Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
N2560 data guard backup with ssh fails
#1
Because I am very satisfied with the N2560, I bought a second one serving as backup for the first.

I would like to make a backup with Data Guard and ssh encryption (personal documents)
On the backup NAS (target), I:
- enabled Rsync target server 
- created an account
- enabled Encryption support
- filled in the ip address of my NAS (source) at the field "allowed ip"

I tested this type of backup at the time that machines were in the same network. So far, no problem.

Now I have moved the backup NAS (target) to another location in town (outside of my Lan). Port 2200 is in both routers forwarded (source and target) to the NAs ip's.
Now the backup with ssh encryption fails. "You're not allowed to make encrypted connection". A backup without encryption succeed.

What am I doing wrong?
- This type of backup only works in the same network?
- Is an encryption key necessary?
- Need to be more ports forwarded?

Kind regards, 

Ivo
Reply
#2
Hi Ivo,

I guess that changing IP of the target (when you put it in the remote location) has affected its certificate on which encryption is based. Try to install a new certificate bound to the new IP you are using and encryption will start using the new certificate for the target. In general, changing the IP of the host will invalidate the issued certificate that used the old IP.

Regards,
Dorin
Reply
#3
Hi Dorin,

Thanks for your comment. I'm going to try you suggestion. I'll let you know if it worked.

Regards
Ivo
Reply
#4
(09-28-2016, 05:12 PM)DorinD Wrote: Hi Ivo,

I guess that changing IP of the target (when you put it in the remote location) has affected its certificate on which encryption is based. Try to install a new certificate bound to the new IP you are using and encryption will start using the new certificate for the target. In general, changing the IP of the host will invalidate the issued certificate that used the old IP.

Regards,
Dorin

Hi Dorin,

Your solution doesn't work. When i make a backup the data passes two different modem/routers en two different IPS's. I guess the problem lies in the posible restrictions of the ISP's.

Kind regards, Ivo
Reply
#5
Dear Sir,

Following check point for your reference:
1. Target IP should change Target'router IP.
2. Please try to enable port 22 & 837 forward.
3. Once it is not working, please try on DMZ to ensure this connection is working first, and then try to check what port number is necessary.
Yvon.
Reply
#6
(11-09-2016, 03:34 PM)Thecus - Yvon Wrote: Dear Sir,

Following check point for your reference:
1. Target IP should change Target'router IP.
2. Please try to enable port 22 & 837 forward.
3. Once it is not working, please try on DMZ to ensure this connection is working first, and then try to check what port number is necessary.

Dear Yvon,

I followed the steps you described. When activated DMZ host and run the connectiontest, I got the following error

Unknow Fail(0x08001710)

Best regards, Ivo
Reply
#7
Dear Sir,

If tested under same local area network is working means it is working from NAS both side, thus would related to network or router configuration, please try on other protocols as like HTTP, FTP or SAMBA to ensure the DMZ is working first.

If FTP is working and you have additional security request, maybe following link is an option:
Secure FTP (Explicit) encryption & SFTP
http://thecus.kayako.com/default_import/...tion--sftp
Yvon.
Reply
#8
Dear Sir,

If enable the DMZ, how about the HTTP, FTP & SAMBA is working through internet?
Yvon.
Reply
#9
Dear Yvon,

HTTP, FTP, SFTP en Webdav are working fine through internet (Filezilla, Winscp en Putty). No DMZ needed. Rsync works fine, just not with ssh. For me, Rsync is the best option to make a backup.

Regards, Ivo
Reply
#10
Dear Sir,

According from your first post about encryption rsync is working under local area network but DMZ, thus would related to internet network connection, please check both remote site or enable DMZ both for try.
Yvon.
Reply
#11
Ultimately, the problem seems to be solved. My modem/router broke down and I received a new ons from my ISP. After installation and settings , I've tested again to make a backup with ssh encryption. Now it works, but the backup NAS must be in DMZ (no problem for me).
What I previously suspected; The problem was in the Isp's hardware.

Thanx everybody for thinking & support.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)