4

I have a LAN with a few Ubuntu machines. My brother has a LAN with a few Linux machines.
We want to share some folders between each other, with full read/write access. How?

The special challenge is that we're not in the same house. We're not even in the same country!

I'm guessing we need to set up some kind of private virtual network, so that the machines are essentially on the same LAN even though there are two ISP's in between.

How can we achieve this? What software/hardware do we even need?

We both have stable DSL lines. We both have Linux-only home LANs. Do we need some kind of SSL certificates? A domain name? I have no idea. I just know that NFS is way too complicated for my skill level.

Update: Based on Bodhi's suggestion to use sshfs, I could immediately make that work between machines on my own LAN. So far so good! But:

  1. How can my brother access the machines in my home LAN, from his LAN? First of all, I'm guessing I need to arrange a DynDNS name for my home, because ISP-assigned IP addresses will change over time. But that won't help him address one specific machine on my LAN. How would he do that?
  2. Is there a guide that explains what the steps are to "Use ssh keys and disable password auth"? I'm guessing I need to generate a set of private/public ssh keys and give him the public one? But then anyone with that key could access my machines? How does this work?

When the above has been solved, I can just reverse our roles to access his machines the same way.

Torben Gundtofte-Bruun
  • 10,454
  • 1
    I advise sshfs - https://help.ubuntu.com/community/SSHFS . Use ssh keys and disable password auth. – Panther Nov 09 '15 at 20:52
  • Thank you @bodhi this seems to be useful - I could immediately make it work between machines on my own LAN. Is there a similar guide that explains what the steps are to "Use ssh keys and disable password auth"? I'm guessing I also need to arrange a DynDNS name for each DSL site, because ISP-assigned IP addresses will change over time - right? – Torben Gundtofte-Bruun Nov 09 '15 at 21:13
  • http://bodhizazen.net/Tutorials/SSH_keys – Panther Nov 09 '15 at 22:41
  • 1
    you also have to port forward on your router – Panther Nov 09 '15 at 22:41
  • +1 on the sshfs solution offered up in these comments. If you have Netgear routers you can use their free DDNS service to get around the problem of IP addresses changing. http://kb.netgear.com/app/answers/detail/a_id/23860/~/how-to-setup-a-netgear-dynamic-dns-account%3F Set up RSA key authorization and you're done. – Organic Marble Nov 10 '15 at 03:48

3 Answers3

2

Bastion/Jump host

You can configure one of your hosts on your LAN as a jump host or ssh bastion. Your brother will ssh directly to this host, and from there he can ssh to the rest of your network from this machine. He can also copy files into and out of your network with SCP to and from this host, then move them around as needed.

A Good Bastion Host Article

Connectivity options

  1. public IP - you can attach a public/floating IP address through your ISP to your router to allow connections in. You can also set up a cloud instance somewhere with a floating IP address and use tis as your bastion host instead. Maybe $30/month for an instance that you can use for other things too. It will probably be more expensive to get a public V4IP from your ISP. Once this is set up you can use a VPN like openvpn (very cheap and reliable) from both sites to this host to essentially turn it onto a router between private networks.

    OpenVPN Site 2 Site

  2. IPv6 - Depending on your ISP you may already be running dual stack, or IPv4 AND IPv6 at the same time. While your IPv4 address is private and dynamic, your IPv6 address is likely associated with your account since the entire point of IPv6 was to address the fact that the world is out of IPv4 public addresses and allows everyone to have a unique address for every device. Since you mentioned you are using DSL this is probably not available to you. If you are running dual stack however, you already have a V6 unique address, and should be able to provide access with port forwarding via the address of your router as long as your ISP is allowing v6 through it's internet gateway back to your router. This is an option, but you may find that this takes a huge amount of effort to get going, and may not even be possible.

    Ubuntu IPv6 VPN Tutorial

  3. Hamachi - (logmein.com) provides tools for doing things like this and doesnt cost much. his is definitely worth taking a look if you want to set it and forget it for a nominal fee. They are essentially managing the aforementioned VPN setup for you and keeping it alive. It works well if you dont mind paying for a solution, although there is some basic functionality that may work for you using their free components.

    Hamachi Site 2 Site Tutorial

  4. DynDNS - This is wizardry to me, but you are essentially bridging your gateway device to a static name from any point on the internet and allowing traffic through your gateway using a name and a route instead of a public IP address. You register this name with a 3rd party server/service to advertise the dynamic connection back to you since you are initiating a connection to this 3rd party endpoint and allowing traffic to be translated back in to your network. Be careful with this type of setup as you are essentially opening up your LAN to the world and stand a good chance of being bothered over time by would be attackers.

    OpenSwan VPN Tutorial

Security

Be sure you are running some type of firewall between yourself and the world. The firewall on your LAN machines shoudl be considered secondary to a firewall on your gateway and shoudl not be the only layer of security. THis can be a machine acting as a firewall between your gateway and the rest of your LAN, or at the very least a list of disabled ports and protocols on your gateway device.

Ubuntu as a Gateway Router/Firewall Tutorial

One other thing I would note, if you are using DSL you can expect your connections to fail periodically. DSL has ADHD and should drop on you once a day or so. Be sure to set up something via cron to "kick" your connection if it does down, or your brother will be calling you every time he needs access for you to reset your modem.

Happy Hunting!

spyderdyne
  • 685
  • 9
  • 23
1

This may not be exactly what you want. This will not directly connect your LANs. But focusing on "We want to share some folders between each other, with full read/write access. How?", this is a possible and easy way to do this:

You can use a Dropbox alternative without space limits, like Syncthing, Bittorrent Sync or AeroFS. All three are described here: Peer To Peer (P2P) Sync and Share Ubuntu

In short, they do all synchronize folders. I'm not sure whether in some of them it's possible to only sync a part of it. They all do not have space limits (except the ones of your hard drives). But you'll need to install it on all machines, or at least on one in your LAN and one in your brothers LAN. Within the LAN you can just use SMB sharing or whatever you like. Syncthing is also open source.

verpfeilt
  • 2,874
  • 1
    Thank you - this would mirror all shared data on all the machines, but I only want to access it, not copy everything to local. I should have explicitly stated "We want to share some folders directly between each other, with full read/write access." – Torben Gundtofte-Bruun Nov 09 '15 at 21:34
0

Have you looked at Cloud services like box.net, Google's Drive, iCloud? All these provide some sort of document sharing with some collaboration support.

They all have some sort of work flow which makes them less natural than having the folders on a local file system. However, this work flow resolves the fundamental problem with share remote file systems: network delay. With any of the syncing services if you both decide to edit a document at the same time only one of you will get to keep your edits.

Judd Rogers
  • 161
  • 1
  • 2
  • Thank you - this would mirror all shared data on all the machines, but I only want to access it, not copy everything to local. I should have explicitly stated "We want to share some folders directly between each other, with full read/write access." – Torben Gundtofte-Bruun Nov 17 '15 at 11:32