Your Synology NAS and Plex remote access should work seamlessly with VPN split tunneling, but when this feature fails, you're left choosing between security and functionality. Split tunneling allows specific apps like Plex to bypass the VPN while keeping other traffic protected, but configuration issues can disrupt this balance. This guide will walk you through diagnosing and fixing common split tunneling problems specifically for Synology NAS Plex setups.
What you'll learn:
- How to identify why your split tunneling isn't working correctly
- Step by step troubleshooting for Synology VPN configurations
- Best practices for maintaining both security and Plex remote access
Understanding Split Tunneling and Why It Matters for Plex
Split tunneling is a VPN feature that lets you route some internet traffic through the encrypted VPN tunnel while allowing other applications to connect directly to the internet. For Plex users running their media server on Synology NAS, this means you can protect your general internet activity with the VPN while letting Plex communicate directly with the internet for remote access.
Without proper split tunneling configuration, Plex remote access often fails because the VPN interferes with the direct connections Plex needs to function properly. The VPN can change your apparent location, disrupt port forwarding, or create double NAT situations that prevent external devices from connecting to your Plex server.
Common Reasons Split Tunneling Fails on Synology NAS
Several factors can cause split tunneling issues specifically in Synology environments. Understanding these root causes will help you target your troubleshooting efforts effectively.
VPN Client Configuration Problems
The built in Synology VPN Client doesn't natively support application level split tunneling like desktop VPN clients do. Instead, you're typically working with IP based routing rules, which requires more precise configuration. Many users mistakenly assume they can simply “exclude Plex” from the VPN tunnel, but the reality involves configuring specific IP ranges and ports.
DNS Resolution Conflicts
When your Synology NAS connects to a VPN, it often uses the VPN provider's DNS servers by default. This can create conflicts with local network resolution and Plex's ability to properly identify your server's accessible address. Plex remote access relies on accurate DNS information to establish connections from outside your network.
Firewall and Port Forwarding Issues
Your VPN connection might be overriding the port forwarding rules you've established for Plex. Even with split tunneling configured, firewall settings on either your router or the Synology NAS itself could be blocking the necessary Plex ports (typically 32400) from communicating outside the VPN tunnel.
Step by Step Troubleshooting Guide
Follow these methodical steps to identify and resolve your split tunneling problems. Start from the beginning and work through each section until your Plex remote access is functioning properly.
Verify Your Current VPN Configuration
First, check how your Synology NAS is currently handling network traffic. Open Control Panel > Network > Network Interface and examine your VPN connection settings. Note whether you're using OpenVPN, L2TP, or another protocol, as this affects your troubleshooting approach.
Next, access your Synology terminal via SSH or the built in task manager and run “route -n” to see your current routing table. Look for default routes pointing to your VPN interface that might be capturing all traffic instead of allowing exceptions for Plex.
Configure Proper Routing Rules
For OpenVPN configurations, you'll need to modify your .ovpn configuration file to exclude Plex related traffic. Add these lines to your custom configuration section:
- route plex.direct 255.255.255.255 net_gateway
- route your-plex-server-ip 255.255.255.255 net_gateway
Replace “your-plex-server-ip” with your Synology NAS's local IP address. This tells the VPN to route Plex traffic through your regular gateway instead of the VPN tunnel.
Adjust DNS Settings
In your VPN connection profile, look for DNS configuration options. Set these to use reliable public DNS servers like Google DNS (8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1) rather than automatic VPN DNS. This ensures consistent resolution for both local and remote Plex connections.
You can also configure DNS settings directly on your Synology NAS through Control Panel > Network > General > Manually configure DNS server.
Advanced Split Tunneling Solutions
If basic configuration changes don't resolve your split tunneling issues, these advanced techniques typically solve even the most stubborn problems.
Docker Container Approach
One of the most reliable methods involves running your VPN client in a Docker container while keeping Plex on your main Synology system. This creates true application level isolation where only specific containers use the VPN while Plex operates independently.
Popular Docker images like haugene/transmission-openvpn allow you to containerize VPN dependent applications while your Plex installation remains on the host system with direct internet access. This approach effectively creates system level split tunneling without complex routing rules.
Static Route Configuration
For users who prefer not to use Docker, manually adding static routes can achieve similar results. Identify the IP ranges that Plex uses for remote access (you can find these in Plex's official documentation) and add specific routes for these ranges to bypass the VPN.
Use the command “ip route add [plex_ip_range] via [router_ip] dev [interface]” to create persistent routes that direct Plex traffic around your VPN connection. Make these routes permanent by adding them to a startup script in your Synology task scheduler.
Choosing the Right VPN for Split Tunneling on Synology
Not all VPN services work equally well with Synology's VPN client for split tunneling configurations. Some providers offer better support for the custom configuration options needed to make Plex remote access work properly.
Best VPN this month: NordVPN consistently performs well with Synology setups thanks to their detailed OpenVPN configuration files and reliable connection stability.
When selecting a VPN provider for your Synology Plex setup, prioritize those that offer:
- Detailed OpenVPN configuration support
- Static IP or dedicated IP options
- Consistent server performance
- Clear documentation for custom configurations
Other excellent options include ExpressVPN for their router level split tunneling features and Surfshark for their balance of affordability and advanced configuration options.
Preventing Future Split Tunneling Problems
Once you've successfully configured split tunneling for Plex remote access, these maintenance practices will help prevent future issues:
- Document your configuration changes thoroughly
- Test remote access after any VPN or system updates
- Monitor Plex server logs for connection issues
- Keep backup copies of working configuration files
Regularly check that your routing rules remain intact after system reboots or VPN reconnections. Consider setting up simple monitoring that alerts you if Plex remote access becomes unavailable.
Split tunneling configuration on Synology NAS requires precise setup, but the result—secure general internet browsing alongside fully functional Plex remote access—is worth the effort. By methodically working through routing rules, DNS settings, and considering containerized approaches when necessary, you can achieve the ideal balance of security and functionality.
Ready to optimize your setup? Secure your Synology connection with a VPN that supports proper split tunneling configurations and enjoy both protected browsing and uninterrupted Plex streaming.
Join the discussion
Have a question or a fix to add? Share it below.