Total noob, but I set up TrueNAS/Nextcloud on an old laptop and it’s working great locally.

What would be the easiest secure way to access my files remotely from my phone and/or laptop?

  • techgearwhips@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    Tailscale. Download it and you’ll be up and running in 5 minutes. Don’t use cloudflare tunnels unless you plan on opening it up to the public. Then you can go that route.

    • N-E-N@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Hey, I’m testing it and I have it installed on my phone/PC/TrueNAS but having trouble getting access remotely (testing on data).

      I think I have the part “Advertise Routes” wrong, how to I know what IP to put in exactly

        • N-E-N@lemmy.caOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Is the port number the 4 numbers after the : which I use as a url to access Nextclouds web gui?

          Also that means I should be adding two routes?

            • N-E-N@lemmy.caOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              Sorry for the questions, how do I know which Tailnet IP to use? Each device seems to get a different address and a I tested a couple and neither worked

              A tutorial I watched used 192.168.3.0/24. I tested this and it didn’t give me any errors and it connected to tailscale, but I couldn’t actually access things remotely

    • LazerDickMcCheese@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Second on that. The whole “it just works” slogan was frustrating when it didn’t work at first, but once it finally for running it was great

      • N-E-N@lemmy.caOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        What exact route did u advertise? I’m having trouble getting it working

        • LazerDickMcCheese@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Trust me, you don’t want to get instructions from me. Just look at my post/comment history haha everything I touch breaks in ways that are hard to diagnose. I had to reach out to tech support, they got back to me in <12hrs

    • jbarr@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      For restricted access, I add a Cloudflare Application in front of the Tunnel to provide authentication. Work’s like a charm, and the user never hits my services unless they successfully authenticate.

      • techgearwhips@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yes I do that too with email authentication. But if he is using a personal server with no users then there is no need for that.

        • jbarr@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          True, but then Tailscale needs to be installed on the remote device to connect. A Cloudflare Tunnel and Application can be accessed by pretty much any device. This was more appropriate for my use case. YMMV, of course.

          • techgearwhips@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            For me it’s all about use case.

            I use cloudflare tunnels for programs exposed to the open web (Nextcloud, Radicale, etc).

            But I use tailscale for anything not, then I use tailscale (RD client, KDE Connect, Sonarr, etc) because it’s way too simple.

  • loganb@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    My recommendation would be some kind of VPN. If your looking for something plug and play and free, look into zerotier.

    If your home internet connection sits behind CGNAT, like me, just buy a cheap vps and set up your own wireguard network.

    Both solutions avoid exposing your services directly to the public internet which reduces attack vectors and adds an extra layer of encryption.

    • N-E-N@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Idk what CGNAT is tbh so I doubt it.

      Other comment mentioned OpenVPN, would you say Zerotier is an easier option?

      • loganb@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        CGNAT = Carrier Grade Network Address Translation. It makes it practically impossible to open ports to the public internet and in some extreme instances make zerotier very unstable. Typically you only have CGNAT if your internet connection is 4G or fixed wireless.

        OpenVPN is just a VPN protocol. Roughly comparable to wireguard. It has been the gold standard for VPN technology for the past decade or so. Wireguard by comparison is much newer, and lighter to run. This typically results in faster throughput from a computational standpoint and devices where power is limited (cell phones), uses much less power by leveraging modern CPU encryption methods.

        If you have the option to port forward on your home internet connection, its possible to setup a VPN connecting in a straight shot from your home to your roaming device. If you can’t port forward, you will need a main in the middle (the VPS) to establish and route the connections through.

        Zerotier works off of a PTP style network and the free plan allows up to 50 devices when last I checked. I’m not sure on the availability of zerotier or wireguard on truenas as the last time I used TrueNAS was Scale 22.

      • unscholarly_source@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I had literally just set this up on my truenas instance yesterday (even though I’ve been using ZeroTier for some time). The key thing to recognize is that truenas whipes out any modifications to its system after a reboot, hence the need for this script.

        https://alan.norbauer.com/articles/zerotier-on-truenas

        I’ve heard great things about tailscale, but just have had an opportunity to try it.

      • My Password Is 1234@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It is a NAT, but created by an operator. The operator does not give you a real IP address, but instead hides you behind his own NAT and gives you one private address.

  • manwichmakesameal@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Cloudflare zero trust tunnel might be up your alley. Look into that. It’s free but has privacy concerns so do your homework.

    • N-E-N@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I don’t think so? It’s whatever the default is aha I am new to networking like this

      • huskypenguin@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Out of curiosity what are you using nextcloud for? Most people use it for public facing collab and sharing, and it’s an absolute beast to maintain because it’s so complicated.

        • N-E-N@lemmy.caOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Very basic backup system and cloud-ish storage. Mostly handy that I can access it from any device wireless cause I use a ton of different devices

    • Bread@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      If you are using Scale, it has been depreciated. Rather inconvenient for me as I have to come up with a new solution.

      • tarjeezy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Yea, I didn’t like that they are going to drop support in the next version or whatever. Not sure if it’s their intended replacement, but Wireguard is installed by default in TrueNAS Bluefin. I recently switched to that, and I find the performance is way better than OpenVPN.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CGNAT Carrier-Grade NAT
    IP Internet Protocol
    NAT Network Address Translation
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    5 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

    [Thread #46 for this sub, first seen 15th Aug 2023, 02:15] [FAQ] [Full list] [Contact] [Source code]