Best network share protocol for transfers across continents?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Prodo123, Feb 1, 2016.

  1. Prodo123 macrumors 68020

    Prodo123

    Joined:
    Nov 18, 2010
    #1
    I have a home server running in Asia and work in North America. The server has 6TB of storage which I regularly need access to. When I'm home I just use encrypted SMB through the local network, but it turns out that both AFP and SMB are unreliable for anything else. (Curiously enough when I connect by VPN to the server both protocols work fine)

    Are there better ways to make this work? I'd prefer it be encrypted as I don't want my uni snooping in on my files...and I don't want to resort to VPN+SMB every time I need to do something on my server.

    The university has gigabit internet speeds; my home server has 100 Mbps up/down. VPN+SMB achieves around 2 Mbps.
     
  2. sevoneone macrumors 6502

    Joined:
    May 16, 2010
    #2
    If you want your data secure, I would go with SSH/SFTP. Though I think I would still want to pass this through a VPN so I wouldn't be exposing SSH on my home server to the internet. Open port 22 on your public IP and it doesn't take very long for a never ending bombardment of failed brute force SSH attacks to start showing up in your logs. At the very least look into setting up port knocking.
     
  3. Prodo123 thread starter macrumors 68020

    Prodo123

    Joined:
    Nov 18, 2010
    #3
    I've looked into SFTP for a while. I know I can connect through terminal, but would it also mount through Finder, and how would performance fare? Would raw SFTP be more efficient than SMB over VPN?

    Also, how is WebDAV over HTTPS? I haven't been able to set up WebDAV successfully, ever. I've seen it being thrown around for this kind of situation on the internet, too. I have a valid certificate issued by StartSSL and HTTPS works on my hosted website.

    I blocked most brute force SSH attempts with Little Snitch. The problem is that Little Snitch is set by default to reject all incoming connections unless approved by the user with the GUI; maybe I'll have it so that I can approve my connection through VPN+VNC when I need it instead of opening the ports. It's useful, but bothersome.

    Or go port knocking like you suggested. Looks like I have a lot of studying to do!
     
  4. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #4
    SFTP is the best choice. Performance is difficult to estimate, but I think it is likely to be better than SMB over a VPN because it is much less complex.

    I also trust the security of SSH/SFTP far more than any VPN. You can run it on a different port than port 22 to drastically cut down on the brute force attempts.
     
  5. NazgulRR macrumors 6502

    Joined:
    Oct 4, 2010
    #5
    I have a similar thing going on as you: mac mini server in one country, while I live in another and travel around. I can pretty much max out the upload speed of the home server that is 20mbps when I connect to it.

    if you SSH to the server via terminal and map the ports correctly, you can mount the drives in Finder just as if you were local or VPN. Here's how: http://verysimple.com/2008/03/09/mount-an-osx-afs-shared-drive-over-ssh/ This is SFTP via Finder and while it's bit cumbersome to get running each time (terminal has to be running, etc), it works just fine.

    It's always good to have backup options as well. I have 1) SSH via Terminal + AFP mounting via Finder, 2) SFTP via an app such as Forklift, Transmit, etc. 3) VPN + AFP mounting via finder. The latter is the easiest. I find the speeds pretty similar between those.

    Could it perhaps that they are throttling the network when it goes through the ports you are using for your VPN? Could you set up an OpenVPN server at your home server via tcp port 443 to avoid possible throttling?
     

Share This Page