{"id":27674,"date":"2023-01-12T18:21:41","date_gmt":"2023-01-13T02:21:41","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=27674"},"modified":"2023-01-15T17:31:26","modified_gmt":"2023-01-16T01:31:26","slug":"rsync-tailscale-synology","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2023\/01\/rsync-tailscale-synology\/","title":{"rendered":"Synology Offsite Backup Using rsync Over Tailscale"},"content":{"rendered":"
\"synology
<\/figcaption><\/figure>\n

Back in November I wrote an article entitled The Great Synology Migration of 2022<\/a>. It was the story of how I\u2019d bought a second Synology to replace the finally end-of-life Drobo 5N2. In the article, I explained how I used the tried and true rsync protocol to create a backup of each Shared Folder from my primary Synology to my backup Synology.<\/p>\n

One of the things I could never do before with a Synology backing up to a Drobo was have the Drobo off-site; they had to both be on my home network. But remember me telling you about the magical technology Tailscale<\/a>? That\u2019s the tool that allows me to put multiple devices (including my Synologys) onto a virtual private network, while also living on the local network. This means that (in theory) I should be able to move the backup Synology to my buddy Ron\u2019s house and continue to run rsync to do the backups.<\/p>\n

Or so I thought. The reason I haven\u2019t told you how I accomplished this right after setting up Tailscale was that I couldn\u2019t get it to work, until now.<\/p>\n

For a quick review, in the Synology Disk Station Manager (DSM) operating system includes rsync. It\u2019s pretty simple and straightforward. In Control Panel \/ File Services there\u2019s a tab for rsync. You enable rsync on the destination Synology<\/a> first. Then on the source Synology you create the rsync tasks<\/a>, which for me was one for each Shared Folder, I wanted to sync.<\/p>\n

For each sync task, you need to point to the destination Synology by IP address. The problem was that if I typed in the Tailscale IP of the remote Synology, I\u2019d get an error when I tried to test the connection. The field kept reverting back to the local IP address, and it\u2019s not on my local network anymore.<\/p>\n

\"Rsync
rsync Task List That Refused Tailscale IP Address<\/figcaption><\/figure>\n

I verified that both Synologys were on Tailscale, and I could access the remote Synology via that Tailscale IP address, but I simply could not convince rsync that it was a reachable IP address.<\/p>\n

I reached out to Dave Hamilton, who taught me about Tailscale in the first place through the Mac Geek Gab. I used his awesome Discord community to post my question. He offered a few ideas but nothing panned out. I searched the interwebs until I nearly wore my little fingers down to nubs.<\/p>\n

Then I posted the question on Twitter and on Mastodon. I didn\u2019t get any traction on Twitter but Shannon Kay (@shannonkay@bookstodon.com) suggested the Synology subreddit. It was a great idea because I found several people asking fairly similar questions, but sadly they didn\u2019t find the answer either.<\/p>\n

But Shannon\u2019s idea prompted me to ask the question in two more places: the Synology forum and the Tailscale forum. I got an answer pretty quickly in the Synology Community from Arild Skaar<\/a> that was 90% of the solution but I didn\u2019t understand exactly how to implement the solution he suggested.<\/p>\n

In the Tailscale forum, @Jonas108<\/a> started comparing settings with me because he did have it working. After a few times going back and forth, he hit on the problem. He sent me a link in the Tailscale documentation that explained exactly what was going on.<\/p>\n

The support article is entitled Access Synology NAS from anywhere \u00b7 Tailscale<\/a> which is exactly what I needed.<\/p>\n

The opening paragraph explains:<\/p>\n

\n Synology DSM7 introduced tighter restrictions on what packages are allowed to do. If you\u2019re running DSM6, Tailscale runs as root with full permissions and these steps are not required.<\/p>\n

By default, Tailscale on Synology with DSM7 only allows inbound connections to your Synology device but outbound Tailscale access from other apps running on your Synology is not enabled.
\n The reason for this is that the Tailscale package does not have permission to create a TUN device<\/a>.\n<\/p><\/blockquote>\n

In 8 extremely simple steps, the support article walks you through how to run a user-defined script that Tailscale gives you on installation, and it tells you how to make sure it\u2019s run as root on every boot-up.<\/p>\n

\"Synology
Synology Task Scheduler with Tailscale Script<\/figcaption><\/figure>\n

As soon as I walked through these steps, when I pointed my rsync task at my remote Synology\u2019s Tailscale IP, the test connection worked, and my rsync task worked without a hitch.<\/p>\n

\"Rsync
rsync Task List Success!<\/figcaption><\/figure>\n

Circling back to Arild from the Synology forum\u2019s answer. He told me essentially the same thing that there was a permissions problem, and he pointed to the same script, but he runs these commands himself. He did even tell me I could do it through the same Task Scheduler that the Tailscale instructions provided, but I had no idea how to find the Task Scheduler in the Synology interface. Turns out it\u2019s a Control Panel. I needed the spoon-feeding of the Tailscale instructions.<\/p>\n

The one curiosity to me is that in all of my searching of the net, including the Tailscale documentation itself, I was never able to find these instructions myself.<\/p>\n

In any case, the community came through for me from Mastodon to the Synology forums to the Tailscale forums, and I am thrilled that I finally have offsite backups running daily of my precious Synology data. And I thank Ron for his bandwidth.<\/p>\n","protected":false},"excerpt":{"rendered":"

Back in November I wrote an article entitled The Great Synology Migration of 2022. It was the story of how I\u2019d bought a second Synology to replace the finally end-of-life Drobo 5N2. In the article, I explained how I used the tried and true rsync protocol to create a backup of each Shared Folder from […]<\/p>\n","protected":false},"author":1,"featured_media":27673,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147],"tags":[1611,2814,231,1248,5551],"class_list":["post-27674","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","tag-backup","tag-off-site-backups","tag-rsync","tag-synology","tag-tailscale"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/01\/rsync-tailscale-synology-noAlpha.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/27674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=27674"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/27674\/revisions"}],"predecessor-version":[{"id":27733,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/27674\/revisions\/27733"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/27673"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=27674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=27674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=27674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}