Best Remote SMB Access | VPN Cloud Access

K

K1LLA_KING_KONG

Dabbler
Joined
May 24, 2023
Messages
37
From my research so far I see others using options such as:

ZeroTeir
NextCloud
Wireguard
Tailscale

I'm looking for recommendations for what is best to set up, affordable pricing, ease of set up, a good mobile app etc

I also see that something like Tailscale might be better with Truenas Scale using Truecharts
 
Last edited:
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,700
Tailscale is great, simple to setup and free for home/small use.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
K1LLA_KING_KONG said:
ZeroTeir
NextCloud
Wireguard
Tailscale
Click to expand...
Two of these things are not like the others. ZeroTier and Tailscale are cloud-hosted VPN solutions, probably the simplest way to get reasonably-secure remote access to your SMB shares, but you're trusting the companies that operate those services to be secure and reliable. Wireguard (and OpenVPN server, which you didn't mention) are secure VPN technologies, but you'd be running your own server, opening/forwarding ports, etc.

Nextcloud is something completely different--think something like Dropbox or Google Drive. It's a great system, but it's pretty complicated, and it doesn't really have anything to do with your SMB shares.
 
K

K1LLA_KING_KONG

Dabbler
Joined
May 24, 2023
Messages
37
danb35 said:
Two of these things are not like the others. ZeroTier and Tailscale are cloud-hosted VPN solutions, probably the simplest way to get reasonably-secure remote access to your SMB shares, but you're trusting the companies that operate those services to be secure and reliable. Wireguard (and OpenVPN server, which you didn't mention) are secure VPN technologies, but you'd be running your own server, opening/forwarding ports, etc.

Nextcloud is something completely different--think something like Dropbox or Google Drive. It's a great system, but it's pretty complicated, and it doesn't really have anything to do with your SMB shares.
Click to expand...
Thanks for the info, another guy has given me a bunch more info suggesting using multiple services for the best result.

His quote "f you want the Dropbox-like interface, then doing a combination of Nextcloud and Wireguard or Tailscale is likely the best option. Nextcloud will also likely perform much better on mobile if that's something that is important to you, although you'll have to setup the Tailscale or Wireguard client on there too. If you know what you're doing and can properly secure it, you can also setup Nextcloud alone and port forward it."
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
K1LLA_KING_KONG said:
If you know what you're doing and can properly secure it,
Click to expand...
Good thing some brilliant (and totally humble) member of the community has written a script to do just that:

Scripted installation of Nextcloud 28 in iocage jail

Status: This script will run with TrueNAS CORE 13. It's possible, but untested, that it will work with FreeNAS 12. Earlier versions are not supported. There are a number of guides on the forum to install Nextcloud, but they all rely on a lot of...
www.truenas.com www.truenas.com
 
K

K1LLA_KING_KONG

Dabbler
Joined
May 24, 2023
Messages
37
danb35 said:
Good thing some brilliant (and totally humble) member of the community has written a script to do just that:

Scripted installation of Nextcloud 28 in iocage jail

Status: This script will run with TrueNAS CORE 13. It's possible, but untested, that it will work with FreeNAS 12. Earlier versions are not supported. There are a number of guides on the forum to install Nextcloud, but they all rely on a lot of...
www.truenas.com www.truenas.com
Click to expand...
Thank you sir
 
Whattteva

Whattteva

Wizard
Joined
Mar 5, 2013
Messages
1,824
K1LLA_KING_KONG said:
From my research so far I see others using options such as:

ZeroTeir
NextCloud
Wireguard
Tailscale

I'm looking for recommendations for what is best to set up, affordable pricing, ease of set up, a good mobile app etc

I also see that something like Tailscale might be better with Truenas Scale using Truecharts
Click to expand...
Those things really should be categorized separately like this:

Cloud (3rd-party-hosted) VPN:
TailScale: Uses Wireguard protocol under the hood. User and NAT-friendly so you don't need to configure your firewall for port forwarding.
ZeroTier: Uses IPSec protocol under the hood. Also user and NAT-friendly as TailScale.
I think both of these have free tiers for personal use.


Self-hosted VPN (read free):
OpenVPN: I'm surprised you didn't uncover this one in your research. This is kind of the de-facto VPN standard. Very mature and robust. Supports both Layer 2 and Layer 3, DHCP, and per-client configuration. All this flexibility does mean that setup tends to be a lot more technical than Wireguard. Requires port forwarding, but supports either TCP or UDP.
Wireguard: Similar to OpenVPN, but in kernel-space, so it tends to be a little faster. In FreeBSD however, it is still in user-space, perhaps FreeBSD 14 will finally incorporate that into the kernel. Codebase is also a lot cleaner and smaller than OpenVPN and less code mathematically translates to less bugs (read exploits). Running in kernel-space does mean that if it gets compromised, it will be a lot more disastrous. Easier to setup than OpenVPN (kinda' like SSH) and even supports very simple straight-forward QR code scanning for zero client configuration. Currently lacks Layer-2 and DHCP support, which could be deal breakers for some people. Requires port forwarding and supports UDP only.

File sharing (NOT VPN):
NextCloud: Centralized and requires setting up a web server, a database engine, and PHP engine. Setup probably requires a lot more technical know-how unless you're using Docker-based deployment. Works from your web browser, so technically, you can access it from virtually anywhere you have access to a computer and a web browser. Out of all mentioned, this is the only one that has this capability. Can be self-hosted (free) or cloud-hosted for a small fee.
Syncthing: Simple and secure peer-to-peer file sharing that is very easy to setup (user-friendly). It's also NAT-friendly due to its use of relays. This is always free because of its peer-to-peer nature, but even the use of their relay servers are free.
 
Last edited:
K

K1LLA_KING_KONG

Dabbler
Joined
May 24, 2023
Messages
37
Whattteva said:
Those things really should be categorized separately like this:

Cloud (3rd-party-hosted) VPN:
TailScale: Uses Wireguard protocol under the hood. User and NAT-friendly so you don't need to configure your firewall for port forwarding.
ZeroTier: Uses IPSec protocol under the hood. Also user and NAT-friendly as TailScale.
I think both of these have free tiers for personal use.


Self-hosted VPN (read free):
OpenVPN: I'm surprised you didn't uncover this one in your research. This is kind of the de-facto VPN standard. Very mature and robust. Supports both Layer 2 and Layer 3, DHCP, and per-client configuration. All this flexibility does mean that setup tends to be a lot more technical than Wireguard. Requires port forwarding, but supports either TCP or UDP.
Wireguard: Similar to OpenVPN, but in kernel-space, so it tends to be a little faster. In FreeBSD however, it is still in user-space, perhaps FreeBSD 14 will finally incorporate that into the kernel. Codebase is also a lot cleaner and smaller than OpenVPN and less code mathematically translates to less bugs (read exploits). Running in kernel-space does mean that if it gets compromised, it will be a lot more disastrous. Easier to setup than OpenVPN (kinda' like SSH) and even supports very simple straight-forward QR code scanning for zero client configuration. Currently lacks Layer-2 and DHCP support, which could be deal breakers for some people. Requires port forwarding and supports UDP only.

Centralized file sharing (NOT VPN):
NextCloud: Requires setting up a web server, a database engine, and PHP engine. Setup probably requires a lot more technical know-how unless you're using Docker-based deployment. Works from your web browser, so technically, you can access it from virtually anywhere you have access to a computer and a web browser. Out of all mentioned, this is the only one that has this capability. Can be self-hosted (free) or cloud-hosted for a free.
Syncthing: Simple and secure peer-to-peer file sharing that is very easy to setup (user-friendly). It's also NAT-friendly due to its use of relays. This is always free because of its peer-to-peer nature, but even the use of their relay servers are free.
Click to expand...
Thanks, so far my research has concluded a combination of these services will yield the best / safest result.

Although still need to learn how to implement each feature here is the plan:

-Port forward the Nextcloud instance, setup a Cloudflare Argo tunnel to instance, or setup a Tailscale VPN (or Wireguard)

-Install the client on the server and the device that remotely access's the server

-Connect Tailscale to IP address of TrueNAS server

Another thing I have been reading is the requirement for domain for DDNS. I have a WIX domain already for the business which this server will be operating for. Although I'm not sure WIX will be capable of DDNS being such a simple system
 
Whattteva

Whattteva

Wizard
Joined
Mar 5, 2013
Messages
1,824
K1LLA_KING_KONG said:
Another thing I have been reading is the requirement for domain for DDNS. I have a WIX domain already for the business which this server will be operating for. Although I'm not sure WIX will be capable of DDNS being such a simple system
Click to expand...
I think you are conflating actual top-level FQDN (which is what you have for Wix) and DDNS. DDNS does NOT require you to have any pre-existing FQDN. You're typically just piggy backing on some other top-level domain (ie. DuckDNS or FreeDNS, etc.) and making a subdomain below them. Of course, you also have the choice to use your own, but it's not a hard requirement. Also, these DDNS services are usually free and the client may also be built-in to your router (depending on your router) for convenience.
 
K

K1LLA_KING_KONG

Dabbler
Joined
May 24, 2023
Messages
37
danb35 said:
Good thing some brilliant (and totally humble) member of the community has written a script to do just that:

Scripted installation of Nextcloud 28 in iocage jail

Status: This script will run with TrueNAS CORE 13. It's possible, but untested, that it will work with FreeNAS 12. Earlier versions are not supported. There are a number of guides on the forum to install Nextcloud, but they all rely on a lot of...
www.truenas.com www.truenas.com
Click to expand...
Regarding DDNS and domains:

From your guide:
"First, you must own or control a real Internet domain name"

I have an Asus router and a quick search shows I can set up DDNS with this router which also provides a domain name
1686813566225.png


This will suffice?
 
Whattteva

Whattteva

Wizard
Joined
Mar 5, 2013
Messages
1,824
K1LLA_KING_KONG said:
Regarding DDNS and domains:

From your guide:
"First, you must own or control a real Internet domain name"

I have an Asus router and a quick search shows I can set up DDNS with this router which also provides a domain name
View attachment 67392

This will suffice?
Click to expand...
Yes.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Best Remote SMB Access | VPN Cloud Access"

Similar threads

lucv
Trouble Connecting to SMB Shares via Tailscale on Remote Network
Replies
0
Views
2K
lucv
lucv
jengle
tailscale in TrueNAS Scale using Truecharts
Replies
7
Views
16K
mihies
mihies
E
Cannot see shares from a remote login - likely noob issues
Replies
0
Views
1K
ExNus
E
ivanavm
Best practice for remote access
Replies
4
Views
2K
danb35
danb35
dvd7227
Truenas VPN Setup on Bluefin
Replies
0
Views
998
dvd7227
dvd7227
Top