Hello,
I’m looking to back up data to a friend’s NAS using Syncthing. I’m new to this and trying to keep things simple.
Do I need to set up a VPN between our networks, or can Syncthing handle secure connections over the internet on its own?
Any guidance or best practices would be appreciated.
I have a girlfriend, and I have no time for learning this.
Thanks!
am also new to Syncthing and am using ubuntu, in my experience the default setting is quite secure so no need for vpn
All Syncthing sync connections are encrypted with TLS, authenticated with the device ID (certificate fingerprint), regardless of whether the connection is over LAN, WAN or relay.
Just remember that a synchronized copy is not the same as “backup”. Consider the day your NAS is hit by ransomware and the encrypted files are propagated to your friend’s NAS as well. I recommend a dedicated backup tool instead. Maybe Restic.
A good backup strategy could combine the two.
I have many devices all syncing to my NAS. And then I have a single backup job daily from the NAS (via restic) to an offsite storage location. So all the devices are backed up offsite with one job.
You may find that sync is faster with a VPN, especially if the connection to the remote NAS is via a relay.
I use Tailscale on my Syncthing Devices and it works well for me.
I figured if you could forward a VPN port you could forward a syncthing port to avoid the relay. Don’t think routing through the VPN and double encrypting would be faster. Depending on the VPN it may not impose a penalty. But faster I don’t really see.
I don’t expose the Tailscale port — the agent does some really slick stuff to get direct connections through NAT. It’s faster than a relayed connection but not faster than a direct Syncthing connection.
Okay. Syncthing also does holepunching.
They may have different levels of effectiveness though. Maybe tailscale is more effective to break through the firewall.