Sharing folders/files over internet

    • OMV 4.x
    • Sharing folders/files over internet

      Hello,

      I've OMV4 running on a HC1 (docker installed) which is connected to internet over a VPN tunnel (running on my router).
      Now I like to share some files with a friend, is there a safe easy way to accomplish that?

      kr.,
      Patrick

      Maybe I didn't search well, but I couldn't find the answer on the forum
    • The easiest way I can think of is to make a user account for him/her and then give him access via your VPN.
      Another potential option would be to use Emby, as that can be accessed via your external IP address, but it would require that you get the paid for version to allow files to be downloaded. It might not run all that well on your hardware in docker though.
      OMV 4.x, Gigabyte Z270N-WiFi, i7-6700K@3GHz, 16GB DDR4-3000, 4x 4TB Toshiba N300, 1x 60GB Corsair GT SSD (OS drive), 10Gbps Aquantia Ethernet
    • Frepke wrote:

      Now I like to share some files with a friend, is there a safe easy way to accomplish that?
      I would allow access through VPN and use exactly the same filesharing daemon you already use. If it's Samba then use Samba for remote connections too (reason: encoding hassles and representation of filesystem metadata). More info: forum.openmediavault.org/index.php/Thread/19270
    • Mr.Grape wrote:

      And I'm not really convinced if smb / nfs pushed over the internet is the best idea

      SMB and NFS performance 'over the internet' is horribly low due to high round-trip times. But it's still the very same problem: setup fileserver to be accessed via internet - NFS?

      TL;DR: When you access your data with different filesharing daemons in parallel you have a great chance to mess two things up:

      • Encodings (ever dealt with UTF-8 vs. UTF-16 vs. some stupid ancient 'codepage' idea some anachronistic daemons still have? Ever looked into Unicode normalization forms?)
      • Metadata representation


      Of course I know it's totally useless to repeat this here since average NAS users will ignore these issues forever (even when they realize that something's wrong they don't get the root cause).

      But if someone uses already Samba and this daemon has stored the data on the NAS then I would also use the very same daemon to give access to remote users. At least if not only plain ASCII is used and no metadata has ever been stored (highly unlikely).
    • Frepke wrote:

      Hello,

      I've OMV4 running on a HC1 (docker installed) which is connected to internet over a VPN tunnel (running on my router).
      Now I like to share some files with a friend, is there a safe easy way to accomplish that?

      kr.,
      Patrick

      Maybe I didn't search well, but I couldn't find the answer on the forum
      What kind of router/VPN do you have? I have ASUS RT-AC58U, which hosts OpenVPN server.
      That router can serve VPN connection to multiple clients, so it's easiest to just create different account for second/third/n person, send them .ovpn config and allow them to connect to your local network.
    • raven66 wrote:

      it's easiest to just create different account for second/third/n person, send them .ovpn config and allow them to connect to your local network.
      And the most important detail is how to setup OpenVPN so that performance doesn't suck too much when used with LAN protocols: setup fileserver to be accessed via internet - NFS?
    • Mr.Grape wrote:

      Frepke wrote:

      Thanks @TheLostSwede, @tkaiser and @Mr.Grape,

      VPN access it's gonna be.
      And running Docker was just info for when this info was useful :)


      kr.,
      Patrick
      VPN here will only do one layer. You still need another layer to share files. And I'm not really convinced if smb / nfs pushed over the internet is the best idea.


      The second issue is also what kind of vpn it is. Private, commercial with its own IP, free / commercial with one IP per exit node on many users.
      If this is a shared IP without port forwarding, you may have a problem with providing services to the world.

      If you are pushing your entire traffic over the VPN, make sure you are able to route the appropriate ports to your IP.

      Unless I misunderstood you ...
      You have hc1 connected by vpn to the home router, or is your router connected to vpn somewhere in the world? In the case of the first option I do not see much sense if this is a private lan. If the second option, then as I wrote above.

      If you intend to share something, your friend must be able to get to you.

      I still think that ftps would be a good solution. But you can also use a web server. Full options, the question of what suits you best.
      On my router runs a VPN client, and the HC1 uses this tunnel. I can setup a server in the router or on the HC1 to reach my homenetwork from internet with this vpn connection.

      @tkaiser normally I use FTP for transferring data to the NAS.

      kr.,
      Patrick

      The post was edited 1 time, last by tkaiser: Fixed quoting levels ().

    • Frepke wrote:

      @tkaiser normally I use FTP for transferring data to the NAS
      Ok, then please forget about me mentioning Samba.

      Disclaimer: I'm a network and server guy and for me only protocols are an option where clients can directly open stuff on the server (requires locking) so no FTP used anywhere. If you use FTP then anything I wrote is irrelevant (since this protocol from IT stone age doesn't care about anything that has happened within the last decades)
    • tkaiser wrote:

      Frepke wrote:

      @tkaiser normally I use FTP for transferring data to the NAS
      Ok, then please forget about me mentioning Samba.
      Disclaimer: I'm a network and server guy and for me only protocols are an option where clients can directly open stuff on the server (requires locking) so no FTP used anywhere. If you use FTP then anything I wrote is irrelevant (since this protocol from IT stone age doesn't care about anything that has happened within the last decades)

      :/ okay, and sometimes I use AFP :)
    • Frepke wrote:

      Hello,

      I've OMV4 running on a HC1 (docker installed) which is connected to internet over a VPN tunnel (running on my router).
      Now I like to share some files with a friend, is there a safe easy way to accomplish that?

      kr.,
      Patrick

      Maybe I didn't search well, but I couldn't find the answer on the forum
      Can you be more specific about what you mean by "share files with a friend"? You'll get briefer and more focused answers.
      OMV 4.x - ASRock Rack C2550D4I - 16GB ECC - Silverstone DS380
    • gderf wrote:

      Frepke wrote:

      Hello,

      I've OMV4 running on a HC1 (docker installed) which is connected to internet over a VPN tunnel (running on my router).
      Now I like to share some files with a friend, is there a safe easy way to accomplish that?

      kr.,
      Patrick

      Maybe I didn't search well, but I couldn't find the answer on the forum
      Can you be more specific about what you mean by "share files with a friend"? You'll get briefer and more focused answers.
      It can be all kind of files (small and large).
      Normally I use WeTransfer for this, but I've to upload it and mail a link to him.
      It's easier when he can browse on my nas and download the files he need.

      But I think a VPN connection is a good solution.


      kr.,
      Patrick
    • gderf wrote:

      A VPN solution is going to complicate things highly if all you need to do is allow simple file transfer. For secure file transfer all you need is sftp connected directly to your machine.

      Mr.Grape wrote:

      Frepke wrote:

      On my router runs a VPN client, and the HC1 uses this tunnel. I can setup a server in the router or on the HC1 to reach my homenetwork from internet with this vpn connection.

      @tkaiser normally I use FTP for transferring data to the NAS.
      That's good. If your friend can easily touch any port on your NAS.If ftp is out of the question as @tkaiser explained. And samba on the internet is ... you said you did not use it.


      First, let us define what you want to achieve. A friend has only to download files from you or upload them too?
      If only download then you can share it with the web server and directory index + ssl + basic auth. I know I know the Stone Age, but I host several TBs for a group of 30 users since 2008 and it works ok. I personally apply the KISS rule in my life.

      Alternatively, you can host nextcloud, owncloud or pydio or a whole bunch of other.

      The most files I want to share is plc related stuff, some programs and tools and some movies from problems or commissioning machines.
      It's not that special but he always want to look into some file when I'm not at home. So it's easier for me that he can access the files when he needs them.
      My nas contains also personal stuff which is not meant for everyone on the internet.
      I can grant access to this user for only one folder and my personal stuff is safe (he doesn't have the knowledge to hack into my system). But it's not the intention that the nas is accessible to everyone on the internet.

      I don't know if SFTP is the way to go, but I've a good feeling with the vpn solution.


      kr.,
      Patrick
    • gderf wrote:

      If you know what sftp is, tell me how it does not meet your needs.
      Hello gderf,

      Sorry, I don't have that knowledge :(
      I believe SFTP is safe for the transfered files, but I want protect my nas to be accessible for everyone on the internet. I hoped there was a simple solution for this. But you guys, have that much knowledge and asking questions I can't answer. It's clear to me now that the "simple" question I thought I asked has a much more complicated answer as I hoped for.

      kr.,
      Patrick

      The post was edited 1 time, last by Frepke ().

    • Frepke wrote:

      I believe SFTP is safe for the transfered files, but I want protect my nas to be accessible for everyone on the internet
      SFTP is basically SSH. So following 'best practices' for SSH you'll achieve the same for SFTP (e.g. binding sshd to a non standard port or using public key authentication).
    • Frepke wrote:

      sometimes I use AFP
      Good luck. macOS uses UTF-8 decomposed while the rest of the world followed Windows who use UTF-8 precomposed. Using anachronistic/ancient protocols that do not take care about server and client encodings (like FTP/FTPS or SFTP or NFS prior to v4) you'll automagically run into an encoding mess or try to use filename conventions from 50 years ago (plain ASCII, avoiding special characters and umlauts and stuff)
    • Frepke wrote:

      gderf wrote:

      If you know what sftp is, tell me how it does not meet your needs.
      Hello gderf,
      Sorry, I don't have that knowledge :(
      I believe SFTP is safe for the transfered files, but I want protect my nas to be accessible for everyone on the internet. I hoped there was a simple solution for this. But you guys, have that much knowledge and asking questions I can't answer. It's clear to me now that the "simple" question I thought I asked has a much more complicated answer as I hoped for.

      kr.,
      Patrick
      A little friendly advice, if you'll take it. You shouldn't dismiss things that you know nothing about, especially things that are very straight forward and meet your needs exactly.

      I have been running a chroot'd (jailed) sftp server continuously here on Linux since 2001. There's even an OMV plugin for it. As for the users who need to access your files, all they need is Filezilla, but there are other choices.
      OMV 4.x - ASRock Rack C2550D4I - 16GB ECC - Silverstone DS380