Can access LAN devices except for my NAS

[mj-moor]

Description
I have installed wireguard and wg-easy as per the described steps on my Synology NAS with DSM 7.1. When setting up a tunnel I can access the internet and all of my local devices (router, switch etc). The only thing I can't access is my NAS. When logging in on the terminal of wg-easy I can ping all ip's such as local LAN devices and websites. But when I ping my NAS (192.168.50.143) I get 100% package loss.

My Synology network is bond0 (link aggregation). But when I update eth0 to bond0 in the postUp and postDown scripts then I don't have access to LAN devices or the internet.

Expected behavior
NAS being approachable

Synology NAS model
E.g. DS920+

wg0.conf

# Server
[Interface]
PrivateKey = [redacted]
Address = 10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PreDown =
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Client: test (1234)
[Peer]
PublicKey = [redacted]
PresharedKey = [redacted]
AllowedIPs = 10.8.0.2/32

Hopefully someone can point me in the right direction. Thanks!

[spcqike]

Maybe a problem with your diskstations local firewall. Have a look from where you allow traffic to which service. Maybe add your VPN network to allowed IPs

[mj-moor]

Thanks but my firewall on diskstation is turned off, that could not be the problem then right?

[mj-moor]

I have found the solution. I had to disable the "Enable multiple gateways" option in Synology (network/general/advance settings)

.

[nin2jardin]

Hello.
I have the exact opposite problem : if I tick "Enable Multiple Gateways", I can access the NAS, but the Docker containers cannot communicate with outside world.
If I disable the option, the Docker containers communicate but I can't reach the NAS.
Any idea ?