Jump to content

Suppressing VPN IPs from a Synology Agent


Jasonatmacaid
 Share

Recommended Posts

Hi there,
We often have Synology Diskstations that act as a VPN endpoint, and will also host a Domotz agent.  I've found that the agent creates devices for each VPN connection that is made, with an IP of 10.x.y.0, which is the VPN IP range.

 

I've tried blacklisting 10.x.y.0, but to no effect.

 

Is there a way to suppress creation of these devices? perhaps by IP range, or another way?  They are just annoying noise to us.

Link to comment
Share on other sites

Hi Jason,

 

you can issue an API command to "denylist" completely a network interface.

 

Please have a look at this section:

 

https://portal.domotz.com/developers/#domotz-public-api-networking

 

In particular, with the following API you can review the list of possible Network Interfaces:

https://portal.domotz.com/developers/#getagentinterfaces

 

identify the one created by the VPN Server, and then add that in a "deny" list so that it is excluded by Domotz when scanning the networks:

https://portal.domotz.com/developers/#setagentinterfacespolicy

 

Something like the following:

curl -X PUT {baseURL}/public-api/v1/agent/{agent_id}/network/interfaces-policy \
  -H 'Content-Type: application/json' \
  -d '{"policy": "deny", "rules": ["vpn0"]}' \
  -H 'X-Api-Key: API_KEY'

just replace with your own API_KEY, Agent_ID, baseURL and vpn0 with the interface for your VPN

Link to comment
Share on other sites

One small advance on this if anyone else stumbles across it, the interface name seems to change on the synology VPN from time to time, eg from ppp104 to ppp105 or some such, so the answer is to use a wildcard after ppp.

  • Like 1
Link to comment
Share on other sites

23 hours ago, Jasonatmacaid said:

One small advance on this if anyone else stumbles across it, the interface name seems to change on the synology VPN from time to time, eg from ppp104 to ppp105 or some such, so the answer is to use a wildcard after ppp.

 

Thanks for the suggestion. This is a very good point, and yes: the filtering support the usage of wildcard.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...