Remote Access to a Samba Share

[Calligrafiction]

Hello lovely tech wizards, thank you for your time.

I've spent a ridiculous amount of time trying to resolve this issue, but have been unsuccessful, so I'd appreciate extra eyes.

 

I have an Ubuntu server I use for a hodgepodge of self-hosted services, nothing intensive, mostly hobbyist stuff. I just added a new 2TB HDD for the purposes of backing up the main boot drive and acting as a NAS. I have a large partition intended for NAS use, and I'm using Samba to make the drive available to my Windows machines. Everything works flawlessly on my desktop, which is on the local network. I can mount the samba share as a network drive and use it exactly as I'd like to in every respect. However, I also need to use this drive on my laptop outside my LAN. How can I securely access my NAS drive remotely, and how can I automate things so I don't have to manually connect each time I restart my laptop?

 

Thank you very much in advance, let me know if I can provide additional information to produce the best recommendation.

[Jarsky]

Setup a VPN. 

My recommendation would be Wireguard, its fast, responsive, secure, and easy to setup. 

 

If you have a dynamic IP address, theres plenty of free dynamic DNS services you can setup as well, like noip, duckdns, dyndns, cloudns, etc...

[Bdavis]

The two best options are.

 

1. a VPN as Jarsky suggested

2. A self hosted cloud service such as owncloud or nextcloud.

[LIGISTX]

10 hours ago, Jarsky said:

Setup a VPN. 

My recommendation would be Wireguard, its fast, responsive, secure, and easy to setup. 

 

If you have a dynamic IP address, theres plenty of free dynamic DNS services you can setup as well, like noip, duckdns, dyndns, cloudns, etc...

This. 
 

And set up your laptop to use the VPN as a split tunnel, that way all internet destined traffic will go out over whatever normal gateway your laptop sees, but traffic destined for you NAS will go out over the VPN (obviously the VPN traffic flows over the default gateway as well… just encapsulated in the tunnel). 

[Takumidesh]

8 minutes ago, LIGISTX said:

This. 
 

And set up your laptop to use the VPN as a split tunnel, that way all internet destined traffic will go out over whatever normal gateway your laptop sees, but traffic destined for you NAS will go out over the VPN (obviously the VPN traffic flows over the default gateway as well… just encapsulated in the tunnel). 

honestly if your connection allows it, why not just run everything through the tunnel. 2 birds with one stone.

[DarkAcid1212]

DIY VPN Pritunl Setup Tutorial - LTT Releases - Linus Tech Tips

Ltt has a good tutorial on how you can create your own vpn.

I would personally use Zerotier per device bases. It's like a virtual switch that makes a virtual private network. There will be app per devices which you can connect it as if you are on vpn. I recommend this because regardless of the fact that that you are using your own VPC or any VPN service leaves a record, but because zerotier is still pip but provides first information to tunnel and completely hands off after, it is safer and faster. 

[LIGISTX]

On 12/9/2022 at 7:18 AM, Takumidesh said:

honestly if your connection allows it, why not just run everything through the tunnel. 2 birds with one stone.

Because it slows down your internet.

 

When I am at a hotel or airport etc, I switch to the full tunnel vs the split tunnel. But if I am somewhere I “trust”, split tunnel is much nicer. 

[SamucaFO]

You can use tailscale for it.You don't need to open any port and you don't need to use any ddns.

[Hakarune]

Use a router with built-in VPN like ubiquiti, TP-link, Zyxel, etc. (my preferred way and how I set up businesses usually). 

Host your own openVPN server that's secured with something like reverse proxy. 

Use a Hak5 Turtle and something like Linode to create a reverse VPN link to your house.

Set up a reverse proxy self-hosted Nextcloud suite. 

 

There's a number of ways to accomplish from easy (albeit maybe more expensive) to hard (and generally more difficult). Just for your safety (since you don't know how to do this already) don't follow any tutorial that tells you port-forward anything (except for reverse proxy tutorials on 443)