I’m looking to build a remote offsite backup to securely backup my most important files over the internet to a (kind of dumb) NAS. I have an old Netgear ReadyNas pro 6 that doesn’t do a whole lot other than basic file sharing protocols and I can probably setup rsync on it. Firmware is so old that I can’t even upgrade it anymore. But I figured it’d probably be perfect for my remote offsite backup just in case sh*t hit the fan at home. I have a trusted friend that is willing to host my NAS in exchange for hosting his. He knows basic networking and might be able to help me out with my own VLAN in his network.
My question is, how would be the best way to bring it’s connection back to me securely. I was thinking I can throw openVPN or something on a raspberry PI and use that to interface with the NAS but not sure if there is a more elegant solution. My requirements are that it needs to be secure, hands off (I’d hope not to have to update software or certs too frequently), plug and play with auto starting, in case of a power failure and stable. He lives far from me so it’d be a pain to have to travel to fix any issues. This would sync with my main NAS hosted on a TrueNas server.
The very simplest would be Tailscale (or fully selfhosted: Tailscale clients with Headscale as controlserver).
Or you can run a Wireguard setup, as site-to-site for example between the two networks.
I recommend you look into
restic
which is a incremental backup tool that can end-to-end encryption the store so that you do not need to trust your storage provider.Restic can also work with a NAS at your friend but it might turn out it is cheaper to get something like a backblaze B2 Cloud or wasabi S3 storage where a terabyte is like around 6$ a month only!
I used to have backblaze, they were ok, I wish I had full access to my files and I prefer to self host and I already have all the hardware. I’ll definitely check out restic though. Thanks!
If you do truenas to truenas you could schedule a zfs send.
The remote side won’t be truenas unfortunately. Probably just going to use rsync.