Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Linux remote backup - VPN?

Posted on 2005-04-14
Medium Priority
Last Modified: 2008-03-10

In the office we are currently running Fedora Core 3 as our fileserver. I have recently setup a Fedora Core 3 server at home, and I want to be able to implement an offsite backup solution. My plan is to frequently perform an incremental backup of the server in the office, probably using rsync to carry out the remote copying.

I am fairly new to Linux and I don't know the first thing on how to setup the link between the two servers, what ports to open on the router or what protocols to use.

I have a 2MB ADSL connection both at home and in the office.

Can someone take me through step by step on how to set this up, or direct me to some documentation?

Many thanks
Question by:the_omnific
LVL 14

Expert Comment

ID: 13782178
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 13794434
I would prefer largely OpenVPN for that: http://openvpn.sf.net

mainly because it's easier to configure. it's faster, has selective compressing of the stream, and uses only one UDP port.

also it works better when both sides have dynamic IP.

on the other hand, I do not know of any DSL that has currently 2Mbits SINCRONOUS. all of them I'm aware of, have 2Mbits for download, and a restringed bandwidth for upload. you should consider this as the server will be sending *using the upload speed* and not the download speed.

LVL 22

Expert Comment

ID: 13802786
Open VPN as mentioned is the easiest VPN solution to set up........but why on earth do you need a VPN for this?

Just rsync over a ssh link is all you need!:

1.    You need to have sshd running on your office:
/etc/init.d/sshd start

2.    You need to ensure that port 22 from the firewall is forwarded through to this server. Method will depend on your setup. You can test that it is working from your home pc with the command:

ssh server.officeip.net

If you don't get a login problem, then you still need to sort out the connection issues.

3.   From your home PC use rsync to copy the necessary files using ssh to secure the connection:
 rsync -Cavz -e ssh root@server.officeip.net:/home /var/backups/office/ | tee -a result.log

The tee command, just logs activity/progress to a log file.
Obviously, you don't need to use root, and you can always develop this solution so that the above command is run from the cron daemon for totally automated backups (You'd also need to remove the requiremeent fro the login password, using the authorized_keys file.....but this is dependent on fixed ips etc, or use a ssh agent:


Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 13805226
Hi Pjedmond,

You're probably right. I will forward the ports this afternoon and ill give it a test this evening.

To test the connection am i right to run from my home computer for example:



ssh linxserver.

( being the external IP of the office network).


Author Comment

ID: 13805244
also, how secure is rsync ?
LVL 22

Accepted Solution

pjedmond earned 2000 total points
ID: 13805645

is the correct command line. The external interface forwards port 22 to the appropriate server. Obviously, (at least I hope it is) you now have a server that is directly accessable from the internet. Tighten up password policies, and the ip addresses taht can be used to log in from. Ensure that log files get checked to pre-empt any potential attacks....but of course you were going to do that with your vpn setup anyway....weren't you? ;)

rsync is *NOT* secure....which is why you tunnel it through ssh which *IS SECURE* :)

The overall effect is that you are doing all of your rsync stuff over the insecure public network,.....but it is encrypted.....

This approach using ssh is cryptographically more secure than many VPN solutions, so that should give you a reasonable amount of confidence in it. (plus I've got directors that are prepared to allow me to use this approach for the transfer of intellectual property worth millions of $ over the internet)....so I guess that I'm more than comfortable with it as well:)

This approach is simple compared with any VPN - Complexity provides opportunities for people to make mistakes. Mistakes in security often negate much of the security being put in place.


Author Comment

ID: 13813387
it worked a treat. thank you very much. probably one of the best well answered question ive ever had.

just a quick one.. i forwarded port 22 TCP and port 22 UDP was that necessary?
LVL 22

Expert Comment

ID: 13813634
Nope - you only need to forward 22 TCP:)


Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question