• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 482
  • Last Modified:

Linux remote backup - VPN?


In the office we are currently running Fedora Core 3 as our fileserver. I have recently setup a Fedora Core 3 server at home, and I want to be able to implement an offsite backup solution. My plan is to frequently perform an incremental backup of the server in the office, probably using rsync to carry out the remote copying.

I am fairly new to Linux and I don't know the first thing on how to setup the link between the two servers, what ports to open on the router or what protocols to use.

I have a 2MB ADSL connection both at home and in the office.

Can someone take me through step by step on how to set this up, or direct me to some documentation?

Many thanks
1 Solution
Gabriel OrozcoSolution ArchitectCommented:
I would prefer largely OpenVPN for that: http://openvpn.sf.net

mainly because it's easier to configure. it's faster, has selective compressing of the stream, and uses only one UDP port.

also it works better when both sides have dynamic IP.

on the other hand, I do not know of any DSL that has currently 2Mbits SINCRONOUS. all of them I'm aware of, have 2Mbits for download, and a restringed bandwidth for upload. you should consider this as the server will be sending *using the upload speed* and not the download speed.

Open VPN as mentioned is the easiest VPN solution to set up........but why on earth do you need a VPN for this?

Just rsync over a ssh link is all you need!:

1.    You need to have sshd running on your office:
/etc/init.d/sshd start

2.    You need to ensure that port 22 from the firewall is forwarded through to this server. Method will depend on your setup. You can test that it is working from your home pc with the command:

ssh server.officeip.net

If you don't get a login problem, then you still need to sort out the connection issues.

3.   From your home PC use rsync to copy the necessary files using ssh to secure the connection:
 rsync -Cavz -e ssh root@server.officeip.net:/home /var/backups/office/ | tee -a result.log

The tee command, just logs activity/progress to a log file.
Obviously, you don't need to use root, and you can always develop this solution so that the above command is run from the cron daemon for totally automated backups (You'd also need to remove the requiremeent fro the login password, using the authorized_keys file.....but this is dependent on fixed ips etc, or use a ssh agent:


Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

the_omnificAuthor Commented:
Hi Pjedmond,

You're probably right. I will forward the ports this afternoon and ill give it a test this evening.

To test the connection am i right to run from my home computer for example:



ssh linxserver.

( being the external IP of the office network).

the_omnificAuthor Commented:
also, how secure is rsync ?

is the correct command line. The external interface forwards port 22 to the appropriate server. Obviously, (at least I hope it is) you now have a server that is directly accessable from the internet. Tighten up password policies, and the ip addresses taht can be used to log in from. Ensure that log files get checked to pre-empt any potential attacks....but of course you were going to do that with your vpn setup anyway....weren't you? ;)

rsync is *NOT* secure....which is why you tunnel it through ssh which *IS SECURE* :)

The overall effect is that you are doing all of your rsync stuff over the insecure public network,.....but it is encrypted.....

This approach using ssh is cryptographically more secure than many VPN solutions, so that should give you a reasonable amount of confidence in it. (plus I've got directors that are prepared to allow me to use this approach for the transfer of intellectual property worth millions of $ over the internet)....so I guess that I'm more than comfortable with it as well:)

This approach is simple compared with any VPN - Complexity provides opportunities for people to make mistakes. Mistakes in security often negate much of the security being put in place.

the_omnificAuthor Commented:
it worked a treat. thank you very much. probably one of the best well answered question ive ever had.

just a quick one.. i forwarded port 22 TCP and port 22 UDP was that necessary?
Nope - you only need to forward 22 TCP:)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now