To do a remote backup only one things is needed: a connectable remote backup server. Which would be easy if everyone had public static IP addresses. Welcome IPv6! I wish you were here, alas we are not, so there’s extra work to do.
Possible solutions:
- IPSec
- OpenVPN
- ssh tunneling
- SoftEther
IPSec does not like NAT and is quite complex to set up. I set up OpenVPN before, which would make this a “done that, been there” solution. ssh tunneling is possible. Lacks elegance in my opinion. When I looked at SoftEther’s web page though, it’s open-source now, which makes this an interesting solution. Time to try that out.
SoftEther
Pre-requisits:
aptitude install build-essential git libreadline6-dev libncurses5-dev libssl-dev
Download source via e.g. github (see here):
git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git
Do the super-simple configure:
./configure && make && make install
This installs the various vpn commands in /usr
Server
mkdir /var/lock/subsys # Not sure this is needed. I don't think it is. sed 's/-start/start/;s/-stop/stop/' ./debian/init.d/vpnserver > /etc/init.d/vpnserver chmod a+x /etc/init.d/vpnserver # add those to the top of /etc/init.d/vpnserver: # /etc/init.d/vpnserver: set up the X server and ICE socket directories ### BEGIN INIT INFO # Provides: vpnserver # Required-Start: $remote_fs $syslog # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO update-rc.d vpnserver defaults # Now configuring the VPN vpncmd # Set admin password ServerPasswordSet HubCreate BoxVPN # Enter BoxVPN password Hub BoxVPN SecureNatEnable #DhcpDisable UserCreate ACCOUNT # Empty nothing for assigned group, and full name for the next question, and nothing for Description UserPasswordSet ACCOUNT # Enter password (preliminary, going to use certificates later) #NicCreate boxnic AccountCreate boxvpn # Enter server and its port # Dest virtual hub is BoxVPN # Connecting user is ACCOUNTNAME # Used Virtual Network Adapter is boxnic AccountPasswordSet boxvpn # Enter password from the server # Standard (in this case)
Client
vpnclient start vpncmd # Enter for localhost NicCreate box0 AccountCreate box # Destination Virtual Hub Name: BoxVPN # Connecting User Name: ACCOUNT # Used Virtual Network Adapter Name: box0 AccountPasswordSet box # Enter password, and standard (not RADIUS) # No compression, we transfer encrypted/compressed data mostly AccountCompressDisable box # Autostart when vpnclient starts: AccountStartupSet box # To connect: AccountConnect box # To check: AccountStatusGet box
Set manually an IP
Default network is 192.168.30.0/24, with .1 being the server, and .10 the clients are starting when using DHCP.
What I ended up is this in /etc/rc.local which is being executed at the end of the init.d scripts:
( /usr/bin/vpnclient start ; sleep 10 ; ifconfig vpn_box0 192.168.xx.yy netmask 255.255.255.0 up ) &
Windows Client
That one is very simple to configure as there’s no compiling needed at all.
All you need to know:
- Server IP/DNS and its port
- The virtual hub name
- Your user account and the method to authenticate (password, certificates etc.)
Update
If anything does not work as it should, check the date/time.