Setting up a Remote VPN Backup Server

This guest blog is by Stefano Partida of SPX Labs who has been using Unraid for over 3 years now for video editing and media storage.

The Dell T30 Remote VPN and Backup Server

This will be a lengthy blog about why I went with a Dell T30 instead of something like a Dell R710/720 and what the configuration ended up looking like. Trying to keep length and interests in mind, the reasons “why” we chose a Dell T30 will be towards the bottom and the more gritty details will be towards the top. We will break this into sections: The first being the Remote OpenVPN section, second being the Remote Backup section, and we'll finish up with the Why’s and other thoughts. Let’s dig in!

The Dell T30

Before we can talk about the configuration, we really need to lay out the hardware configuration and host operating system. It is important to understand how we got the Dell T30 to work for us when it isn’t the most ideal server. We got our Dell T30 on sale for $299, so this is the biggest reason why we went with it. This thing goes on sale all the time, maybe once a month, so you may have an opportunity to get one for this price as well. 
 

Full Server Hardware List and Price Paid:

• Dell T30 - $299
  • Xeon 1225 v5 4core/4threads 3.3GHz base, 3.7GHz boost clock
• 8GB DDR4 ECC RAM
• 1TB Seagate Barracuda

If you need to know more details, check Dell’s website.

Upgrades to the Dell T30:

• Dell H310 Flashed to IT mode - $45
  • I would recommend the SAS9211-8I in place of the H310 because no flashing is required for it to work. The SAS9211-8I works out of the box with Unraid. - $70
• SFF 8087 to Right Angle SATA - $10 
   
  • This will keep you from damaging the SATA connections on the cables when the side panel is closed.
     
• 32GB DDR4 ECC SNPM0VW4C/8G - $30 each
• Hard drives
  • Using old WD 1TB and 2TB Seagate drives for now
  • I tested a Shucked 8TB EasyStore (white label) and it worked with my Dell T30
  • More info here about shucked drives

FYI: The 10TB EasyStore White Label drive did not work with the Dell T30 due to a SATA 3.3V Pin issue.

Hard Drive Configuration:

• 2TB Seagate Parity Drive
• 2TB Seagate Storage Drive
• 1TB WD Black x2
• 240GB Intel 535 SSD x2 RAID 0
• 1TB Toshiba NVME for Virtual Machines (unassigned device)
• NVME Adapter or Traditional
• Last but not least, an Unraid license. - $ Varies.

Unraid

We will be using Unraid as our OS because the T30 has limited drive space and it is important for me that the OS can run from a USB thumb drive. While there are other distros that can run off a USB thumb drive, there is just something about Unraid that allows you to go from a basic NAS to a server that can do pretty much everything in a few minutes.

Originally, I considered CentOS 7 for this project and doing all of the leg work to mimic Unraid as closely as possible. But, after getting the CentOS 7 webgui working and a container running, I realized just how lazy I have become and stopped. It took me about 3 hours (MAYBE) to get the Dell T30 completely setup with Unraid. That time includes setting up SMB and NFS shares, CentOS and Windows VMs, OpenVPN, and configuring the array and such. You really can’t beat that deployment time. So anyway, it didn’t take me an unreasonable amount of time to determine that I should just buy an Unraid license again.

Remote VPN

Let’s say I’m traveling or just working remotely and decide to connect to the “FBI Surveillance VAN 1” hotspot outside of my hotel. Well, after connecting to the hotspot and using an OpenVPN client, I can route ALL of my internet traffic through my OpenVPN server at home and it’s entirely encrypted. This is important because, let’s say I forgot to pay a bill or need to look at some document that contains personal identifiable information (PII). Having my own VPN helps me ensure that 1: a spoofed Wifi hotspot or shady hotspot isn’t going to magically get my PII, and 2: since I control my VPN I also don’t have to worry about my web crawling being harvested.

In the diagram below, our Client first connects to the Cafe Hotspot. Once the connection is established, we connect to our OpenVPN Server all the way at home. After the connection is established, all internet traffic is encrypted and routed through our OpenVPN Server. We can use the VPN to literally do everything I would normally do on the internet without worrying about any of the data being harvested.
 

Perks of a VPN Setup:

I have full, secure access to my Unraid server so I can do some fun things like:

• Directly manage or update the server remotely.
• Store data, images, or video on the server.
• Access information, images, video, etc that I have stored on the server.
• Send the server video encoding jobs.
• Access other computers, routers, cameras, or other devices in my home network.
• Watch movies from my home server that aren't otherwise directly web accessible.
• Or, as a perfect example, upload diagrams to Squarespace because the WiFi I am on at say, Starbucks is somehow preventing uploads to their site.

How to Set up OpenVPN with Unraid

Honestly, there really isn’t a better way to show you guys how to do this than with a video. When it comes to videos, there is only one guy who does it best, Spaceinvader One!

The Gist of the Setup

1. Using Community Apps in Unraid, download the OpenVPN Server plugin.
    
2. Create your user.
3. Configure your router to port forward UDP port 1195 (or whatever you choose).
4. Enable internal network access.
5. Optionally enable DNS forwarding for AdBlock (pi-hole) purposes.
6. Configure your domain or sub-domain to forward to your OpenVPN server.
7. Export your user profile.
8. Import your user profile onto your cell phone, laptop, desktop, etc.
9. Enjoy!
    

Unraid to Remote Unraid Backup Server

Now that you hopefully understand the gist of how we can use a VPN to connect to an Unraid server, let’s expand that idea a bit to see how we can use this to backup data from one server to another. Below is a diagram which helps paint a picture of what this all looks like visually.

Diagram Explanation

Essentially, what is happening here is my home Unraid server hosts a Windows VM (Virtual Machine) that uses OpenVPN to connect to the remote VPN server. The Windows VM has access to both the local SMB share and the foreign SMB share on the remote server. Both servers are hundreds of miles away and are connected as if they are on the same network (well the Windows Virtual Machine anyway).

How Do I Transfer Data Between Servers?

The simplest way is to literally drag and drop files from one SMB share to the remote SMB share. However, sometimes, I will periodically run the Robocopy command in Powershell to mirror both the local SMB share and the remote SMB share so they are identical.

Let’s look at the Windows Server 2016 VM hosted at home on my Unraid Server:

What you are looking at in the picture above is the Server "2016 VM" connected to my home Unraid Server and the remote Unraid Server. In the left most File Explorer window, you can see that I have the “ISOs” SMB Network share open and on the right most File Explorer window, I also have the remote “ISOs” SMB Network share open. Notice how both windows have different IP addresses. From this you are able to ascertain that the Windows VM is in fact connected to both Unraid servers at the same time through OpenVPN. Pretty cool huh?

Speed Test

Next up we can take a look at what kind of speeds to expect between servers. Now, this is greatly affected by my friends Download speed with his ISP and my Upload speed from my internet provider.

What we can see here using fast.com, is that I am able to download 11 Mbps and upload 12 Mbps all through his internet connection. Remember, I have a tunnel from my Windows VM that routes all internet traffic through the remote OpenVPN Server. This is obviously not the best connection, but it also isn’t that bad either.

Let’s see what speedtest.net yields:

Now for all of the "Whys"

Dell T30 Pros:

• Great price when on sale $199~299.
• Decent CPU with QuickSync and Virtualization Support.
• Ships with 8GBs of DDR4 ECC RAM.
• Low Power (my UPS reported 0 watts at idle).
• Quiet.
   
• Comes with a warranty.
• Comes with a 1TB hdd.
• Dell has a pretty decent 30 Day return policy should you decide it’s not for you.
• Similar CPU performance to an R710.
• Small Form Factor.
• Plenty of IO options.
• More modern easy to use BIOS.
• Great for an introduction to homelab/homeserver stuff.

Dell T30 Cons:

• Limited drive expandability.
• Supports up to 4 drives out of the box, 3 if you plan to use the DVD ROM.
• CPU only supports 16 PCI-E Lanes.
• On-board NVME is disabled by Dell (probably due to limited PCI-E Lane support by the CPU).
• No additional power for PCI-E devices.
• No hotswap drive bays.
• No idrac or remote access capability.
• Only supports up to 64GBs of RAM.
• Takes up a lot of space if you put it on a Rack (4u).
• 1GbE on-board.
• Limited online support.
• No Internal USB support.

Why not an R710?

Originally, I had purchased and planned to use a Dell R710 but I had many issues that would have required more money to make it work. So, I went for a totally different system all together; it was a gamble of a purchase and I got burned. I probably would have continued to use the R710 despite most of the issues if iDRAC was accessible. The server would not respond to any IPMI, SSH, or web ui requests and it was insanely loud, so that lead me to the Dell T30 instead. 
 

R710 Pros:

• Cheap: $200 shipped can get you:
• 72GBs of DDR3 RAM or more
• Redundant Power supplies.
• Quad 1Gb NICs.
• iDRAC 6.
• Dual CPUs.
• 3 PCI-E Expansion slots (half height and full).
• Rack mountable.
• 6 Hot Swappable Drive bays (accessible from the front)!
• Cheap used parts galore.
• Tons of online support.

R710 Cons:

• Old; better options for a bit more money… Looking at you Dell R720.
• Different versions on the used market which means your backplane could be SATA II and it’s hard to tell from online pictures.
• Power hungry.
• Can be a loud out of the box (See how to quiet down this beast).

Can you use a Dell T30 for Plex?

Plex recommends a CPU PassMark score of 2000 Points for a single 1080p stream. The E3-1225 V5 clocks in at 7820 according to PassMark. So yes, it can be used for Plex but you have to consider how many streams you have going at once. You should also consider somehow using QuickSync with this CPU and Plex for ultimate performance (if that’s a thing).

Am I Still Happy with the T30?

So far so good. The Dell T30 has been running on its own for almost 2 months now and I haven’t experienced anything I would consider preventative issue to keep someone from buying it. I’d buy another one for this kind of project again if I was going to put a server at someone else’s house and was trying to be respectful of power usage and noise.

Would you like to know more?

Check out the video below and thanks for sticking around!