OFaceSIG
2[H]4U
- Joined
- Aug 31, 2009
- Messages
- 4,049
Anyone ever rig up two FreeNAS's to back up to each over the internet?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
FreeNAS to FreeNAS offsite backup?
- Thread starter OFaceSIG
- Start date
IdiotInCharge
NVIDIA SHILL
- Joined
- Jun 13, 2003
- Messages
- 14,675
ZFS Send shouldn't be too difficult -- just make sure you're using a solid VPN tunnel and being diligent about the rest of the security configuration.
Paging _Gea
OFaceSIG
2[H]4U
- Joined
- Aug 31, 2009
- Messages
- 4,049
yeah I would set up a point to point tunnel via Pfsense 
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1714700655){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,972
I do this. I have a cron set up to snapshot and sync that snapshot via send/recv to a remote server.
Every night I send the nightly snapshot.
Every sunday, instead of th enightly snapshot, it sends a snapshot named weekly.
Every first of the month, instead of the above two, it sends a snapshot named Monthly.
And then the same, on the first of the year. The monthly is replaced by a yearly.
The daily are kept for a week before being purged. The weekly are kept for a month before being purged, and the monthly are kept for a year before being purged.
I do this on ZFS for Linux, but ZFS is ZFS so it should work just fine on FreeNAS as well.
Essentially the daily runs at 3am, but it has a couple of minute sleep at the beginning.
When the weekly runs, at 3:01am on sundays. it does the same, but also runs a killall against the daily, within its sleep period, to make sure the weekly replaces the daily, because I don't want both a daily and a weekly on sundays.
Same for the monthly. It runs at 3:02, and malkes sure it kills both th edaily and the weekly (if running) before proceeding.
And so on, up through teh yearly.
It's a ghetto workround for my poor programming skills, but it does the job.
I'd be happy to share my modified scripts if interested.
Getting it to work requires first setting up a pool on both sides.
Then you have to configure rsa cryptographic authentication, to allow the root on your local machine authenticate via SSH to root on the remote machine without a password.
Then you can run th eSend/recv operation. You'll need to snapshot the local drive first, and then send recv will send only the differential between the two previous latest snapshots that are available on both machines to the backup server. This is kind of a pain to so manually, but it isnt bad with the script I use. It runs completely unattended via cron.
I'm not sure this is necessary.
In my setup, my remote backup server is exposed to the LAN via port forwarding on a random high number port. It allows logon to the root account only via RSA authentication.
Since we are relying on SSH for encryption of the data in flight, there is really no need for any other VPN or tunnel.
Every night I send the nightly snapshot.
Every sunday, instead of th enightly snapshot, it sends a snapshot named weekly.
Every first of the month, instead of the above two, it sends a snapshot named Monthly.
And then the same, on the first of the year. The monthly is replaced by a yearly.
The daily are kept for a week before being purged. The weekly are kept for a month before being purged, and the monthly are kept for a year before being purged.
I do this on ZFS for Linux, but ZFS is ZFS so it should work just fine on FreeNAS as well.
Essentially the daily runs at 3am, but it has a couple of minute sleep at the beginning.
When the weekly runs, at 3:01am on sundays. it does the same, but also runs a killall against the daily, within its sleep period, to make sure the weekly replaces the daily, because I don't want both a daily and a weekly on sundays.
Same for the monthly. It runs at 3:02, and malkes sure it kills both th edaily and the weekly (if running) before proceeding.
And so on, up through teh yearly.
It's a ghetto workround for my poor programming skills, but it does the job.
I'd be happy to share my modified scripts if interested.
Getting it to work requires first setting up a pool on both sides.
Then you have to configure rsa cryptographic authentication, to allow the root on your local machine authenticate via SSH to root on the remote machine without a password.
Then you can run th eSend/recv operation. You'll need to snapshot the local drive first, and then send recv will send only the differential between the two previous latest snapshots that are available on both machines to the backup server. This is kind of a pain to so manually, but it isnt bad with the script I use. It runs completely unattended via cron.
yeah I would set up a point to point tunnel via Pfsense
I'm not sure this is necessary.
In my setup, my remote backup server is exposed to the LAN via port forwarding on a random high number port. It allows logon to the root account only via RSA authentication.
Since we are relying on SSH for encryption of the data in flight, there is really no need for any other VPN or tunnel.