long time fan of the channel, first time here in the forums. hope I posted this under the right category.
i m running some strange replications behavior which i might just be cause i dont fully understand how it works.
here is some necessary background info:
1.main freenas is pushing snapshots replications once a week over the internet via vpn to a remote freenas.
Since this happens once a week, i make the connection over VPN before it runs (site to site over two pfsenses with openvpn). Other time of the week both “replication task”, and vpn connections are disabled.
Funny stuff:
The generated Snapshots are rather small - few MB
When i check the vpn RX/TX connection in the “traffic” tab on my pfsense. It shows several GB being transferred back and forth between the sites\freenas machins.
Is that normal?
What r these machine talking about? R they conspiring against me?!
BTW - replications do work. freenas succsesfully finish the task and I can mount and share the snapshots on the remorse machine and all of my stuff is fine
The replication is based on the difference between the snapshot last sent and the current one once that data is sent it also will have a purge process to get rid of the old one I would speculate that the larger transfers is part of the verification process.
under the circumstances, that make sense. please bear with me here to make sure i got it correctly.
Since during the week, the machines cant talk to each other, once a week when they do, the task goes through other snapshots as well, to make sure “all is synchronized”, and is not just the pushing the last snapshot of only severals MB.
Thanks for a very fast reply.
I do have a follow up question if i may
Instead of running site to site vpn, can i port forward just ssh for replication on the remote site - securely (maybe only accept connections from the specific ip of the sending freenas machine public ip, or some ssh combined with keys, and not password (though my understanding of this is lacking).
Will these two rules (or others) be secure enough to replace doing it over vpn?
And if its “secure enough”, i’d love some pointers on to do make it as easy as possible, or other things i need to take under consideration when doing that that i might be overlooking.
