Hmm, how easy does one suspect it would be to create a site-to-site tunnel between my home and a digital ocean droplet?

@brandon Plenty of ways depending on your needs.

Personally I run OpenVPN to tie all my systems together. While I wouldn't say it was plug and play easy to set up, it is rock solid and well worth the effort imho.

@espen I'm looking to create a tunnel so that I can use networked storage in my home for storage on the droplet, any luck there?

@brandon If the plan is that software on the vps will pass though the tunnel and grab files from your home, then yeah it should be doable. Again it is a question on exactly how. If you only need a single tcp port, even a simple ssh tunnel should work. Most of the simpler tunnel software have a harder time dealing with udp though.

@espen It's more so for the purpose of a NextCloud install 👌

@brandon but through the web interface? I have my nextcloud instance exposed to the world that way 😀

@espen Oh no, just a part of the file storage. I want to be able to have files stored at home to be available anywhere through the web interface so that no matter what machine I'm on, I can still access that stuff.

@brandon You could do something like this:

brandon@nextcloud:~ ssh -f droplet -R 3000:droplet:80 -N

which will connect to the local port 80 and open a listening socket at port 3000 on the droplet, then you can use use a proxy on the droplet.

Not 100% sure on that command, either -L or -R, depending on which way your tunneling :)

@espen I'm not sure that's going to work. I need the droplet to mount an NFS or Samba share (haven't decided which yet) from inside my home network

@espen Shit, I think I found it:

I just need to add IPsec on top of that and then I'm golden :)

@brandon IPsec is pretty much an alternative to openVPN.

So yeah, those two are the "one size fits all" solutions.

Anyway, good luck.

@espen So it would actually be read-write requirements

@brandon There could be a tutorial on the DO site. I'd search for #OpenVPN and see what it finds.
@brandon Yes. I'm just thinking that it creates an encrypted tunnel from point A to point B.

I mean, it MIGHT work if I consider my home router to be the server and my droplet the client, but I don't think it'll work as intended 🤔

@brandon while the proposed approaches are valid, I would recommend using wireguard instead, I think you'll have much better performance and the same if not better security as openvpn. Also, the maintainer sends people stickers for free so I kinda shill it at every occasion now ¯\_ (ツ) _/¯

I'll check it out tonight :)

Though I'm thinking I might just open up the NFS port and port forward. It'll be far more secure than creating a tunnel

@brandon uh don't do that, I don't think it would much better than exposing smb 😁. Admittedly I don't know much about NFS though, maybe it's OK

Don't worry, I'm going to authenticate and encrypt the connections, NFSv4 is okay. Besides, I think I can change the port to something else for a small bit of extra obscurity

Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.