Hi there!
New to the forum but not new to watching Lawrence’s YouTube channel. Thank you for the great content!
I have set up freenas replication off-site just by opening up a single custom nonstandard port on both ends for the replication.
I have searched for other topics regarding this but have found for the most part, people point to using a VPN then using that for replication. I would like to avoid this option for now just for simplicity sake. That and I’m not sure how to set that up for freenas being the client of the VPN and connecting to the source.
If I’m replicating using freenas zfs send/receive that uses encrypted ssh and the pools on both ends are encrypted, I should be fine right? As far as someone trying to either sniff or find their way into my freenas that is. The replication is over SSH / encrypted and the pool data is encrypted. I have it set on both systems to only allow ssh NOT using password and only using the key.
The only thing I did not do with the encryption, which I didn’t realize until after the fact, is to add a passphrase on top of the encryption key file.
This is more of my proof of concept of what I would like to do before I spend some $ on some nicer hardware/setup.
I eventually am planning on putting some sensitive information on this setup, and wanted to see what your thoughts were on this was. Another remediation could be just using some versacrypt files and store the sensitive info in there as another layer.
I have also considered installing a firewall on the remote freenas. I would love to use pfsense, but I’m not sure I can implement it using only just the remote freenas box and 8gb of ram, which I’m already using a VM 1gb ram as a jump box for configuring.
Much appreciated for any feedback/suggestions you guys recommend.
Jonathan