Linux remote backup - VPN?
Scenario:
In the office we are currently running Fedora Core 3 as our fileserver. I have recently setup a Fedora Core 3 server at home, and I want to be able to implement an offsite backup solution. My plan is to frequently perform an incremental backup of the server in the office, probably using rsync to carry out the remote copying.
I am fairly new to Linux and I don't know the first thing on how to setup the link between the two servers, what ports to open on the router or what protocols to use.
I have a 2MB ADSL connection both at home and in the office.
Can someone take me through step by step on how to set this up, or direct me to some documentation?
Many thanks
In the office we are currently running Fedora Core 3 as our fileserver. I have recently setup a Fedora Core 3 server at home, and I want to be able to implement an offsite backup solution. My plan is to frequently perform an incremental backup of the server in the office, probably using rsync to carry out the remote copying.
I am fairly new to Linux and I don't know the first thing on how to setup the link between the two servers, what ports to open on the router or what protocols to use.
I have a 2MB ADSL connection both at home and in the office.
Can someone take me through step by step on how to set this up, or direct me to some documentation?
Many thanks
I would prefer largely OpenVPN for that: http://openvpn.sf.net
mainly because it's easier to configure. it's faster, has selective compressing of the stream, and uses only one UDP port.
also it works better when both sides have dynamic IP.
on the other hand, I do not know of any DSL that has currently 2Mbits SINCRONOUS. all of them I'm aware of, have 2Mbits for download, and a restringed bandwidth for upload. you should consider this as the server will be sending *using the upload speed* and not the download speed.
Regards.
mainly because it's easier to configure. it's faster, has selective compressing of the stream, and uses only one UDP port.
also it works better when both sides have dynamic IP.
on the other hand, I do not know of any DSL that has currently 2Mbits SINCRONOUS. all of them I'm aware of, have 2Mbits for download, and a restringed bandwidth for upload. you should consider this as the server will be sending *using the upload speed* and not the download speed.
Regards.
Open VPN as mentioned is the easiest VPN solution to set up........but why on earth do you need a VPN for this?
Just rsync over a ssh link is all you need!:
1. You need to have sshd running on your office:
/etc/init.d/sshd start
2. You need to ensure that port 22 from the firewall is forwarded through to this server. Method will depend on your setup. You can test that it is working from your home pc with the command:
ssh server.officeip.net
If you don't get a login problem, then you still need to sort out the connection issues.
3. From your home PC use rsync to copy the necessary files using ssh to secure the connection:
rsync -Cavz -e ssh root@server.officeip.net:/
The tee command, just logs activity/progress to a log file.
Obviously, you don't need to use root, and you can always develop this solution so that the above command is run from the cron daemon for totally automated backups (You'd also need to remove the requiremeent fro the login password, using the authorized_keys file.....but this is dependent on fixed ips etc, or use a ssh agent:
http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/
)
HTH:)
Just rsync over a ssh link is all you need!:
1. You need to have sshd running on your office:
/etc/init.d/sshd start
2. You need to ensure that port 22 from the firewall is forwarded through to this server. Method will depend on your setup. You can test that it is working from your home pc with the command:
ssh server.officeip.net
If you don't get a login problem, then you still need to sort out the connection issues.
3. From your home PC use rsync to copy the necessary files using ssh to secure the connection:
rsync -Cavz -e ssh root@server.officeip.net:/
The tee command, just logs activity/progress to a log file.
Obviously, you don't need to use root, and you can always develop this solution so that the above command is run from the cron daemon for totally automated backups (You'd also need to remove the requiremeent fro the login password, using the authorized_keys file.....but this is dependent on fixed ips etc, or use a ssh agent:
http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/
)
HTH:)
ASKER
Hi Pjedmond,
You're probably right. I will forward the ports this afternoon and ill give it a test this evening.
To test the connection am i right to run from my home computer for example:
ssh 87.145.15.52
or
ssh linxserver.87.145.15.52.ne
(87.145.15.52 being the external IP of the office network).
You're probably right. I will forward the ports this afternoon and ill give it a test this evening.
To test the connection am i right to run from my home computer for example:
ssh 87.145.15.52
or
ssh linxserver.87.145.15.52.ne
(87.145.15.52 being the external IP of the office network).
ASKER
also, how secure is rsync ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it worked a treat. thank you very much. probably one of the best well answered question ive ever had.
just a quick one.. i forwarded port 22 TCP and port 22 UDP was that necessary?
just a quick one.. i forwarded port 22 TCP and port 22 UDP was that necessary?
Nope - you only need to forward 22 TCP:)
http://ipsec-tools.sourceforge.net/
or a VPN server
http://www.poptop.org/