • jwnewmanjwnewman Member Posts: 6
    5 Likes Name Dropper First Comment Photogenic
    Robin said:
    Hi @jwnewman
    I believe it is related to VPN connection for detecting it as a new device. Can you make the changes I suggested and see if anything improves?
    I won't be able to work on this for a while now, Robin. I'll revisit it when I can. 
    RobinVioletChepil
Sign In or Register to comment.