rsync over ssh (+ wireguard)

  • darkopi

    Removed the Label resolved
  • How to do this in "safe way"?

    I suppose there will be other ways. If it helps, I make remote copies with rsync through an OpenVPN connection. It is simple to configure and use.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • If you want an easy way check this out.


    https://hub.docker.com/r/linuxserver/wireguard


    It is not OpenVPN, it is wireguard. It is a more advanced VPN system. Easier to set up and use, and with more efficient operation. Install through docker on one of the servers and access from the other.


    Once the connection between two servers is established in this way, all communications between them are encrypted. You don't need anything else. You can run them as if they were on the same LAN.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • I do not have any experience whit openvpn.

    A VPN connection is an encrypted communication tunnel between two computers.

    One is the server, in it the service is configured and it is listened to by clients. A server certificate is exported to configure the client.

    The other is the client, you need the certificate and credentials provided by the server to configure the client and be able to make the connection.

    These credentials are unique and are what guarantee the privacy of communication between both. No one can decrypt the data without the certificate that you install on the client before accessing the server.

    The most secure VPN connection today is Wireguard.

    Here you have more information.

    https://en.wikipedia.org/wiki/Virtual_private_network

    https://www.wireguard.com/

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • Once the connection between two servers is established in this way, all communications between them are encrypted. You don't need anything else. You can run them as if they were on the same LAN.

    You should write a [How-To] showing how to set up Wireguard from a container. Especially:

    1. How the variables in the yml should be set.
    2. How to set up the tunnel once deployed.
    3. How to set up a Rsync job between two machines.

    Easy data backup: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    OMV 5 (current) - Thinkserver TS140, Nextcloud, Plex, Airsonic, Navidrome, Ubooquity, Digikam, Wetty, & Heimdall - NanoPi M4 (v.1): backups using Rsync and Rsnapshot - Odroid XU4 (Using DietPi): PiHole - hc2, xu4, Pi 3B+, Odroid H2, and VirtualBox: Testing and playing - Mac user converting to Linux, Debian 10 KDE.

  • You should write a [How-To] showing

    ^^ I will try to make a guide. It is easy to do. Explaining it is more difficult. See if I can make it easy to understand.


    I advance you a stack that has worked for me. Explanations are missing... I don't have time now, I'll take it easy.




    As for point 3, once the connection is established it is like being locally. There is not much to explain, there are many guides on that.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • darkopi

    In that guide you have how to configure the server. To access from another server as a client, Wireguard would have to be installed in client mode. In the page

    https://hub.docker.com/r/linuxserver/wireguard

    it is explained how to do this. I'm sorry but I've never done that, you'll have to develop it yourself. It doesn't seem difficult.

    If you do it would be great if you posted the method.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • Peer1 conf:


    [Interface]

    Address = 10.13.13.2/32

    DNS = 10.13.13.1


    [Peer]

    AllowedIPs = 0.0.0.0/0

    Endpoint = myip:51820


    Wg0 conf:


    [Interface]

    Address = 10.13.13.1

    ListenPort = 51820

    PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


    [Peer]

    # peer1AllowedIPs = 10.13.13.2/32

  • I would need to see your docker-compose or yml file. Publish it by pressing the code button first </>. In this way:


    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • version: "2.1"

    services:

    wireguard:

    image: ghcr.io/linuxserver/wireguard

    container_name: wireguard

    cap_add:

    - NET_ADMIN

    - SYS_MODULE

    environment:

    - PUID=1000

    - PGID=100

    - TZ=Europe/Zagreb

    - SERVERURL= my public IP

    - SERVERPORT=51820

    - PEERS=1

    - PEERDNS=auto

    - INTERNAL_SUBNET=10.13.13.0

    volumes:

    - /docker/wireguard/config:/config

    - /docker/wireguard/modules:/lib/modules

    ports:

    - 51820:51820/udp

    sysctls:

    - net.ipv4.conf.all.src_valid_mark=1

    restart: unless-stopped

  • You should have access to your entire network. If you can't access another machine, I don't know what the reason is.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • I was trying with that but without succes:

    sysctl -w net.ipv4.ip_forward = 1

    What can I more try to fix this?

    Wireguard (vpn) between server and my android phone work ok, but without access to another devices on lan I will not by happy 🙁


  • If your client is connect to the wireguard( vpn) server, you can see all other services on other IPs on the LAN.


    What exactly do you need to do?

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!