Network Setup Question...

Rustus Maximus

macrumors 6502
Original poster
Jan 15, 2003
363
434
Small network of about 8 Macs, couple of printers, two Mini servers. Cable modem into an Airport Extreme (6th Gen) then into a 16 port switch. Looking to setup two remote file servers for access by remote workers (we presently have two Mac Minis running OS X server with attached GRAID storage that will need to be accessed). The workers will be accessing the server via user ID and password. The initial thought was to set them up as sftp servers. Would we need public IPs for that? Can the AE handle multiple public IPs? Would multiple VPN servers be better here? Is there an easier, more secure, elegant solution? Just asking for a point in the right direction from those who I'm sure have a lot more knowledge in this area than I ever will. We're not opposed to having to get a new router, etc.
 

belvdr

macrumors 603
Aug 15, 2005
5,660
1,001
No longer logging into MR
With SFTP on the native port, you'll find so many bots attempting connections unless you move them off TCP/22. Once you do that, you can use a different port for each server, but then everyone must be sure to use the correct port. It's a kludge, at best.

I'd suggest a VPN and it might be best to get a router that can do this natively. One option is the EdgeRouter X, which costs $49 US. Not only is this more secure, you can provide any access to the internal network that you may want.
 
  • Like
Reactions: Rustus Maximus

Rustus Maximus

macrumors 6502
Original poster
Jan 15, 2003
363
434
With SFTP on the native port, you'll find so many bots attempting connections unless you move them off TCP/22. Once you do that, you can use a different port for each server, but then everyone must be sure to use the correct port. It's a kludge, at best.

I'd suggest a VPN and it might be best to get a router that can do this natively. One option is the EdgeRouter X, which costs $49 US. Not only is this more secure, you can provide any access to the internal network that you may want.
Thanks for the relpy belvdr. Question, would the built-in VPN on macos Server work in this way, keeping the existing AE router for the moment? Also, could we setup each server with its own VPN through the AE without interfering with the other?
 

belvdr

macrumors 603
Aug 15, 2005
5,660
1,001
No longer logging into MR
I cannot answer about configuring the VPN server provided with macOS. I've only ever configured devices with two interfaces (one public and one private) that provided VPN services, such as Cisco and Check Point. These devices function much like your AE, but also provide an endpoint for VPN clients.

Hopefully someone who has done this can provide some assistance.
 

techwarrior

macrumors 65816
Jul 30, 2009
1,110
395
Colorado
The idea with VPN is you are allowing external users to connect as if they are on the local network. So, one VPN should be all you need, and then users can connect to the shares on the two servers.
 
  • Like
Reactions: Rustus Maximus

Rustus Maximus

macrumors 6502
Original poster
Jan 15, 2003
363
434
Thanks to all of you for your replies, we're going to try the VPN route and see how it shakes out. Thanks again!
 

cobracnvt

macrumors 6502
Apr 6, 2017
276
114
I would consider using cloud storage instead of introducing the complexity/headache of setting up VPN for every employee and managing the associated security.

As an example, Dropbox for Business works really well for multiple users and is accessible from anywhere and has clients for Mac, Windows, iPhone, Android, etc. https://www.dropbox.com/business
 
  • Like
Reactions: Rustus Maximus

Rustus Maximus

macrumors 6502
Original poster
Jan 15, 2003
363
434
I would consider using cloud storage instead of introducing the complexity/headache of setting up VPN for every employee and managing the associated security.

As an example, Dropbox for Business works really well for multiple users and is accessible from anywhere and has clients for Mac, Windows, iPhone, Android, etc. https://www.dropbox.com/business
True enough cobra. We weren't really considering that as an option. I'll check that out as well.
 

Flint Ironstag

macrumors 6502a
Dec 1, 2013
964
521
Houston, TX USA
For what it's worth, I've been using MacOS Server's built in VPN for offices of this size since the beginning. Works perfectly for your use case, and it won't cost you anything more to set up!