What are my options for connecting two machines for remote replication?

[TremorAcePV]

I've tried googling and searching these forums to find a guide or something covering the basic necessities to get something like this to work, but due to my lack of experience in this subject, I'm a bit lost. Specifically regarding "over the internet" communications in general (SSH, VPNs, etc)

I see VPNs seem to be required. I don't understand what is necessary for VPNs to work with FreeNAS, whether the system has to be a client with a server that connects to the VPN service, or it's just a basic SSH setup (different posts have pointed me in different directions) pointed at an outside IP address/domain name (such as the VPN service).

Are there alternatives to a VPN if a VPN server is a requirement?

My current situation: I have two FreeNAS systems replicating over a LAN just fine. I want to move one and have it replicate over WAN securely (I have SSH set up already).

I'd like to avoid port forwarding, setting up a dedicated server for VPN clients to connect to locally, and anything else that pretty much makes this setup more complicated than it is currently (which isn't complicated, but still).

Any help is appreciated.

 

[jgreco]

Make it so that one machine can ssh into the other.

Replication will then work just like it does now.

FreeNAS has almost no idea that it's running over the Internet, a WAN, or a LAN.

 

[cyberjock]

Umm, hate to break it to you, but this is about apply the appropriate technology to the problem. From your post it sounds like you may not have enough of a grasp of the fundamentals to make this work properly/correctly. No offense intended.

As for avoiding port forwarding and setting up a VPN, you have no choice but to use one or the other. If you understood the fundamentals you'd know that what you are asking for is impossible because of how basic networking works.

Your question is far beyond the scope of this forum, and the answer isn't going to be found by a simple google search. Your problem is with applying multiple technologies to achieve a desired objective.

 

[TremorAcePV]

Make it so that one machine can ssh into the other.

Replication will then work just like it does now.

FreeNAS has almost no idea that it's running over the Internet, a WAN, or a LAN.

And that's exactly what I figured I would need to do. So next is figuring out how to do that. I assume I need a VPN to do it, otherwise they wouldn't be able to see each other to do that.

Hmm, you and cyberjock are right. This isn't so much a question regarding FreeNAS, but a much more general one, so it doesn't belong on this forum. Sorry for the mistake.

Umm, hate to break it to you, but this is about apply the appropriate technology to the problem. From your post it sounds like you may not have enough of a grasp of the fundamentals to make this work properly/correctly. No offense intended.

As for avoiding port forwarding and setting up a VPN, you have no choice but to use one or the other. If you understood the fundamentals you'd know that what you are asking for is impossible because of how basic networking works.

Your question is far beyond the scope of this forum, and the answer isn't going to be found by a simple google search. Your problem is with applying multiple technologies to achieve a desired objective.

Pretty much. And it's fine. I knew that when asking.

I only wanted to completely avoid port forwarding (as you mentioned it was basically a no no in another thread) and wanted to know if there was another way besides using a VPN. If there's not, then ok. I'll just have to figure out what's required to make a VPN work (i.e. client/server, SSH, etc).

Yes, I realized that a bit after asking it as I began to understand more about this. Thanks for the help.

 

[cyberjock]

If you drop into IRC in the evenings of USA time zones there's a few people that might be willing to explain some of this if you have questions.

 

[TremorAcePV]

If you drop into IRC in the evenings of USA time zones there's a few people that might be willing to explain some of this if you have questions.

Awesome, thanks. I will do that.

 

[danb35]

As for avoiding port forwarding and setting up a VPN, you have no choice but to use one or the other.

No, there's at least a third choice, and that's to connect each FreeNAS box directly to the Internet. It isn't a good or a safe choice, but it would avoid the need to port-forward or set up a VPN.

@TremorAcePV You're hopefully going to have both FreeNAS servers behind some sort of router/firewall (if you weren't planning on this already, you'll need to change that part of your plan). For that, you have lots of options. One that's pretty strongly preferred around here is a pfSense appliance, which will support all the VPN stuff you'll need. Another is to use a consumer-grade router that's compatible with one of the open-source firmware projects like Tomato or dd-wrt, which will support VPN service. You'd configure one as a VPN server, the other as a client, and set up the "server" side with a dynamic DNS provider like no-ip.org.

Obviously this is a very high-level overview, and you'll need to read up quite a bit on the details--but hopefully it's at least given some pointers on what subjects to read up on.

 

[cyberjock]

No, there's at least a third choice, and that's to connect each FreeNAS box directly to the Internet. It isn't a good or a safe choice, but it would avoid the need to port-forward or set up a VPN.

Yeah, I'm not going to even consider that an option since iXsystems has said at least 50 times don't connect your FreeNAS box to the internet.

 

[TremorAcePV]

Yeah, I'm not going to even consider that an option since iXsystems has said at least 50 times don't connect your FreeNAS box to the internet.

About that, what is that defined as? I assume it's "If you can ping an external website, it's connected to the internet." Now I'm a bit more confused than I was. Oh well. I'll figure it out.

I'm also assuming that's irrelevant for home media servers, such as ones that have Transmission on them and would need the internet to use that functionality at all, and only meant for people who have sensitive data on their machines (i.e. companies or home personal data servers).

 

[danb35]

About that, what is that defined as? I assume it's "If you can ping an external website, it's connected to the internet." Now I'm a bit more confused than I was. Oh well. I'll figure it out.

"Connected directly to the Internet" means no firewall or router--your FreeNAS Box is plugged directly into your cable/DSL modem. If its IP address is something other than 192.168.something, 10.something, or 172.16.something, it may be directly connected to the Internet. If its IP address falls into one of those ranges, it's behind some kind of router, which is providing at least some security.

 

[DaPlumber]

"Connected directly to the Internet" means no firewall or router--your FreeNAS Box is plugged directly into your cable/DSL modem. If its IP address is something other than 192.168.something, 10.something, or 172.16.something, it may be directly connected to the Internet. If its IP address falls into one of those ranges, it's behind some kind of router, which is providing at least some security.

Whispers "IPV6" then runs away giggling while adjusting tinfoil hat... :p

(Oh, I'm going to some level of SysAdm Hell for that one. :D)