Internet File Sharing Recommendations

[mhumm2]

I have 3 users that can access their own private folder and the one shared folder called "Share." I want to use that shared (smb) share to xfer files across the internet. Yes, I'm concerned about security, so I'd like to get suggestions from the group.

Besides windoze computers, the users will be using their iphones and an Android phone. Please advise.

 

[nojohnny101]

There is no super easy or friendly way to access over the internet. I access certain shares of mine by opening up a SSH pipe and then funneling all CIFS connections through that pipe and while that isn't difficult, it is not easy to do. You could setup something like OwnCloud but you will still have security reasons with that as you would have to put it on a public facing webserver or something of the sort then you are back to square one with security concerns.

I have not found any easy way to access files on my phone, I know there are a few apps out there but none look particularly well designed or easy to use.

 

[pirateghost]

As stated ad nauseam in these forums, VPN is the best method of access across the internet, with SSH tunneling a close second.

Do NOT expose your smb shares across the internet. Ever.

 

[mhumm2]

Thanks. I've looked at OwnCloud. Please understand that the whole reason of building and configuring a NAS was so it would be our family's cloud. If an Iphone can upload photos to OwnCloud, there must be at least one way to upload them to the family NAS... Yes?

 

[pirateghost]

Thanks. I've looked at OwnCloud. Please understand that the whole reason of building and configuring a NAS was so it would be our family's cloud. If an Iphone can upload photos to OwnCloud, there must be at least one way to upload them to the family NAS... Yes?

By your example, OwnCloud will work...

 

[mhumm2]

Correct pirateghost. I have tried to setup a VPN in a jail, but I never could get it to work. And after frustrating some members, answers and instructions stopped coming to my posts.

I believe FNAS is the way I want to go. As an OS, it's very powerful and stable without the overhead of a full blown OS like Ubuntu Server. Yet I have to say it's not easy to setup and configure. The guide as well as the assistance here on the forum starts at a higher level of knowledge than what I have. I feel that I've turned some members off because they don't think I'm availing myself of the resources available. That is not true. I've seen so many noobs get more confused after reading the guide including myself. My opinion is that in the open source world, the FreeNAS guide is the most difficult to understand because it was written at a level 10 from start to finish while most noobs, like me need something at a level 5.

I'm not saying the information isn't useful, but every section should start with a "big picture" basic perspective. For example, I still don't know that I fully understand the hierarchy of Shares, Volumes, and Datasets. Just a line or two in the guide that starts with something like:

"The foundational structure is a share. Within each Share, the user can create Volumes, then datasets within those volumes, then folders within those volumes."

Yeah, I know, it's probably not correct, but hopefully, you see my point. I really believe the guide would be better with an introductory paragraph in front of every section explaining the basics of that section. I've seen at least 20 posts by noobs claiming they've read the guide and still can't get their shares set up correctly. Setting up Shares, IMO should be a very simple process and I'm sure it is to most of the members, but it is not for FNAS beginners. The quantity of those kinds of posts from noobs is proof that the guide could use some work adding some basic knowledge (dumbed down if you'd prefer) for beginners.

I suppose I'll step down from my soap box now. Please understand, I'm going to do the due diligence necessary to make FNAS work for me the way I want it to. That is unless I get booted off the forum for stating my opinion above.

I am looking forward to the day that I can run my FNAS server without being frustrated configuring it.

Thank you for the post. I agree that I do not want to expose my shares to the net. I will probably try again with VPN to a jail that has the 'Share' share linked to it as its storage. Like I said, I tried this before and never could get it to work.

 

[pirateghost]

You don't need storage attached to a VPN jail.

A VPN by definition is a Virtual Private Network. This has nothing to do with freenas itself. Forget freenas exists and pretend you want to VPN into your home and be on the same network. That's a VPN's purpose. Once you're connected to the VPN, you are "on the same network" as the rest of your devices. This would include your freenas server. Many routers even provide VPN server functionality out of the box or by way of flashing a better firmware (dd-wrt or the likes).

I don't agree with your view of the documentation. There is almost TOO much information in there as it is.

We have things like the zfs primer, and cyberjocks presentation to break these concepts down. There is also another member around here that has created a very instructive video and write up on smb shares (I don't remember who that was at the moment).

All the information you need is here, but you have to be willing to learn and not just blindly follow some random guide you find on the internet. With freenas, your first stop for information should be the documentation and the forums. If there is a concept in the documentation that you don't grasp, the members of the forums are more than willing to help you understand them. What you won't find is people just willing to hold your hands and do the work for you.

Accessing your storage over the internet is a very involved process and you need to understand what you're doing before you do it. There are serious severe risks involved and expecting there to be a "simple way to do it" is rather naïve.

The onus is on you to understand your network. To understand the concepts behind VPNs, SSH tunneling, and remote access. That's not really something people can do for you.

 

[nojohnny101]

@mhumm2 I understand your frustration. Computer nerds and engineers are usually not the best people to describe complex topics to people with lesser computer knowledge or understanding. I have been in your shoes myself, and while I agree that FreeNAS is certainly not the easiest to understand (and almost all on here openly admit that), I don't believe it is a 10/10 difficult. With most programming languages, software, etc. it is about understanding the language that is used to describe functions, operations, etc. Once one understands that language, then things become much easier to learn. It seems you haven't gotten to that "click" moment yet, but I know you will if you want to.

I also agree the manual isn't the easiest to understand and while I myself have referenced it in setting up some things, I can say I have used user generated guides almost just as much if not more to setup everything else. Lastly, in reference to your frustrations with setting up shares, I agree this is the single most important area to improve documentation wise as far as noobs coming in and trying to understand. However, in my opinion and this is shared by most experts on here (I am the farthest thing from that title), it is the most difficult if not impossible. The problems with shares/permissions is there are an infinite amount of possibilities/combinations and use cases when setting them up and this makes creating a guide a massively daunting and seemingly impossible task. Can it be improved? Certainly! Will it ever be able to be written to the point where a noob can come in with very little knowledge of permission/shares and set everything up the way they want it and have it work the first, second or third time? Never.

Lastly, if you having trouble setting up a VPN, then go the SSH route, as @pirateghost said it is comparable in security. I followed this excellent guide: https://forums.freenas.org/index.ph...r-freenas-server-remotely-and-securely.27376/

I don't think you have been "blacklisted" on here. While the veterans on here sometimes can be curt and blunt, as long as you don't take it personally (because it almost never is) then let it drive you to research more, ask better questions, and so forth. Stick with it.

 

[joeschmuck]

To solve my VPN issue I resorted to my new firewall solution for my home called Sophos UTM (Ultimate Threat Management). In this tool I can create several VPN accounts and it is very secure, or so I'm told. I didn't get Sophos for the VPN support but rather for the security it offers, and it's free for home use. The other option is to see what your internet router has to offer for VPN support.

You got great advice up above.

 

[melloa]

@mhumm2 I understand your frustration. Computer nerds and engineers are usually not the best people to describe complex topics to people with lesser computer knowledge or understanding. I have been in your shoes myself, and while I agree that FreeNAS is certainly not the easiest to understand (and almost all on here openly admit that), I don't believe it is a 10/10 difficult.

@mhumm2 I second what @nojohnny101 said above. Keep reading, trying, and asking. I'm around Mainframes and PCs for 35+ years and can attest that for all new things there is a learning curve. I'm using FreeNAS for 2 years and still learning and asking questions.

I do use owncloud and have a dataset/cif setup up for it. All my family member can access their files, pictures and movies from our phones and tablets automatically upload to it, etc. I won't get in how to set it up as I've moved to a virtual machine approach, but there are several guides here, at Plex, and other sites with step-by-step configuration, even a plugin.

Give it a try!

I believe FNAS is the way I want to go.

Yes, FreeNAS is the way to go for a great and secure NAS.

 

[mhumm2]

Outstanding posts gentlemen! I do greatly appreciate your opinions and candor. I think I'll try to reference future questions in regard to the Guide and / or How to Guides. Yes, I've studied several guides and 'bumped' them against the FNAS Guide to see why a certain step exists or why one, mentioned in the guide, was skipped.

Pirateghost, I believe the member you're referring to is m0nkey. And, yes, his smb share setup videos are great. Without those, I don't think I would be as far as I am.

Gentlemen, I will take your advice to heart and keep swinging. I will do my best to pose informed questions that are more specific to the task at hand. Thank you.

So Pirateghost wrote:

You don't need storage attached to a VPN jail.

I have 4 shares, 1 of which I want access to by the 3 users via VPN. If I'm going to VPN into the OpenVPN jail, doesn't the jail need to "see" the share?

 

[mhumm2]

While I'm waiting for replies, here's the process, as I understand it:
1. Create a Jail
2. Get into the jail as root
3. Install OpenVPN, I think I need to use the pkg command -- not to worry, I look it up in the guide.
4. Create the public and private keys for user 1 (me) and for my Kubuntu 14.04LTS.
5. Verify that my Kubuntu computer can access the OpenVPN Jail within the network using VPN.
6. Port forward my ATT Uverse router (not an easy process, but I think I figured it out)
7. Access the Jail from my Kubuntu computer across the internet.
8. Create public/private keys for the other 2 users.

Did I leave anything out and is the order correct?

 

[pirateghost]

I have 4 shares, 1 of which I want access to by the 3 users via VPN. If I'm going to VPN into the OpenVPN jail, doesn't the jail need to "see" the share?

No. The purpose of a VPN is to put the client on the same network. Once your client is on the same network, you access the shares the same as you would if you were sitting in the same network physically. The jail doesn't need to see the shares because you merely need to get connected to the network. Your OpenVPN jail is not actually sharing the data. It's shared by freenas.

Please review the purpose of a VPN and the basics on how OpenVPN works.

Your VPN subnet cannot be the same as your regular subnet. You also do not want your regular subnet to be the same as the subnet you connect from:
If your subnet is 192.168.1.x, and you are at someone else's house who also has 192.168.1.x, you will have problems accessing your network as the VPN doesn't understand which network is which.

The concepts being discussed are indeed intended for a higher level of knowledge, because it goes beyond a simple file server. Networking is inherently fairly complicated. You can't expect a big red easy button for all of it.

 

[Stux]

If you have remote ssh access, another option is sftp

 

[m0nkey_]

There is also another member around here that has created a very instructive video and write up on smb shares (I don't remember who that was at the moment).

:D