Hi,
I have two Synology NAS's, one in my home and another in a remote location.
The remote Synology connects to an OpenVPN server in my network, and the two NAS's backup to each other using Hyper Backup.
My NAS points to the remote Hyper Backup vault on it's VPN IP address (10.5.x.x) and the remote NAS points to my Hyper Backup vault on it's local IP address (192.168.x.x).
I had been enabling transfer encryption in all of my Hyper Backup jobs, and choosing the 'trust' option for Certificate Authentication.
I have recently changed the certificate setup on my NAS (now using Let's Encrypt, previously using self signed) which has caused the Hyper Backup jobs on the remote NAS to complain about the certificate* which can be fixed by manually selecting the 'trust' option again.
However, this will happen whenever the certificate is renewed, so I'd like to avoid having to do this each time.
I was wondering what is the 'best' option out of:
1. Disable Transfer Encryption
2. Enable Transfer Encryption and select 'ignore' for Certificate Authentication
3. Do not use the LE cert for the Hyper Backup vault service, and 'trust' the default certificate
It seems to me that Transfer Encryption is unnecessary given that all of the Hyper Backup jobs are going over the VPN connection anyway, so that would make option 1 fine. Is that correct?
Any suggestions appreciated - Thanks.
*This is because the certificate does not include the IP address I am connecting to, as that is unsupported by Let's Encrypt. I can't use the fqdn name of the Lets Encrypt cert as a Hyper Backup target as the name will not resolve. I expect that this is some issue with my OpenVPN setup, however I'd like to know why workaround to use until I can get that fixed.
I have two Synology NAS's, one in my home and another in a remote location.
The remote Synology connects to an OpenVPN server in my network, and the two NAS's backup to each other using Hyper Backup.
My NAS points to the remote Hyper Backup vault on it's VPN IP address (10.5.x.x) and the remote NAS points to my Hyper Backup vault on it's local IP address (192.168.x.x).
I had been enabling transfer encryption in all of my Hyper Backup jobs, and choosing the 'trust' option for Certificate Authentication.
I have recently changed the certificate setup on my NAS (now using Let's Encrypt, previously using self signed) which has caused the Hyper Backup jobs on the remote NAS to complain about the certificate* which can be fixed by manually selecting the 'trust' option again.
However, this will happen whenever the certificate is renewed, so I'd like to avoid having to do this each time.
I was wondering what is the 'best' option out of:
1. Disable Transfer Encryption
2. Enable Transfer Encryption and select 'ignore' for Certificate Authentication
3. Do not use the LE cert for the Hyper Backup vault service, and 'trust' the default certificate
It seems to me that Transfer Encryption is unnecessary given that all of the Hyper Backup jobs are going over the VPN connection anyway, so that would make option 1 fine. Is that correct?
Any suggestions appreciated - Thanks.
*This is because the certificate does not include the IP address I am connecting to, as that is unsupported by Let's Encrypt. I can't use the fqdn name of the Lets Encrypt cert as a Hyper Backup target as the name will not resolve. I expect that this is some issue with my OpenVPN setup, however I'd like to know why workaround to use until I can get that fixed.
