I apologize if this question has been asked before but I have been trying to decide on a NAS to buy or build for about 3 years now and can’t find the answer to this question anywhere:
Is there a way I can have end-to-end-encrypted cloud access to my NAS without needing a VPN? Not just a backup but be able to browse my NAS files from my iPhone and iPad remotely without slowing down my internet connection constantly with a VPN.
I have checked and double checked services like pcloud, TrueCloud, Wasabi, BackBlaze, and none of them offer what I need. Ideally I could sync to my ProtonDrive but Synology and TrueNAS aren’t currently supported, rclone isn’t officially supported but people have mentioned it is possible but I don’t know anything about rclone and I don’t want to accidentally erase all my files. I’d prefer officially supported apps. Cloudflare tunnel and Zoraxy likely won’t work for this.
And end-to-end-encryption isn’t negotiable. I don’t want my personal files (journals/photos/videos etc) at risk of rogue employees, data breaches, state actors, or court orders. Yes I could periodically manually copy files from my NAS to my ProtonDrive but that is time consuming and the point of a NAS (I thought) was to centralize all my files and make life easier.
I use a Cloudflare tunnel to access files on my TrueNAS that I have shared using a webdav server. I’m able to access these files remotely from my laptop or iPhone. The files are all encrypted. I see that you’ve ruled out Cloudflare but for me it works out very well. I’m a Cloudflare customer and have my domains registered with them. I only pay for the domain registration, the tunnel is free of charge.
I’ve also used a wireguard VPN to access my home network and my NAS remotely. I never had any performance issues with that access and am able to use my iPhone and laptop with this VPN. Access is encrypted and routed through the tunnel created by wireguard. I don’t see a VPN constantly slowing down your internet connection. Not sure how you mean that though.
For accessing and updating my documents though, the webdav server works out great for me. You could always port forward to a webdav server that shares your documents if a Cloudflare tunnel isn’t an option for you.
Thanks for the response, I may have been misinformed about Cloudflare tunnels, looks like a good option especially if I setup the cert on my NAS so that Cloudflare doesn’t see my files. Do I have to do anything special to enable WebDAV or is it functional automatically?
I meant using a VPN from my iPhone or iPad slowing down my internet when I am away from home, ie signal/voip calls failing/breaking up/not coming through on VPN, Waze/Apple Maps going offline.
I meant using a VPN from my iPhone or iPad slowing down my internet when I am away from home, ie signal/voip calls failing/breaking up/not coming through on VPN, Waze/Apple Maps going offline, not getting reports/road alerts.
I may setup both TailScale and Cloudflare tunnels, Cloudflare looks better for my situation right now.
You’ll have to configure WebDAV. Truenas provide a WebDAV app that you can configure and deploy, the WebDAV app will share the document dataset of your choice on your NAS.
WebDAV was designed to work over the internet with performance and security in mind. SMB is not as secure but through a tailscale tunnel security is not such a concern. Over an internet link though, WebDAV will far outperform SMB. I tried SMB in this way in the past and WebDAV was vastly superior in performance. It’s more work to set it up but I think it is more reliable and performs better over the internet than SMB. You can do WebDAV over Tailscale as well and I think you’ll find it’s better over a WAN.
