-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
TrueNAS 13 remote access from outside the network
- Thread starter NAVI
- Start date
I too need remote access to my Truenas Scale. This is not debatable. However, from reading all the posts, I learned that there is so much that I do not know I do not know. So, if someone needs to remotely access their NAS, how do they find someone that knows what they are doing to do it for them? I accept the fact that once I make it remote, that security is compromised. I also accept the fact that when I purchase something online my accounts can be compromised. But, I want to make the connection as secure and accessible as possible. I was planning on using NordVPN with a VPN router that works with NordVPN. Who do I hire???
- Joined
- Jan 1, 2016
- Messages
- 9,703
Well, you're in the territory of needing to find somebody who knows enough about TrueNAS and network security, but there's no single answer on how to find such a person.
A generic "IT/computer guy" in your area is probably going to have a list of products they will work with (which is less likely to have TrueNAS on it than Windows or Synology), maybe you'll get lucky if you try them.
A company with an internet security focus isn't usually going to want to dirty their hands with something like TrueNAS. Probably not worth your time to investigate that track.
That leaves the freelancing world as your most likely option. (maybe something like this, https://www.freelancer.com/, to which I have no affiliation, nor experience with... nor is it even close to the only option out there for that... it just has the most obvious name... a quick search of the site showed a VPN category with some freelancers in it with hourly rates).
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
...but what's being contemplated here really doesn't have anything to do with TrueNAS. It's:
- Get (sub)domain
- Set up dynamic DNS
- Configure VPN server on the router
- Configure client device(s) to connect to the VPN.
- Joined
- Dec 31, 2021
- Messages
- 973
Or use something like tailscale…
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Hmmm, interesting thought. And there's a TrueCharts app for it, too. Not sure what configuration needs to be done with it, but that (or ZeroTier, which used to be included in FreeNAS) could be a simpler solution than I'd proposed.
warrenmatty
Dabbler
- Joined
- Mar 14, 2020
- Messages
- 11
Sorry to revive an older thread but it is within scope of a question I have. I am new to TrueNAS Scale(TNS) and only have basic networking knowledge. I’ve setup OpenVPN on my router EdgeOS. I have access to all devices on my LAN remotely (ie iOS device) with exception of the TrueNas node.
All devices on my home network are 192/24 including TrueNas host. My OpenVPN private ip is in the 172/24 range. I would like to be able to access both the TNS WebUI and SSH but i’m guessing the packets are being dropped due to the source 172 ip?
It appears iptables is active but I can’t tell if that is just for the kubernetes or the hosting debian OS? Could that be an issue or do I need to add a route, forwarding or masquarade?
I will note, I can’t see any connection attempts from TNS, but I can see the packets hitting the iptables firewall for specific 172 private ip: watch -d iptables -L -v -n
Its not lost on me that having openvpn assign the private range of 172 could be causing problems and I may change it 10.x.x.x. I will note this all worked correctly on Core pre migration to Scale.
All devices on my home network are 192/24 including TrueNas host. My OpenVPN private ip is in the 172/24 range. I would like to be able to access both the TNS WebUI and SSH but i’m guessing the packets are being dropped due to the source 172 ip?
It appears iptables is active but I can’t tell if that is just for the kubernetes or the hosting debian OS? Could that be an issue or do I need to add a route, forwarding or masquarade?
I will note, I can’t see any connection attempts from TNS, but I can see the packets hitting the iptables firewall for specific 172 private ip: watch -d iptables -L -v -n
Its not lost on me that having openvpn assign the private range of 172 could be causing problems and I may change it 10.x.x.x. I will note this all worked correctly on Core pre migration to Scale.
warrenmatty
Dabbler
- Joined
- Mar 14, 2020
- Messages
- 11
Came back to note… I simply needed a static route :( However, i’ve noticed I cannot reach any of the containers application now that i’m in the GUI. New problem to solve.
Greetings NAS aficionados,
I've recently embarked on the exciting journey of NAS setup and encountered a roadblock that's left me scratching my head. After investing countless hours in research and YouTube tutorials, I've successfully configured a VPN on my NAS. However, the results aren't quite hitting the mark, and I'm turning to the community for some seasoned advice.
Current Challenge:
Objectives and Desired Solution:
I've recently embarked on the exciting journey of NAS setup and encountered a roadblock that's left me scratching my head. After investing countless hours in research and YouTube tutorials, I've successfully configured a VPN on my NAS. However, the results aren't quite hitting the mark, and I'm turning to the community for some seasoned advice.
Current Challenge:
- The NAS is set up as an OpenVPN server due to issues with using it as a client to my router's OpenVPN server.
- Unintended consequence: Activating the VPN redirects all traffic through the NAS network, impacting it's limited monthly internet plan.
Objectives and Desired Solution:
- Secure Management: Access the NAS admin panel securely from any corner of the globe without routing all traffic through the NAS network.
- Remote Services: Establish distinct services (FTP and others) accessible remotely, each tied to dedicated NAS users.
- Optimized Security: Ensure a secure and streamlined approach, utilizing only the necessary services at any given time.
- Efficient Connection: Avoid unnecessary latency by eliminating the need to connect to the NAS through a distant country, especially when using a paid VPN provider.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
I'm afraid this doesn't make a lot of sense to me. On the assumption that the "router" in this sentence is the router for the LAN on which your NAS sits, if it is acting as an OpenVPN server, your NAS wouldn't be a client to it; your remote device(s) would be. The router would be the gateway between your LAN and the outside world, and when you connect one of your remote devices to it, that device will have access to whatever is on your LAN.
Thank you for quick reply.
I am sorry, I forgot to mention important details: NAS and "my router" are on different locations and has different internet providers.
Exact situation is like this:
-) house A where NAS sits with internet provider A and this has limited monthly internet plan.
-) house B where I am currently living with internet provider B and here I have router which is able to be as VPN server.
I am able to connect all my devices to my router via VPN using router's generated certificate. But with NAS this is not the case.
Since house B with internet provider B has unlimited internet plan, my goal was that NAS would connect to this VPN server. Since that is not possible I did as per suggestion - made NAS as VPN server and connecting to it. But I don't like this result. I think what I am looking is cloud services, but I am not sure.
So I am interested are there any other recommended solutions to have secure remote access from outside the network.
