Noob Question: How to Get to my NAS from the Internet?

areckethennu

I apologize for such a basic question. Up to now, I've been letting nothing into my system from the internet. Well, many years ago, I had some OpenVPN tunnels (using DuckDNS as a DDNS service) letting my phones in. But, I've gotten rid of that and forgotten pretty much everything about it. Plus, the world has probably changed. Anyway, I've been thinking about letting my Asustor NAS be accessible from outside my local network, but don't know the best way to do it.

Asustor provides a Cloud ID via their EZ-Connect service, but I don't know how trustworthy that is or what it would take to punch through pfSense.

I'd guess the OpenVPN (or perhaps WireGuard) route with DuckDNS would still be fine. But, I'm not sure if the lack of https on that address is in any way meaningful to a tunnel's UDP connection.

Or, should I do things "properly" and buy an actual domain name? If I do, would the best thing be to host it on my NAS or off at someplace in the Cloud (and I don't even know if those words mean anything strung together like that)? If I go that route, I'm utterly clueless about how to set it up (CNAME, A Records, etc.). So, could someone point to a decent web site where I could learn about that.

stephenw10

@areckethennu said in Noob Question: How to Get to my NAS from the Internet?:

Asustor provides a Cloud ID via their EZ-Connect service, but I don't know how trustworthy that is or what it would take to punch through pfSense.

Probably nothing required in pfSense as long as the NAS can connect out.

By far the safest way to connect to the NAS is using a VPN to pfSense. Probably exactly how you did it before. That way you have complete control over who can connect at all and when.
A public cert really gives you nothing additional there and in fact can be argued to be worse since you don't control the CA.

Use a remote access OpenVPN.
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-ra.html

Steve