Replication to an external Truenas (via internet)

[srosco]

Hello, I have 2 TrueNAS installed on a corporate network (connected to Active Directory). One serves as my NAS and a snapshot task is done every 4 hours, followed by replication to my second TrueNAS. Everything works very well. But everything is on the local network and I would like to carry out the replications to a TrueNAS located elsewhere (outsourcing). For the moment I have tested with one which is installed at home (so it is not on the Active Directory obviously).

I configured the root with the same password as those internally (I don't know if it matters or not but oh well).

I configured port redirection on my BOX to send 22 TCP/UDP to my TrueNAS (in Fixed IP), it does not work. I then added ports 20, 21, 443, 465, and even 837 to it with no success either;

When I configure the target by generating a new key (below. Blurred it is my private IP) it systematically times out:

CallError

[EFAULT] Unable to connect to remote system: timed out
contenu :

Erreur: Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/keychain.py", line 563, in remote_ssh_semiautomatic_setup
client = Client(os.path.join(re.sub("^http", "ws", data["url"]), "websocket"))
File "/usr/local/lib/python3.9/site-packages/middlewared/client/client.py", line 286, in __init__
self._ws.connect()
File "/usr/local/lib/python3.9/site-packages/middlewared/client/client.py", line 124, in connect
rv = super(WSClient, self).connect()
File "/usr/local/lib/python3.9/site-packages/ws4py/client/__init__.py", line 216, in connect
self.sock.connect(self.bind_addr)
File "/usr/local/lib/python3.9/ssl.py", line 1343, in connect
self._real_connect(addr, False)
File "/usr/local/lib/python3.9/ssl.py", line 1330, in _real_connect
super().connect(addr)
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 139, in call_method
result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1247, in _call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1152, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 985, in nf
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/keychain.py", line 565, in remote_ssh_semiautomatic_setup
raise CallError(f"Unable to connect to remote system: {e}")
middlewared.service_exception.CallError: [EFAULT] Unable to connect to remote system: timed out

Same when I try to create an SSH connection by hand; it creates an SSH key pair but not the connection with the same timeout error.

So I conclude that it can't reach my Trunas home and that I must therefore have forgotten a port or something of the sort?

Has anyone ever managed to make these kinds of connections? Is there any documentation and/or a tutorial to do this?

Thank you in advance for your help!

 

[nKk]

Whats is the topology of your Internet connection - ISP router, additional routers, connection of TrueNAS server... ?

 

[srosco]

At home, just a ISP router, and my pc connected on it. For test I installed TrueNAS Server on an VirtalBox Machine with his own IP Address for port forward.

 

[nKk]

You current setup is:
Internet <> ISP router <port forward TCP 22> your PC with virtual TrueNAS

As I know TrueNAS use SSH for replications so you need to forward only TCP port 22 but because you use for test VM on you PC you should check if there is a firewall enabled on the PC and allow incoming traffic for TCP port 22.

You can use Wireshark on your PC to check if packets are forwarded from ISP router and what happen with them.

IMPORTANT - Don't expose directly or with port forwards TrueNAS server to wild Internet. For tests you can use port forward, but you should think for VPN connection between you locations.

 

[srosco]

The port appears to be transferred well; I can connect without problem via SSH (with Putty) from an external station to my Trunas at home. I can authenticate and browse the server without problems. So the 22 is indeed open and redirected. I even tried to quickly prepare a physical computer with Truenas to avoid the virtual part and the same; I connect to it with Putty without problem, but the connection for replication still does not work (timeout)

 

[nKk]

What TrueNAS version are you use at office and at home?

 

[srosco]

TrueNAS-13.0-U5.3. It's the same version everywhere.

 

[nKk]

Now I check again your logs:

File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/keychain.py", line 563, in remote_ssh_semiautomatic_setup
client = Client(os.path.join(re.sub("^http", "ws", data["url"]), "websocket"))

It's seams that TN try to configure SSH keys trough websocket. You need to redirect TCP ports 80, 443 to be possible to access websocket API.
And be sure that there is no other device - router or you PC that have something listening on this ports.