How to Configure ZFS Replication on Two or More TrueNAS Scale Systems Using Tailscale [YouTube Release]

Additional Resources:

Step-by-Step Guide: How To Setup Tailscale on TrueNAS SCALE

Connecting With Us

Lawrence Systems Shirts and Swag



Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Affiliates We Love - Lawrence Technology Services

Gear we use on Kit
:shopping_cart: Kit

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
:shopping_cart: DigitalOcean | Cloud Hosting for Builders

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access


:stopwatch:Time Stamps :stopwatch:
00:00 :arrow_forward: TrueNAS Scale To TrueNAS Scale Tailscale Tutorial
00:46 :arrow_forward: How Tailscale Works With TrueNAS
01:37 :arrow_forward: Configuring TrueNAS Scale
02:20 :arrow_forward: Binding Tailscale To TrueNAS Services
05:00 :arrow_forward: SSH Transfer Security and NETCAT

#TrueNAS #Tailscale #networking

I have two TrueNAS systems in different locations. I use one as a backup targer for the other. I was considering doing it this way as in the video - set up some kind of VPN (tailscale or not) and then use SSH to ZFS REPLICATE (SEND/RECV) datasets from primary to backup.

But instead I decided to transfer data from primary to backup via Syncthing, for two reasons:

  1. Ransomware / attackers protection - if ransomware or some attacker would get to my primary box, they could use the ssh connection to also encrypt/delete data on my backup server, including snapshots. Instead with sending data over Syncthing, the attacker could only delete/encrypt current data (on both boxes) but they would not be able to do anything with zfs snapshots on the remote system.

  2. Syncthing can establish connection between my devices even without Tailscale or orther VPN (I have the ability to open ports on my fw etc, but it would be possible even without this due to how Syncthing works). So it is one less dependency in the chain. Tailscale is another security risk and 3rd party dependency.

Of course sending data over Syncthing is not so efficient as direct zfs replication, and arguably not so reliable either. So it depends what are your priorities and needs. For me, the security - not having any ssh/credentials on primary system to backup system - is more important, so I decided to do it this way.