Thanks for the comments.
I really use this "by exception" i.e. when I am traveling and it seems
to work just fine.
I think the real alternative would be to use a vanilla vpn and inherit
the advantages of that...
robin hammond wrote at about 13:07:18 -0500 on Sunday, January 16, 2022:
> Cheers!
>
> Every arrow in our quivers is helpful, but do beware of using SSH
> tunnels for intensive TCP traffic. You're wrapping TCP in TCP. So it
> might solve some problems really nicely, but may fail in strange ways
> for…reasons.
>
> To understand why you might care, remember that TCP brings flow control
> to the table. And if you have two layers of flow control regulating one
> flow, you might have an interesting time once the inner flow (rsync)
> gets throttled by the outer flow (ssh) and inner flows thinks it's
> saturated the link - then backs off too aggressively. If you're
> equipment suffers from buffer bloat so much the worse.
>
> If using a trivial percentage of the totally-not-at-all-saturated links,
> then it doesn't become noticeable. EG a slow disk over a gigbit.
>
> If you're looking for simple, and don't mind SSL, but without strong
> key-management (because SSH didn't have it anyway), then tinc-vpn.org -
> it prefers UDP, resorts to TCP, but doesn't GRE at all.
>
> With that caveat aside, it's very helpful to see examples like this.
>
>
> On 15/01/2022 20.21, backu...@kosowsky.org wrote:
> > When I travel for pleasure or business, my laptop (and Android phone)
> > are no longer on my local network, so BackupPC no longer is able to
> > see the devices and back them up.
> >
> > One could use a VPN, but alternatively, I wrote some perl code that
> > can be inserted into the corresponding <host>.pl config.pl to backup
> > over an SSH tunnel on port <tunnel port> if the file
> > '.sshtunnel-<tunnelport>' exists in the corresponding
> > $TopDir/pc/<host> directory.
> >
> > See the following code (and embedded notes).
> > ---------------------------------------------------------------------------------------------------
> > my $jhost = $_[1]; #Note: $_[1] is the name of the file (as sourced by
> > 'do')
> > my $SshUser = 'root';
> > my $SshPort = 22; #Port for sshd server on the remote machine (typically
> > 22, or 2222 if non-priveleged)
> >
> > $Conf{PingMaxMsec} = 400; #Necessary because otherwise get pings too slow
> >
> > #Backup over SSH tunnel to allow backup of devices when they are not on
> > local network...
> > #Touch: TopDir/pc/<host>/.sshtunnel-<tunnelport> to enable backup over SSH
> > tunnel using port <tunnelport> (remember to DELETE when done!)
> > my ($TunnelPort) = map {/\.sshtunnel-([0-9]+)$/ ? $1 : (); }
> > </var/lib/backuppc/pc/$jhost/.*>;
> > if(defined $TunnelPort) { #If file containing TunnelPort exists in top
> > level host directory, then use it
> > #Rsync to localhost over SshPort = <tunnelport>
> > $SshPort = $TunnelPort;
> > $Conf{ClientNameAlias} = 'localhost';
> >
> > #For backing-up/restoring remote host over port forwarded-reverse SSH
> > tunnel
> > #using <tunnelport> (e.g., when using over USB or remote internet)
> > # <BackupPC server>:<tunnelport> -> <remote host>:<Orig SshPort>
> > #From the remote host, ssh to BackupPC server using:
> > # -R <tunnelport>:localhost:<Orig SshPort>
> > #E.g., ssh -R <tunnelport>:localhost:22 -p 2222 <user>@<BackupPC
> > server>
> > #Note: My windoze PuTTY app and android 'connectbot' app is
> > configured to automatically includes this port forward
> > #Alternatively, On BackupPC servers, ssh to remote host using:
> > # -L <tunnelport>:localhost:<Orig SshPort>
> > #E.g., ssh -L <tunnelport>:localhost:22 -p <Orig SshPort>
> > <SshUser>@<remote host>
> >
> > #If you want to backup on server2 via server1, then you need to
> > create a double port forward
> > # server2:<tunnelport> -> server1:<tunnelport> -> <remote
> > host>:<Orig SshPort>
> > # From, the remote host, use a proxy Jump:
> > # ssh -R <tunnelport>:localhost:22 -J <user1>@server1:2222
> > <user2>@server2
> > # Alternatively, first create one of the first port forwards to
> > connect 'server1' and the remote host.
> > # Then create an aiddiontal port forward to connect 'server2' and
> > 'server1'
> > # Either, ssh from server1 to server2 as follows:
> > # ssh -R <tunnelport>:localhost:<tunnelport> server2
> > #Or ssh from server2 to machine1 as follows:
> > # sudo -u backuppc ssh -L <tunnelport>:localhost:<tunnelport> -l
> > backuppc-client machine1
> > #Then you can log into the remote host from machine2 using:
> > # sudo -u backuppc ssh -p <tunnelport> <remoteUser>@localhost -o
> > UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
> > #Note Start from machine1, combine creating the machine1-machine2
> > port with login from machine2 to remote host:
> > # ssh -t -R <tunnelport>:localhost:<tunnelport> machine2 "sudo -u
> > backuppc ssh -l backuppc-client -p <tunnelport> localhost -o
> > UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
> >
> > #Alternative ping command - ssh to remote client over $SshPort =
> > <tunnelport> and ping itself (i.e. ping localhost)
> > #Linux/Android ping: 'ping -c 1'
> > $Conf{PingCmd} = "$Conf{SshPath} -q -x -p $SshPort -l $SshUser -o
> > UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost ping -c
> > 1 localhost";
> > #Windows Cygwin ping: 'ping -n 1'
> > # $Conf{PingCmd} = "$Conf{SshPath} -q -x -p $SshPort -l $SshUser -o
> > UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost ping -n
> > 1 localhost";
> > #Note above needs double quotes since $sshPath for PingCmd is not set
> > at runtime
> > #Note: add options to ignore known_hosts and turn off
> > StrictHostKeyChecking since already running over a known ssh channel
> > # PLUS the known_hosts and keys will need to be added for every
> > new <tunnelport> used causing backuppc to wait and fail.
> > }
> >
> > $Conf{RsyncSshArgs} = ['-e', "$Conf{SshPath} -p $SshPort -l $SshUser"];
> > #SshPort is typically 22 (or 2222 if non-privileged)
> > $Conf{RsyncSshArgs}->[1] .= " -o UserKnownHostsFile=/dev/null -o
> > StrictHostKeyChecking=no" if $TunnelPort;
> > #Note above needs double quotes since $sshPath for PingCmd is not set at
> > runtime
> > #Note: add options to ignore known_hosts and turn off
> > StrictHostKeyChecking since already running over a known ssh channel
> > # PLUS the known_hosts and keys will need to be added for every new
> > <tunnelport> used causing backuppc to wait and fail.
> >
> >
> > _______________________________________________
> > BackupPC-users mailing list
> > BackupPC-users@lists.sourceforge.net
> > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> > Wiki: https://github.com/backuppc/backuppc/wiki
> > Project: https://backuppc.github.io/backuppc/
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: https://github.com/backuppc/backuppc/wiki
> Project: https://backuppc.github.io/backuppc/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: https://github.com/backuppc/backuppc/wiki
Project: https://backuppc.github.io/backuppc/
