How to deal with non-static IP for incoming server on Asus router and a question about EASILY mapping a remote drive
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to deal with non-static IP for incoming server on Asus router and a question about EASILY mapping a remote drive
I recently moved my backup server to my brother's house. Both are running Debian 12.
Right now, I have a static IP and his router is configured to only allow incoming SSH traffic from my IP address. (I think this is fairly secure?) And when my rsync job runs, it calls out to the Let's Encrypt DDNS name that his router registered with Asus. I have tested this and it's working PERFECTLY.
In the coming months, I'm probably going to be switching ISPs and will no longer have a static IP. If my IP changes, I won't be able to adjust his router to allow only my, unique IP as the source so I'm guessing I'll need to install Zerotier or Tailscale on my main server at my house and the backup server at his house so they can talk to each other for the backup job. I run Plex on my main server... will this cause any problems? Which one of those VPN services is DEAD SIMPLE to setup?
Or is there another way I should go about this if/when I switch ISPs and no longer have a static IP address? I used the ssh-copy-id to copy my keys to his server.... does that mean my unique keys were copied and it's safe to open the inbound ssh port forward to the world as only I would be able to authenticate to my remote server?
Yes, I'm a Linux newbie....especially when it comes to securing ssh.
I think I should also start reading up on fail2ban as well as an extra layer of security.
The Asus router (depending on age) might have a VPN server built in. If so, I would pick OpenVPN if that is an option since installing a client is fairly easy and you can use nmcli to connect in your backup job. Using ssh keys only is safe.
I do it the other way. I run rsync on the backup ‘puter and pull the data from the production box.
The backup server has a dynamic address, the production server has a static IP.
(I actually use rsnapshot, which uses rsync over ssh)
The Asus router (depending on age) might have a VPN server built in. If so, I would pick OpenVPN if that is an option since installing a client is fairly easy and you can use nmcli to connect in your backup job. Using ssh keys only is safe.
His router is a newer model and has built in support for Open VPN but I think for now, I might just go with locking the source IP for the inbound rule to my IP address because I'm working on nailing down another problem and don't want to muddy the water. Will post about THAT issue here in a minute.
I do it the other way. I run rsync on the backup ‘puter and pull the data from the production box.
The backup server has a dynamic address, the production server has a static IP.
(I actually use rsnapshot, which uses rsync over ssh)
But I think I'd have the same problem. If I had the remote server at his place pulling from me, I'd need to lock the inbound traffic to a single IP on my router (to be safe) and he definitely doesn't have a static IP.
But I think I'd have the same problem. If I had the remote server at his place pulling from me, I'd need to lock the inbound traffic to a single IP on my router (to be safe) and he definitely doesn't have a static IP.
If you connect to your box from his box using SSH keys, you're "locking down" the connection between the computers themselves. The keys identify the hardware at the other end of the connection*...they don't care how the connection is made.
If the dynamic IP of my local "pulling" server changes, the connection and snapshot still works, and the keys provide the validation.
*"Hardware" in the sense that the key stored on the remote machine matches the key on the local machine.
Or is there another way I should go about this if/when I switch ISPs and no longer have a static IP address?
Set up OpenVPN or WireGuard on the server (i.e: NOT at the router) at your brother's house. The remote client computer will be able to connect from any IP address without any trickery.
If you connect to your box from his box using SSH keys, you're "locking down" the connection between the computers themselves. The keys identify the hardware at the other end of the connection*...they don't care how the connection is made.
If the dynamic IP of my local "pulling" server changes, the connection and snapshot still works, and the keys provide the validation.
*"Hardware" in the sense that the key stored on the remote machine matches the key on the local machine.
Set up OpenVPN or WireGuard on the server (i.e: NOT at the router) at your brother's house. The remote client computer will be able to connect from any IP address without any trickery.
Tip: Use a high (UDP) port number.
That sounds like a good idea indeed, thank you. I also might add fail2ban to the mix as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.