Protecting data transfer with encryption

Jonathan_Schaeffer · July 28, 2017, 2:38pm

Hi there,

I’m testing urbackup and I’m impressed by it. I plan to use it as a more reliable way to backup some 300 windows clients in place of BackupPC (which is also great but has some issues we can’t afford anymore).
So first, thanks to the developpers for their efforts of providing this piece of free (as in speech) software.

I’m wondering about encrypting file transfer. The documentation says, on local network data is not encrypted, but on internet transfers it is.
Why won’t you allow the data to be encrypted on the local network ? In my use case (a university network), we definetly can’t trust the local network. Which settings would you advise ? Is there a way to force the client to use only “internet transfers” ?

uroni · July 28, 2017, 4:22pm

The clients probably aren’t all in the same subnetwork anyway? You’ll just have to setup the Internet mode such that it also works locally. If the clients receive UDP broadcasts from the server you can also:

Put the server behind a NAT firewall
Block the ports (except internet port) via firewall on the server
Put the clients into internet only mode

Jonathan_Schaeffer · July 31, 2017, 2:19pm

Hi,

thank you for your reply.

As I understand it from the doc and your reply, the UDP broadcast is used only to register automatically new clients.

Client in internet only mode is a setting in /etc/defaults/urbackup
- switched to true : backup will only take place in internet mode, thus with data encryption
- switched to false : backup can take place in LAN mode

Thank you