Enabling outbound connections on Synology NAS breaks HTTPS access

I have a Synology NAS running Tailscale on which I’ve enabled MagicDNS and everything has been running great.

I’m now trying to back up to another synology NAS using Hyperbackup. After following the instructions for enabling outbound connections on a Synology NAS (Access Synology NAS from anywhere · Tailscale), I was able to connect to the remote machine, but weirdly, I am no longer able to access the NAS via HTTPS using its MagicDNS name or Tailscale IP (which breaks access by mobile apps when away from home, among other things). I can still access via HTTPS using the local IP (10.0.0.*) and I can still access by SSH using either the local or Tailscale IP.

If I disable the task for running the configure-host script at boot time and reboot the NAS, everything goes back to normal. I can’t see any reason why just enabling the TUN device on the NAS would break HTTPS access over Tailscale. I don’t really even know where to start with debugging this. Any ideas?

I have installed tailscale too on my Synology but I’m not running the automated script for the tun device. I‘ve also never enabled it. I’m on DSM7. For whatever reason, my hyperbackup can connect to another hyperbackup via tailscale.

I can access my syno without any problems with full https (I have a valid domain cert and my public dns for nas.mydomain.com is pointing to my tailscale ip)

nas.mydomain.com = 100.6.x.x

So maybe try to completely remove TS, disable the tun script, reboot your Syno, reinstall TS and try again without the TUN script

Thanks, @jonas108. This was actually fixed by setting up the firewall correctly, per this bug: FR: document need to modify/disable Synology Firewall after enabling outbound connections · Issue #6459 · tailscale/tailscale · GitHub. For me, the Hyperbackup connection definitely does not work without the TUN device being enabled and I don’t see how it can. If it does for you, then I suspect you are somehow not going over Tailscale.