Re: [BackupPC-users] Need guidance for backing up remote Windows PC
- Original Message - From: Holger Parplies wb...@parplies.de To: Les Mikesell lesmikes...@gmail.com; jbo...@meridianenv.com Cc: General list for user discussion, questions and support backuppc-users@lists.sourceforge.net Sent: Wednesday, March 20, 2013 3:11 PM Subject: Re: [BackupPC-users] Need guidance for backing up remote Windows PC Hi, Les Mikesell wrote on 2013-03-20 16:19:23 -0500 [Re: [BackupPC-users] Need guidance for backing up remote Windows PC]: On Wed, Mar 20, 2013 at 4:00 PM, Jeff Boyce jbo...@meridianenv.com wrote: [...] Local Network Sequoia = Samba (and WINS server) and OpenVPN server (192.168.112.50) Taxa = DNSmasq (dns and dhcp server) (192.168.112.51) Bacteria = BackupPC server (192.168.112.52) Network IP = 192.168.112.0/24 ok. Remote Windows Box Computer Name = jks-e6500 Remote LAN IP = unknown Remote WAN IP = dynamic OpenVPN Common Name = jkssequoiaclient All of these don't matter for the question at hand. OpenVPN IP = static, 10.9.8.10 OpenVPN routed network [...] If you manage local dns you can add the target name with the VPN IP and everything should work the same as locally. Alternatively, you could set ClientNameAlias to the VPN IP in the backuppc config. In particular, you can choose whatever name for the client suits your purposes. Usually, you will want to use just one name for one machine, but since you've used a different one in the OpenVPN certificate, I thought I'd mention it. The name in the certificate is really only used for selecting the clients/ file (in OpenVPN), which usually defines the IP used. It does *not* magically set up some sort of name resolution for that name. I would have used jks-e6500 to match the host name, but it doesn't really make any difference. Adding something like 10.9.8.10 jks-e6500 to a hosts-type file (/etc/hosts on the BackupPC server or better a hosts file served by your DNSmasq server) should do the trick. Talking of hosts files, the DHCP flag in BackupPC's hosts file should be 0 :-). My thinking is that since the remote Windows box can connect and browse the Samba shares on Sequoia via the VPN, then obviously Samba knows how to communicate with this remote client. At the TCP level, the Samba server doesn't really need to know anything. There's an incoming connection from an IP it can route reply packets to. Fine. Samba itself might require more, in order to determine whether to allow access or not. The remote machine might register itself with the Samba WINS server. But it's the remote machine that initiates the connection. No, that's not entirely obvious unless the backuppc server is also the VPN server. Sometimes VPN servers are configured to NAT to their ethernet interfaces to provide LAN connectivity for the remote clients. That's a good point. If that were the case, you'd need to rethink things. In your case you need routing from the backuppc server to the client IP which may or may not be present. Can you connect with smbclient to the 10.9.8.10 IP? If your VPN server is not NATting and it's not the default gateway, then you'd need either a host or probably better a network route (on your BackupPC server): # route add -host 10.9.8.10 gw sequoia or # route add -net 10.9.8.0/24 gw sequoia Additionally, if sequoia was not previously routing traffic, you might need to # echo 1 /proc/sys/net/ipv4/ip_forward (on sequoia) which you'd want to do automatically on reboot by adding (or uncommenting) net.ipv4.ip_forward=1 in /etc/sysctl.conf. For IPv6, see the comments in sysctl.conf. Regards, Holger Greetings - I have had to move on to some other more pressing issues temporarily, but I think the guidance you guys have given me will get me to the next stage of implementing this and running some tests. Thanks. Jeff -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Need guidance for backing up remote Windows PC
On Wed, Mar 20, 2013 at 4:00 PM, Jeff Boyce jbo...@meridianenv.com wrote: I am trying to figure out if my objective is possible. I want to be able to backup a remote Window box that connects to the local network via OpenVPN. I have scanned through the archives and have seen some discussion of similar things, but nothing that really gives me good overall direction on whether it will work, or how to get it to work, with my network configuration. There's no real difference as long as it is up at a reachable IP address. I am using BackupPC to backup the local Windows boxes, and would like to add a remote one. I am not that concerned about the time it would take to complete a backup over the WAN, as I can configure it to work at night. Local Network Sequoia = Samba (and WINS server) and OpenVPN server (192.168.112.50) Taxa = DNSmasq (dns and dhcp server) (192.168.112.51) Bacteria = BackupPC server (192.168.112.52) Network IP = 192.168.112.0/24 Remote Windows Box Computer Name = jks-e6500 Remote LAN IP = unknown Remote WAN IP = dynamic OpenVPN Common Name = jkssequoiaclient OpenVPN IP = static, 10.9.8.10 OpenVPN routed network I have BackupPC configured to connect to the local Window boxes via SMB, as I didn't care for the cygwin and rsync implementation on windows when I used it in the past. Besides, I already have Samba configured and running just fine, so why not just use it. The big difference would be bandwidth usage after the initial copy. Every smb full is going to send all the data. Another difference is that smb incrementals are based on the file timestamps and won't track files added in ways that keep an old timestamp, old files in their new position under a renamed directory, or deletions. You might like the cwrsync or deltacopy variations of rsync - still cygwin based but packaged in a windows installer. I seem to have both DNS and netbios name resolution working properly for the local LAN, but don't know how the remote box fits into that when it connects to Samba via a VPN network. If you manage local dns you can add the target name with the VPN IP and everything should work the same as locally. Alternatively, you could set ClientNameAlias to the VPN IP in the backuppc config. My thinking is that since the remote Windows box can connect and browse the Samba shares on Sequoia via the VPN, then obviously Samba knows how to communicate with this remote client. No, that's not entirely obvious unless the backuppc server is also the VPN server. Sometimes VPN servers are configured to NAT to their ethernet interfaces to provide LAN connectivity for the remote clients. In your case you need routing from the backuppc server to the client IP which may or may not be present. Can you connect with smbclient to the 10.9.8.10 IP? -- Les Mikesell lesmikes...@gmail.com -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Need guidance for backing up remote Windows PC
Hi, Les Mikesell wrote on 2013-03-20 16:19:23 -0500 [Re: [BackupPC-users] Need guidance for backing up remote Windows PC]: On Wed, Mar 20, 2013 at 4:00 PM, Jeff Boyce jbo...@meridianenv.com wrote: [...] Local Network Sequoia = Samba (and WINS server) and OpenVPN server (192.168.112.50) Taxa = DNSmasq (dns and dhcp server) (192.168.112.51) Bacteria = BackupPC server (192.168.112.52) Network IP = 192.168.112.0/24 ok. Remote Windows Box Computer Name = jks-e6500 Remote LAN IP = unknown Remote WAN IP = dynamic OpenVPN Common Name = jkssequoiaclient All of these don't matter for the question at hand. OpenVPN IP = static, 10.9.8.10 OpenVPN routed network [...] If you manage local dns you can add the target name with the VPN IP and everything should work the same as locally. Alternatively, you could set ClientNameAlias to the VPN IP in the backuppc config. In particular, you can choose whatever name for the client suits your purposes. Usually, you will want to use just one name for one machine, but since you've used a different one in the OpenVPN certificate, I thought I'd mention it. The name in the certificate is really only used for selecting the clients/ file (in OpenVPN), which usually defines the IP used. It does *not* magically set up some sort of name resolution for that name. I would have used jks-e6500 to match the host name, but it doesn't really make any difference. Adding something like 10.9.8.10 jks-e6500 to a hosts-type file (/etc/hosts on the BackupPC server or better a hosts file served by your DNSmasq server) should do the trick. Talking of hosts files, the DHCP flag in BackupPC's hosts file should be 0 :-). My thinking is that since the remote Windows box can connect and browse the Samba shares on Sequoia via the VPN, then obviously Samba knows how to communicate with this remote client. At the TCP level, the Samba server doesn't really need to know anything. There's an incoming connection from an IP it can route reply packets to. Fine. Samba itself might require more, in order to determine whether to allow access or not. The remote machine might register itself with the Samba WINS server. But it's the remote machine that initiates the connection. No, that's not entirely obvious unless the backuppc server is also the VPN server. Sometimes VPN servers are configured to NAT to their ethernet interfaces to provide LAN connectivity for the remote clients. That's a good point. If that were the case, you'd need to rethink things. In your case you need routing from the backuppc server to the client IP which may or may not be present. Can you connect with smbclient to the 10.9.8.10 IP? If your VPN server is not NATting and it's not the default gateway, then you'd need either a host or probably better a network route (on your BackupPC server): # route add -host 10.9.8.10 gw sequoia or # route add -net 10.9.8.0/24 gw sequoia Additionally, if sequoia was not previously routing traffic, you might need to # echo 1 /proc/sys/net/ipv4/ip_forward (on sequoia) which you'd want to do automatically on reboot by adding (or uncommenting) net.ipv4.ip_forward=1 in /etc/sysctl.conf. For IPv6, see the comments in sysctl.conf. Regards, Holger -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
