OpenVPN Client for remote FreeNAS Rsync?

[Pseudolife]

I'm looking at building a second little FreeNAS box to use as an off-site back-up for my home FreeNAS box. The idea is that I would set it up in a family member's house so my server can replicate to it. I'd like to make it as plug-and-play as possible. The family member plugs in the power and Ethernet, turns it on, and leaves it alone.

Can I run OpenVPN as a client in a jail in such a way that it automatically links to our home networks (client on their end connecting to a server on my end) so I can access their remote FreeNAS interface from my network, and our two machines can rsync, but it doesn't redirect all their internet traffic through our network?

Also, I'd want to have plex running on the remote system as accessible to that remote system. Basically I'd like to incentivize my family member taking in this machine by having it provide them with access to the mirrored copy of our media library.

I'm still way too new at system networking to know how to do any of this. I'm assuming it's possible?

My back-up plan is more direct. Use SyncThing to replicate data between the servers, and put an OpenVPN server on the remote machine so I could connect into it when I need to access the interface. The downside is that I will have to mess with port forwarding on their router to make it work. That's less useful than plug-and-play. Also, I imagine rsyn between machines is better than having SyncThing crawling over all of our files.

 

[Allan Wilmath]

There are guides on the internet for doing SSH and RSYNC, as well as OpenVPN. Here are the tips you may need that will not be part of those guides.

If you using RSYNC, I thin the -a switch is huge to making the sync work properly. It preserves all of the meta data for the files so they are identical as the source. SSH can use certifications, this is nice because.there are no passwords, you want to disable passwords on the public internet. Using the same users on both machines, and replicating the dataset structure, complete with permissions between the two machines will help. The remote access can be done through SSH because you can enable port forwarding through an SSH tunnel. You would forward the web port on FreeNAS through the SSH tunnel.

OpenVPN is pretty easy to setup, the trick is that you will be installing it in a jail with it's own IP. This is a problem because any IP FreeNAS tries to access that doesn't match the local network is sent to the router. So you will need to add a static route so the packets for the remote network is sent to the OpenVPN jail IP address.

I would like to plug pfSense, something you might like to check out. Much more secure and capable than the cheap boxes people use. It has a great web interface like FreeNAS. Doing the VPN on the gateways makes it really simple. You may find other reasons besides just your current project to check out pfSense.

 

[jp83]

I'm interested in something like this too. I want to deploy a remote FreeNAS box at my parents. Without opening ports on their firewall, I'd like the unit to phone home (as a client for site-to-site) to my VPN server. Then I'll do periodic zfs send to it. I'm not sure yet how much access I'd want them to be able to have to it, but don't want to lock it down too much if I need to debug it locally.

I'm pretty sure I could do this virtualizing an internal network with pfsense and freenas as VMs, but since it'll be older hardware like a HP Microserver Gen7 I'm hoping to limit needed resources. I'm wondering if i can get it working with FreeNAS bare metal and not a lot of customizations that would make it tricky to backup and redeploy.