I’ve spent a fair amount of time digging, and haven’t been able to figure out how to set up replication the way I want.
Here’s the scenario: A friend and I each have our own Truenas Scale systems. We want to throw some drives in each others servers, and use them as off-site backup.
I’ve been using replication to back up snapshots from my main truenas sever to another truenas server on the same network for several years, so that’s where I’m starting, because I’m familiar with it.
It looks to me like SSH is the only way to use replication, which is fine, but the only way I’ll do that outside my network is if I set up a VPN server so that the two of us can connect to it. However, I don’t want any other traffic going through that VPN.
I think I already know the answer (no), but is there a way to have a replication task use a specific VPN connection for that replication task?
Is there a better way to achieve what I’m trying to do?
OR
Am I completely off base, and replication tasks are the wrong tool for the job?
Open to suggestions if that’s the case
You could use two MikroTik gateways to set up a private vpn between your two networks. I’d recommend the YouTube network berg tutorial for this (the one with the ultimate wire guard guide). Mikrotik makes it easy but there are also other options out there.
I have heard of other folk doing it with tailscale, IIRC.
But pretty much any VPN option between compatible routers / gateways would be a good option, with the traffic limited to the two respective IP addresses.
Replication is your best bet. It’s the most efficient way to transport changes in minimal time and bandwidth. Once SSH works as expected and you have a secure VPN between the two machines, enable Netcat for faster replication.
Another option is sneakernet, ie periodically importing snapshots into the remote NAS by carrying them over in a DAS.
Okay, I don’t know if I’m asking the wrong thing, or if you’re missing what I’m asking, or if my understanding of VPNs is so antiquated that it no longer applies (I’m not familiar with tailscale).
So far, the only way I’ve used VPNs, when a device connects to a VPN, ALL traffic goes through that VPN.
If I set up a VPN server on my network, and have my friend connect to that VPN server, he would be able access my truenas server. However, when he goes to do anything on his server that requires access to the internet (downloading updates, for example) that traffic will still go through the VPN. I do NOT want any of that traffic to go through the VPN. I only want the replication task to use the VPN.
That isn’t the way any VPN needs to work (my OpenVPN connection to my home router–that I’m likely going to retire since Tailscale is working well for me–still doesn’t route all traffic through that connection; it only routes traffic with a destination on my home LAN), and that definitely wouldn’t be the way Tailscale would work.
