Hmm, how easy does one suspect it would be to create a site-to-site tunnel between my home and a digital ocean droplet?
@brandon Plenty of ways depending on your needs.
Personally I run OpenVPN to tie all my systems together. While I wouldn't say it was plug and play easy to set up, it is rock solid and well worth the effort imho.
@espen I'm looking to create a tunnel so that I can use networked storage in my home for storage on the droplet, any luck there?
@brandon If the plan is that software on the vps will pass though the tunnel and grab files from your home, then yeah it should be doable. Again it is a question on exactly how. If you only need a single tcp port, even a simple ssh tunnel should work. Most of the simpler tunnel software have a harder time dealing with udp though.
@espen It's more so for the purpose of a NextCloud install 👌
@brandon but through the web interface? I have my nextcloud instance exposed to the world that way 😀
@espen Oh no, just a part of the file storage. I want to be able to have files stored at home to be available anywhere through the web interface so that no matter what machine I'm on, I can still access that stuff.
@espen of course with strong passwords and 2FA
@brandon You could do something like this:
brandon@nextcloud:~ ssh -f droplet -R 3000:droplet:80 -N
which will connect to the local port 80 and open a listening socket at port 3000 on the droplet, then you can use use a proxy on the droplet.
Not 100% sure on that command, either -L or -R, depending on which way your tunneling :)
@espen I'm not sure that's going to work. I need the droplet to mount an NFS or Samba share (haven't decided which yet) from inside my home network
@espen Shit, I think I found it: http://ask.xmodulo.com/create-gre-tunnel-linux.html
I just need to add IPsec on top of that and then I'm golden :)
@brandon IPsec is pretty much an alternative to openVPN.
So yeah, those two are the "one size fits all" solutions.
Anyway, good luck.
Thanks man! I appreciate the help :)
@espen So it would actually be read-write requirements
@lnxw48a1 Isn't OpenVPN a VPN client/server model?
I mean, it MIGHT work if I consider my home router to be the server and my droplet the client, but I don't think it'll work as intended 🤔
@brandon while the proposed approaches are valid, I would recommend using wireguard instead, I think you'll have much better performance and the same if not better security as openvpn. Also, the maintainer sends people stickers for free so I kinda shill it at every occasion now ¯\_ (ツ) _/¯
I'll check it out tonight :)
Though I'm thinking I might just open up the NFS port and port forward. It'll be far more secure than creating a tunnel
@brandon uh don't do that, I don't think it would much better than exposing smb 😁. Admittedly I don't know much about NFS though, maybe it's OK
Don't worry, I'm going to authenticate and encrypt the connections, NFSv4 is okay. Besides, I think I can change the port to something else for a small bit of extra obscurity
Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.