I'm an IT intern. Most people at my (very small) company use Macs to connect to our local NAS, over AFP. I know AFP is being phased out in favor of SMB (or maybe it's SMB2?), but it's still preferred by the employees here because it seems to present a different set of visible files than SMB does (not sure why) and because of the label-coloring features of Mac file protocols.
They want to connect to our NAS from outside the network and have everything be about the same — so seeing the labels, getting files to be locked/reserved when someone is "using" them, etc. I set our router to forward port 548 to the NAS port 548, because that's the port for AFP, and it now works.
However, I understand that's very insecure. The two major ways I've encountered to make it secure are SSH and VPN. The NAS itself doesn't do SSH unless I gave it some custom firmware from the Web, and I'd rather not take the risk. Even apart from that, I've read that a VPN would be a better, faster option.
Lacking SSH (and other features), the NAS isn't terribly useful — it has a web-based interface and that's it. Ideally, we'd just replace it with an actual Macintosh, but that's out of the question for now. Falling short of that, I'd like to be able to make the remote AFP connection secure. I assume that I'd need some kind of VPN which would talk to both the NAS and the connecting computer, ensuring encryption throughout.
Can I solve this with something like OpenVPN? Would I need to buy another device to put between our router and the NAS? And can this be done without affecting our Internet speed/quality? (The NAS is the only element that requires any access from the outside, but we also use the Internet at work a lot.)
Thanks in advance.
They want to connect to our NAS from outside the network and have everything be about the same — so seeing the labels, getting files to be locked/reserved when someone is "using" them, etc. I set our router to forward port 548 to the NAS port 548, because that's the port for AFP, and it now works.
However, I understand that's very insecure. The two major ways I've encountered to make it secure are SSH and VPN. The NAS itself doesn't do SSH unless I gave it some custom firmware from the Web, and I'd rather not take the risk. Even apart from that, I've read that a VPN would be a better, faster option.
Lacking SSH (and other features), the NAS isn't terribly useful — it has a web-based interface and that's it. Ideally, we'd just replace it with an actual Macintosh, but that's out of the question for now. Falling short of that, I'd like to be able to make the remote AFP connection secure. I assume that I'd need some kind of VPN which would talk to both the NAS and the connecting computer, ensuring encryption throughout.
Can I solve this with something like OpenVPN? Would I need to buy another device to put between our router and the NAS? And can this be done without affecting our Internet speed/quality? (The NAS is the only element that requires any access from the outside, but we also use the Internet at work a lot.)
Thanks in advance.