rsync over ssh (+ wireguard)

  • TechnoDadLife did a direct install video here a while back. I’m not sure if it is the same as your direct install or not chente . I couldn’t find the link on the forum but here is the YouTube link:

    I've seen the video just because it's you;) I don't usually watch OMV videos and less in English :), at least this one I have been able to subtitle and translate automatically.

    What you do here is install wireguard, via script, in server mode on the host to access from the outside with a point-to-site connection. You can see this configuration here. https://www.procustodibus.com/…ard-point-to-site-config/

    This connection is useful to access, for example, from a smartphone to all services. This same configuration is very easy to do in a docker, I already made a guide on that, you have it here [How-To] Install Wireguard (VPN) in docker, server mode

    This connection needs configurations in iptables to access other hosts within the LAN. I think that this is not convenient or much less necessary to make a backup tunnel, that is why I have proposed the guide with a point-to-point connection. This tunnel only allows packets to be routed from one host to another and only to the IP that we need to do the backup.

    I tried setting up another peer on my smartphone through this same tunnel and succeeded. But to do it I had to configure rules in iptables that open more connections. It didn't seem safe to have this like this. I prefer to make independent tunnels.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • pivpn will open a connection to your entire network (including the router) from the remote server. Is that what you want? I do not advise you.

    In any case, keep in mind that this video is from more than a year ago. If there has been an update since then you will not have it reflected in the video.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • If you want to configure a tunnel on the server installed on the host that accesses the LAN, do this:

    apt install wireguard

    wg genkey > lan_access_server.key

    wg pubkey < lan_access_server.key > lan_access_server.pub

    wg genkey > lan_access_peer1.key

    wg pubkey < lan_access_peer1.key > lan_access_peer1.pub

    wg genkey > lan_access_peer2.key

    wg pubkey < lan_access_peer2.key > lan_access_peer2.pub

    ... You can create more clients if you need them


    cat lan_access_server.key

    SSSSSSSS_private_SSSSSSS_lan_access_server.key_SSSSSS

    cat lan_access_server.pub

    SSSSSSSS_public_SSSSSSSS_lan_access_server.pub_SSSSSS

    cat lan_access_peer1.key

    11111111_private_1111111_lan_access_peer1.key_1111111

    cat lan_access_peer1.pub

    11111111_public_11111111_lan_access_peer1.pub_1111111

    cat lan_access_peer2.key

    22222222_private_2222222_lan_access_peer2.key_2222222

    cat lan_access_peer2.pub

    22222222_public_22222222_lan_access_peer2.pub_2222222

    ... You can create more clients if you need them


    nano /etc/wireguard/lan_access.conf

    chown root:root /etc/wireguard/lan_access.conf.conf

    chmod 600 /etc/wireguard/lan_access.conf.conf

    systemctl enable wg-quick@lan_access.conf.service

    systemctl start wg-quick@lan_access.conf.service

    So far Wireguard is installed on the server host and working

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • The peer1 client configuration is:

    Code
    [Interface]
    PrivateKey = 11111111_private_1111111_lan_access_peer1.key_1111111
    ListenPort = 51600
    Address = 10.16.16.2
    [Peer]
    PublicKey = SSSSSSSS_public_SSSSSSSS_lan_access_server.pub_SSSSSS
    AllowedIPs = 0.0.0.0/0
    Endpoint = server.domain.com:51600

    The peer2 client configuration is:

    Code
    [Interface]
    PrivateKey = 22222222_private_2222222_lan_access_peer2.key_2222222
    ListenPort = 51600
    Address = 10.16.16.3
    [Peer]
    PublicKey = SSSSSSSS_public_SSSSSSSS_lan_access_server.pub_SSSSSS
    AllowedIPs = 0.0.0.0/0
    Endpoint = server.domain.com:51600

    ... You can create more clients if you need them

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • This configuration gives access to the entire LAN. That is why I think it is not ideal to configure access to two servers for a backup. From one server you could access the entire LAN of the other, this is not necessary.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • I can create connection between server and client and it work ok.

    For rsync only it will be ok but I cannot access LAN on client side.

    For now I did not have any luck to connect two wireguard servers.


    EDIT:

    If is better for backup to have only connection between wireguard server and client I can install wireguard server for this "client" network on some of my raspberrys or on homeassistant ...

  • To create a tunnel for copying with rsync do this.

    [How to] Remote server backup with Wireguard (VPN) + Rsync

    To create another tunnel and access the remote server and its LAN do this.

    [How-To] Install Wireguard (VPN) in docker, server mode

    Or follow the instructions above if you want it on the host as well.


    I can create connection between server and client and it work ok.

    How did you make that tunnel?

    You can create as many simultaneous tunnels as you want.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

  • I was following your instructions.

    [How to] Remote server backup with Wireguard (VPN) + Rsync

    Well. So you have a tunnel for backups.

    Now you need another tunnel to access the remote server and its LAN (router, etc) from your PC. You can do it with docker by following the guide I put above or the instructions I just published if you want to do it on the host.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

    Edited once, last by chente ().

  • I will try

    The easiest thing is to do it with docker. Then install the wireguard client on windows (I assume you use windows). To configure the windows client you just have to add an empty tunnel by clicking on the button at the bottom left



    and copy the keys and configuration of your peer generated in the docker, peer1.conf.

    The best thanks to the help provided is to report what your solution was. The next one will thank you :thumbup:

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!