How to remotely backup clients over WAN/VPN
inSync uses client triggered backups, network encryption, and WAN optimization to facilitate faster backups over VPN or WAN (Internet) for remote users. All backup and restore requests are initiated by the inSync client over a secure 256-bit encrypted SSL channel.
This articles explains how to configure inSync server for remote backup.
- Setting the Published IP Addresses
- Automatic Configuration of Network Settings on Clients
- Changes to Published IP Addresses
- Firewall Settings
Network Settings for inSync
In presence of multiple network interfaces (for LAN/WAN) or a firewall, the inSync Server may be reachable by the inSync clients on different network addresses. For instance:
- LAN - 192.168.15.1 : 6061
- LAN - 192.168.15.4 : 6061
- WAN - 220.127.116.11 : 8000
Note: In this example the IP address visible to the WAN users is 18.104.22.168:8000 and NOT 192.168.15.5:6061.
Setting the published IP addresses
The administrator needs to add the three IP addresses to the list of Published Addresses as shown here.
The configuration can be done on the inSync Web Control Panel, by navigating to Settings > Network. Again, these are NOT necessarily the server IP addresses, but those on which the client can connect to the server.
Note: These addresses need to be configured before the keys are generated for each user.
The Web/App Restore IP address should also be updated to an IP address which all the users can reach.
Automatic configuration of Network Settings on Client
To avoid manual configuration these IP addresses and other essential settings are communicated to the user using the authentication key (.isk) file. Once the IP addresses are configured, generate the key files and send them to all the new users. Once the keys are loaded in inSync client, it automatically polls the IP addresses in the given order and starts backing up the data.
Changes to published IP addresses
Any changes to the Published IP Addresses are automatically communicated to the already configured and syncing clients and it does not require re-issuing of the keys
The settings on the firewall should allow unidirectional (one way traffic) from “ANY” to configured (default 6061) port on the inSync Server.