Advice for nightly/weekly scheduled backup to TrueNAS over low-bandwidth internet connection

[wassy]

I'm using TrueNAS for my off-site backup of my family's important data, mainly photos/video and important docments/scans/emails etc. I have PC running TrueNAS at my parents place in the attic and want to run periodic backups to it over the internet. The problem is their internet is quite slow (<20MBit/s) and while not a big deal once up and running, I want a solution that is
a) automated/scripted
b) encrypted in-flight
c) low bandwidth overhead
d) very-low /zero bandwidth when not running
e) can be run from my linux server here at my own home.
f) I don't want constant synchronization as I would like to leave their broadband connection basically untouched during the day to not adversely affect their user experience.

For ease of scripting/management I am thinking about RClone, because it is a very powerful tool that can make use of many different back-ends, reporting, good for scheduling, throttling, time-limiting and I already use it to backup to AWS Glacier for my other cloud backup solution. However, what to choose as the back-end?

1) SSH/SFTP would be the obvious choice, but i have read that the encryption overhead may be a lot worse than a VPN.
2) SMB / NFS with an OpenVPN (or other VPN) running on TrueNAS - would this be easy to script the connection to the VPN on-demand when the backup is due to run? Is this a better option than SSH above?
3) Something else that TrueNAS supports natively or as a well supported plugin, such as NextCloud or an S3 storage provider endpoint (does this include encryption)?

Opinions and thoughts welcome

 

[jgreco]

1) SSH/SFTP would be the obvious choice, but i have read that the encryption overhead may be a lot worse than a VPN.

There's lots of stupid out there on the Internet. SSH can do tricks such as compression or high levels of encryption that eat lots of CPU, but if you're on a slow Internet link it is likely to be just fine. SSH has the advantage that it is a single SSL-ish type of connection and isn't needing to pass the packet headers that allow IP to keep track of the independent streams traversing a VPN link; SSH *can* be more efficient. Especially if you bother to configure it to be.

2) SMB / NFS with an OpenVPN (or other VPN) running on TrueNAS - would this be easy to script the connection to the VPN on-demand when the backup is due to run? Is this a better option than SSH above?

Sure, especially if you just leave the VPN running. Because if there's no traffic going across the connection, there's really very little cost to just letting it be nailed up.

Lots of stuff you can do if you want.

 

[wassy]

Thanks. I was probably over-thinking it. I'll go ahead with Rclone and shared SSH keys and do a bit of research about SSH connection configurations to see if there is a good way to optimise transfers for a low-ish bandwidth connection

 

[GeorgePatches]

My thoughts are with an internet connection that slow, my first step would be setup QoS on the router so that this traffic can be deprioritized and not bog down the day to day internet experience. If the router that's there can't do that, get one that can.