Hello! Can't find any documentation for ESATA drive attaching. Only notion here on the forum that router could be not enough powerful to keep something more than small ones, and independent powered models bring you to safe side.
There are some documentation for USB drives, but not for ESATA. Does user need to install something, or just plug it in? Should he somehow find it and correct fstab, or there LuCI features for this?
In general esata/usb works the same, only difference is that you don't need the USB kmod drivers and instead need the sata ones.
kmod-ata-ahci, kmod-ata-core, kmod-ata-???-satakmod-fs-f2fs, kmod-fs-btrfs, kmod-fs-exfat - NOTE: avoid ntfs if possibleluci-app-samba3/4, luci-app-ksmbdwsdd2 package to make the shares visible in windowsavahi-dbus-daemon and/or ksmbd-avahi-service (ksmbd only) to make the shares visible for Linux/MacOSPS: In general the luci-app-xy packages have all the dependencies needed, so try to just install those first and all extra required packages should be also pulled in automatically.
Thank you for that thorough guide, it really helps a lot. Would you mind couple of questions just to be sure?
Will LuCI mountpoints appear after system detect a disk? Now there is no such menu path.
I tend to recommend SFTP over other file sharing protocols for its stability and security. Its speed is on par with other given that it will be used over the Internet. What's your opinion on that matter?
And the last concern: how well such approach would be under ddns app? Static IP-address doesn't seem like a good idea for home usage, ISP technologies somehow protect end-user from different vectors. What is it better to choose when there options?
Best regards!
Will LuCI mountpoints appear after system detect a disk? Now there is no such menu path.
I think so, since there is no specific "mount" or "disk" Luci package, i think if the "block-mount" package is found, the luci mount tab should show-up.
Sure sftp/ssh or ftp/s is for getting secure file access over internet, while smb/nfs are designed for LAN. Yet smb/nfs is often faster than sftp. The main reason you might want smb/nfs over sftp is that those behave nearly identically to a local filesystem. So you can start applications, lock files, stream movies normally, while sftp either wont do any of those or at least for streaming needs special mount tools like https://mountainduck.io otherwise it will always download the whole files.
From my experience sftp works best for very simple use cases, where you manually up/download files and than open/edit them separately.
While smb/nfs works like a normal filesystem and you can directly work with the files or open them from your applications.
The solution to circumvent the security issues for smb/nfs is to setup a VPN like wireguard than your shared network drives will just show-up as if they where local, if connected over the internet. Wireguard is so efficient that you should get the same or better speeds this way, compared to sftp while retaining most of the benefits.
Sure, avoid static ip's if privacy is a concern.
If you want to reach your router externally, the best option is to setup a VPN and buy a cheap domain you can setup as DDNS. As example namecheap.com works via the openwrt ddns service, so you can reach your system via name.
It enabled the menu, thanks!
Thank you, didn't know all these details! I'm sure it will be used for Nextcloud external storage. I don't know how does Nc handles it (cache, access, and so on). Feels like most native tech for Nc is WebDAV, but making WebDAV share with OpenWRT over Internet looks too tricky for my hands.
Attached ESATA drive. Should make a share next.
Would add to precious instructions of +Andy2244 another manual which is very helpful, just skip everything regarding USB.
There a significant deficiency occurs. AFAIU OpenWRT doesn't let external connections to the system. But as soon as SFTP share created it will become a target for brute-forcers all around the Internet.
If you went the SFTP route, you have options to further secure access: Public-key authentication only, use a decent key size (4096 at least), use a non-standard user account name and port number, configure fail2ban to auto-block any brute force attempts or alternatively look at using port knocking. And configure something like Wireguard or any other VPN to tunnel access to SSH through (like @Andy2244 mentioned).
Wireguard in particular will do absolutely nothing, no response, even to port scans unless the packets are signed with the correct public key.
You can't really brute force a public key configured SSH instance, but it doesn't prevent any sort of future discovered RCE or other vulnerability where you might be able to bypass authentication all together. I personally wouldn't dare expose any sort of network file transfer protocol to the internet, especially if it's running off a router that would give any attackers access to the full infrastructure off the bat in case of a successful attack.
If you really need to have your data accessible via the internet from a remote location, VPN is the way to go. Tunnel your SSH/SFTP session over that.
Main takeaway I see here is that it would be great if Next-cloud produce an app for OpenWRT to add an attached storage as external storage to the instance. With dedicated user, fail2ban, and other proper things.
The takeaway should be VPN+smb/nfs for fast and simple storage access on router grade hardware. The Next-cloud server is a very "heavy" cloud collaborate suite, that wont run on most openwrt devices or even fit on the nvram.
On decent x86_64 hardware you should already be able to use next-cloud via the openwrt Docker package, yet if you have normal x86 hardware i would rather use any other prebuild cloud/NAS solution with better Docker or native next-cloud support, like:
Totally agree with you. Nextcloud on a router is a perversion if not madness.
But providing external storage with router for a stand alone Nextcloud instance is a sane idea.
I believe when there will be a NAS app for OpenWRT it would enjoy increasing attention day-by-day.
OpenWRT home HW usually capable of running one to three drives, so a LuCI page to securely share it would find their users pretty fast.
And now I would recommend to place a Raspberry Pi 4 device between the drive(s) and router as cheapest and easiest solution for users. I inspected OLIMEX solutions, but it doesn't look like anything easy. So no OSHW for today, unfortunately.
P.s. Is it possible to subscribe somewhat to see when such an app will occur? )
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.