![]() ![]() ![]() Comment out the tunnel driver and “ return 0” line.Install OpenVPN package and dependencies: # ipkg install openvpn All of this is described in my previous posts: Here’s an example, with an additional read-only export for the local wired net:īefore you can follow these instructions, you must first enable SSH access to the NAS, connect to package repositories and tie into the boot process. The idea is to completely turn off all security on the NFS share, including no_root_squash, and then export the shares exclusively over the VPN subnet. This ended up being the best and simplest option that allows me to have complete and seamless integration of my shares and best possible security. I have tried using CIFS mounts, but quickly rejected the idea b/c the shares were much slower than NFS, did not allow symlinks and did not allow fine grained ownership control of files under one share. Windows File Sharing (CIFS)ĬIFS shares are attractive, b/c they have built in password authentication. The set up procedure is not trivial unfortunately, and would result in a complication of my infrastructure that I was not willing to deal with. It is possible to set up Samba4 as a Domain Controller that will provide Active Directory and Kerberos services: Once you are in, it is trivial to steal everything from un-authenticated NFS shares. All you have to do to infiltrate the storage is somehow connect to the LAN. The problem with NFS is that without a Domain Controller that can provide Kerberos authentication somewhere on the LAN, NFS is horribly insecure. Ix2-dl offers many ways to connect to it, but none of them can provide such a seamless experience for Linux computers as NFS: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |