Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing File Shares Through VPN

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    6 Posts 2 Posters 966 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tman222
      last edited by

      Hi all,

      I'm looking for some advice / security best practices when accessing NAS hosted file shares through a VPN. Let's assume I have a site which has a NAS on its local network and has an VPN server setup accepting client connections. Those connected clients would need access to files stored on the NAS while connected via VPN.

      1. Would it be safe enough to use NFS mounts through a VPN tunnel if the connected clients support it? Or is this a security risk because access control is done just by IP address?
      2. Would CIFS/SMB be better option (from security standpoint) because the client would have to authenticate again to access any file shares they are allowed to mount?
      3. Or, am I thinking about this all wrong and there is a better way to access files hosted on a NAS through a VPN tunnel?

      Thanks in advance for your help, I really appreciate it.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Nobody can advise you without knowing your operation al requirements. Are you talking about sharing a folder full of movies with a few buddies, or using ACLs to restrict access to thousands of documents from hundreds of users? Also, your options are limited by what you're using locally for NAS, VPN, clients, etc.

        T 1 Reply Last reply Reply Quote 0
        • T
          tman222 @KOM
          last edited by tman222

          @KOM said in Accessing File Shares Through VPN:

          Nobody can advise you without knowing your operation al requirements. Are you talking about sharing a folder full of movies with a few buddies, or using ACLs to restrict access to thousands of documents from hundreds of users? Also, your options are limited by what you're using locally for NAS, VPN, clients, etc.

          Thanks @KOM - apologies for not being more specific about my use case. Essentially I'm just looking to access files on a NAS on my local network through OpenVPN (server hosted on pfSense) while working remotely. What do you recommend as the most secure way to do that through OpenVPN tunnel? CIFS/SMB, NFS, FTP, SFTP, are all potential options for me.
          Thanks again.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Well, once you're connected you're basically inside your own LAN, so external security isn't so much of an issue because your traffic is being encrypted by the OpenVPN tunnel. How secure does your LAN access need to be? The most common method of presentation would be a Samba share, and you can put auth on it if you need to as you already mentioned.

            T 1 Reply Last reply Reply Quote 0
            • T
              tman222 @KOM
              last edited by

              @KOM said in Accessing File Shares Through VPN:

              Well, once you're connected you're basically inside your own LAN, so external security isn't so much of an issue because your traffic is being encrypted by the OpenVPN tunnel. How secure does your LAN access need to be? The most common method of presentation would be a Samba share, and you can put auth on it if you need to as you already mentioned.

              Thanks @KOM - I was thinking either NFS or Samba (SMB). I tend to use Linux as my primary OS and I like using NFS via AutoFS for automatically mounting shares on demand. Is there any disadvantage to doing just that besides it being perhaps less secure (i.e. I can only filter NFS share access by IP address rather than user id / password on a SMB share). Any thoughts on that? Thanks again.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Again it boils down to LAN security, and it's easy to get hung up on endless onion layers when it might be overkill for your particular environment. Is your LAN used by hostile actors? Or is it a home LAN used by you, the wife and kids? Is the data you're trying to secure that sensitive? These are all questions that need to be answered before you can choose the correct approach.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.