I have two different areas I need to connect.
My House and my brothers…
We both have edge routers and unifi switchs and AP
I have a qnap server / nas
He has a unraid server / nas
I would like to connect one port Ethernet to my routers Ethernet and be on its own network as I have 4 ports Ethernet on my server and feel this would be easier.
On the flip side my brother has ports free on his router as well as a extra port on his server. That way we can back up and share files from server to server. Also I can use a free DNS if needed and VPN if needed.
Also side note we both host our own cloud keys on our servers as well as piholes. But figure it isn’t needed if we go directly from server to router to internet on both sides.
So my questions what do I need to do to make this work? Firewall rules? DNS server? This is where my knowledge ends. Any help would be great, and thanks guys.
If you both can get an OpenVPN server and client setup you can then set up a site-to-site connection. Essentially I have this with my family over three sites.
Thanks, Ok my brother mentioned having Open VPN so then do you log into it with the servers or the router? Also firewall rules for such things?
Like most things it depends !
If the routers at both sites support OpenVPN Server AND OpenVPN Client, then life is easier.
Brother 1 runs OpenVPN Server A, Brother 2 runs OpenVPN Server B. Brother 1 connects to OpenVPN Server B with an OpenVPN Client of OpenVPN Server B.
Brother 2 Connects to OpenVPN Server A with an OpenVPN Client of OpenVPN Server A.
Then you basically have a site-to-site VPN in place.
If you don’t have OpenVPN on your router then you could run OpenVPN server on the QNAP and say a Raspberry Pi for cheap. You can then install the the OpenVPN clients on the devices that require access.
Depending on your kit, you’ll need to route traffic through the firewall, configure your networks on both sites so they are on different subnets, etc.
The easy way to get going for cheap is to setup QVPN on the QNAP, install the certificate on your phone and see if you can connect, go from there.
Ok so I know he can easily install it, pretty sure I can also. Now the firewall is another issue … Humm lets see what happens, Il try it later when we’re both off work. Thanks for the info so far.
I know I use
10.10.10.??? @ 255.255.255.0
But think he uses 192.168.2.??? @ 255.255.255.0
That should work right
Yes that should work, you can work independently, if you can connect to your openvpn server from your mobile, then so should your brother. If he can’t but you can it will help to troubleshoot the problem. You’ll need to setup DDNS if your WAN address is dynamic.
You’ll also have to allow traffic on the OpenVPN port usually 1194 in on the WAN, I use different ports at each site.
Right I know it one point he could access his stuff on his mobile device but I have not been able to access it. However I’m pretty sure I need to open my routers firewall and that might fix some of our issues. so then do we both need openvpn server setup and have two different accounts or one account?
Yes you each need to have a client to the server you are trying to access.
So for Site A I would have the following accounts:
Account 1 for Site B to connect to Site A
Account 2 for Brother 1 to connect to Site A
Account 3 for Brother 2 to connect to Site A
Then mirror this for Site B.
I would keep the accounts all different in the event that you lose a phone or are somehow compromised you only need to change one account.
Ok then IL try and hook that up tonight. Then port 1194 to server ip ?
Yep, and 1195 on the other server.
If you just need access to get some files every so often, rather than a full site to site (Ie streaming videos on multiple devices across the sites), then maybe look at zerotier
Well we want to off site backup and share data, so figured a permanent solution was best.
I’d say if you can host an OpenVPN server it’s the best solution, mainly because it’s so widely used and would be patched quickly. I even use OpenVPN on my mobile at home because I suspect that WPA is flakey as hell. Ok a lot also depends on how paranoid you are 