[Dirvish] push or pull for client with dynamic ip

Keith Lofstrom keithl at kl-ic.com
Wed Jul 29 22:47:10 UTC 2009

On Wed, Jul 29, 2009 at 11:18:16PM +0200, Xavier Brochard wrote:
> Hello
> I need to backup a client without a fix IP (it change randomly 2 or 3 times per 
> week). The backup server is on the internet.
> I was wondering what is the best solution (regarding security, network load 
> and dirvish run):
> - a push backup but mounting the backup disk with sshfs, dirvish on the client
> - a pull backup, dirvish on the backup server, using dyndns.com or no-ip.com
> - something else ?

Your remote clients should probably be talking to "home base" with
an encrypted vpn tunnel to your firewall.  Then you pull backups
through the tunnel.  Yes, it means more computation to do the tunnel
encryption at both ends (and I run dirvish/rsync with ssh, so I am
encrypting twice!).  I have dynamic IP addresses on both ends, but
my firewall establishes its external URL with dyndns (using one of
the free subdomains), and remote clients talk to that.  I have five
remote clients, one is 3000km away.  

I use a small ALIX computer (from PC Engines) for my firewall, see
Cheap, fast, low power, X86, runs my favorite distro, and has three
100Mbit ethernet ports, WAN/DMZ/LAN .  It has built-in encryption
hardware which works with SSL/OpenVPN, but my main site has only
a 4Mbps connection.  The ALIX CPU is fast enough for that, so I
haven't made the kernel patch.

Security is easy.  When I detect something going wrong, I pull out
the WAN connector.

The one remaining issue is that user laptops move between the 
inside network and outside vpns.  It is possible to tweak internal
DNS so the backup server can always find them, but I haven't taken
the time to implement that.  If your remote clients are always on
the same side of the firewall, this is not a problem.


Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs

More information about the Dirvish mailing list