[Dirvish] push or pull for client with dynamic ip

Xavier Brochard xavier at alternatif.org
Fri Jul 31 08:48:16 UTC 2009


Le jeudi 30 juillet 2009 00:47:10, Keith Lofstrom a écrit :
> On Wed, Jul 29, 2009 at 11:18:16PM +0200, Xavier Brochard wrote:
> > Hello
> >
> > I need to backup a client without a fix IP (it change randomly 2 or 3
> > times per week). The backup server is on the internet.
> >
> > I was wondering what is the best solution (regarding security, network
> > load and dirvish run):
> > - a push backup but mounting the backup disk with sshfs, dirvish on the
> > client - a pull backup, dirvish on the backup server, using dyndns.com or
> > no-ip.com - something else ?
>
> Your remote clients should probably be talking to "home base" with
> an encrypted vpn tunnel to your firewall.  Then you pull backups
> through the tunnel.  Yes, it means more computation to do the tunnel
> encryption at both ends (and I run dirvish/rsync with ssh, so I am
> encrypting twice!).  I have dynamic IP addresses on both ends, but
> my firewall establishes its external URL with dyndns (using one of
> the free subdomains), and remote clients talk to that.  I have five
> remote clients, one is 3000km away.
>
> I use a small ALIX computer (from PC Engines) for my firewall, see
>     http://wiki.keithl.com/index.cgi?SL5Alix
> Cheap, fast, low power, X86, runs my favorite distro, and has three
> 100Mbit ethernet ports, WAN/DMZ/LAN .  It has built-in encryption
> hardware which works with SSL/OpenVPN, but my main site has only
> a 4Mbps connection.  The ALIX CPU is fast enough for that, so I
> haven't made the kernel patch.
>
> Security is easy.  When I detect something going wrong, I pull out
> the WAN connector.
>
> The one remaining issue is that user laptops move between the
> inside network and outside vpns.  It is possible to tweak internal
> DNS so the backup server can always find them, but I haven't taken
> the time to implement that.  If your remote clients are always on
> the same side of the firewall, this is not a problem.

I thought about VPN at first and... forget it when I discovered sshfs. Looks 
like I was wrong... what is the advantages compare to sshfs (in this case)?

Thankyou for you help anyway.


Xavier
xavier at alternatif.org


More information about the Dirvish mailing list