I’m using OpenVPN to access my home network remotely, as well as my offsite backup-server.
Since I have no way of port forwarding at the remote location, using my backup-server as an OpenVPN-client to connect to my home network has been a really hassle-free way of using it as a remote backup target.
22.12.3 now reads “OpenVPN Client - The current service is deprecated with no replacement available.”
Awesome! What are alternatives for my aforementioned usecase in the future?
Oh god, i’m in the same situation. The network provider does not provide public ip, in place where i have a second server. So I need an openvpn client to connect to the main server. So we are screwed.
How are you accessing your backup server without port forwarding at the firewall?
Anyways, can’t you just spin up a minimal Debian VM and configure either OpenVPN or wireguard on it using PiVPN?
Your best option is to use the gateway at your backup site to terminate the OpenVPN tunnel. Your next best option would be to use rsync over SSH…
Im using the official tailscale app, I enabled subnet routing and it works pretty well.
TrueNAS Scale has native support for Wireguard. In my case, I set up a Wireguard client on my off-site TrueNAS backup server and connected it to my home network. There are just a few things you need to pay attention to:
-
TrueNAS will wipe out your Wireguard setting when TrueNAS updates, so you need to save your Wireguard setting in the ZFS pool and use a script to copy the setting file back to the boot partition when that happens.
-
I set up a cron job to run every 60 seconds to check if Wireguard is alive (ping my home server). If Wireguard is down, the script copies the Wireguard setting file from the ZFS pool to the boot partition and restarts Wireguard.
I have had this setup running for over a year, and it has worked flawlessly.
For anyone interested, I managed to build a solution whilst staying with OpenVPN and being pretty much future-proof. It might not be the most elegant solution, but works.
I created a VM (Ubuntu in my case) on the Offsite-Backupserver and use it to connect as a client to my OpenVPN server at home. With a static route from my home network to the VPN networking and routing as well as forwarding enabled on the OpenVPN server, I’m able to access all the machines I want from each of the two networks.
Additionally to the host network, I’ve created a second subnet exculsive to the TN-Backupserver as well as it’s “VPN-Gate”-VM (so that I don’t have to change any routes or forwards in case something changes in the host network). The VM on the Backupserver now has a port forward from the VPN network to it’s internal network with the Backupserver itself, making the WebUI of the server as well as its SSH service accessible via ports 8000 and 2222 respectively of the OpenVPN client VM.
ZeroTier One is nice, also Cloudflare tunnels are awesome (and free!)
On many routers you can connect the entire router (and therefore all its clients) to a VPN. Are you willing to shell out a few bucks for a router?
Tailscale would be the absolute easiest. No port forwarding needed on either side, also being an app there are options to turn it on and off as needed.
Just to clarify: OpenVPN and rsync have been deprecated which means that they will be removed in the future as some specified point (release of 23.10.0). They are both still there today.
A lot of choices, depends on how much work you want to put into it. Anything from tailscale or zerotier would be fine, or cloudflares zero trust tunnel.
Of course I’m port forwarding on my home network, where the source server is located.
My offsite backup server is just connecting to it as a client though, thus not needing any port forwarding on the remote site.
Since Tailscale is pretty much just Wireguard, and there’s also a native Wireguard app as it seems… Are these Apps/Containers (only working with VMs) still able to access/connect through to the TrueNAS host machine?
Not if you mount a volume to the config path of wireguard, thats how kubernetes works
Thanks for the input, I’m looking for a completely independant, self hosted alternative though.
It’s my go to especially for personal use.
Thing is I have no option at the backup site for router access - thus needing a solution where the offsite-server can connect to my home network without needing any open port on its side.
They are only removing the rsync service. Running rsync with SSH will still work.