# Extending Samba over the web to the in-laws



## silkie (Oct 13, 2011)

So I have this awesome samba sever running FreeBSD at home for the desktops in the house and they are able to share the centralised storage. Works nice, very basic stuff.

However what are the best options for extending this centralised storage over the web to the completely non-technical extended family? I can't be the first person to have contemplated this.

ftp seems to be beyond them. My solution needs to be as simple as "double clicking on the x: drive" or "load the cool gui and dump your files in there"

Thoughts and suggestions welcome.


----------



## SirDice (Oct 13, 2011)

I understand the situation but whatever you do don't make your samba share accessible from the internet. It's not the world's most secure protocol and you will regret it quite soon.

WinSCP should be relatively easy to use and since it uses SSH it will be quite secure.


----------



## crazychip (Oct 13, 2011)

I have extended samba cross sites with SSH tunnel. Just as secure as WinSCP but not the easiest thing to setup. However if you are dead set on using samba to make it easy on them a tunnel to your network would most likely be the user friendly way(VPN?)
WebDAV is also a possebility.


----------



## redw0lfx (Oct 13, 2011)

Like others have mentioned, it isn't recommended to make samba available via the internet due to the lack of strong security.  I think you have a few options depending on how much setup you want to do:

1) Get your in-laws a OpenWRT/DD-WRT router that has OpenVPN support.  You can configure it to be a constant vpn to your network.  All regular traffic will go through their normal internet connection, and traffic for resources on your network will automatically go via OpenVPN connection.  This means you should be able to use samba with them.  Time to setup: about 3 hours giving all the testing, playing around with the config stuff, and setting it up as a bridge as opposed to routed.

2) Configure a web service to allow them to upload/download files from you (requiring a username/password).  Something along the lines of using WebDAV and Apache2.  Still looking at this sort of implementation though and not sure how easy it would be to setup or use.  See url http://www.akadia.com/services/mod_dav.htmlfor an example.


----------



## AndyUKG (Oct 14, 2011)

Did you consider the fact that if you have a home broadband connetion that your IP will change regularly? Will make configuring fool proof access more dificult....


----------



## silkie (Oct 14, 2011)

Thanks to all who have replied.

WinSCP might be a bit much for them as was my attempt at this with pure-ftpd over explicit TLS. The GUI I choose for the family was filezilla and wasn't embraced.

I'm not sure about the OpenVPN solution, my server is connected to another VPN and I'd want to ensure segregation between the two VPN connections the server will be handling. Sure it's easy enough but the WebDAV looks like a neat suggestion and the one with the most for me to learn. I'll give that a bash I think.

Thanks again for every ones time.


----------



## SirDice (Oct 14, 2011)

Obligatory XKCD cartoon:




Sorry, couldn't resist :e


----------



## redw0lfx (Oct 14, 2011)

AndyUKG said:
			
		

> Did you consider the fact that if you have a home broadband connetion that your IP will change regularly? Will make configuring fool proof access more dificult....



Good point.  Sometimes I tend to forget that not everyone has a static IP.  However, this issue can be somewhat resolved by purchasing a domain name and using dynamic DNS services to always keep it pointing to your latest IP address.  I think the bigger issue is what ports does the ISP block for incoming requests.


----------

