[Box Backup] Add extra option for client to solve NAT problem?

David Anderson boxbackup@fluffy.co.uk
Wed, 6 Sep 2006 16:00:15 +0100


Hi,

I'm a new boxbackup user, and battling with a problem caused by NAT that I 
can't find discussed directly in any of the docs. I'm aware of the 
suggestions for when your server is hidden behind NAT, but I have a case not 
directly considered.

First of all, thank you for your hard work on this product. I hope it will be 
very useful for me - it's shaping up that way.

My server is on a LAN, and from the Internet it is behind NAT. The docs only 
seem to consider the case where all the clients being backed up are on the 
Internet. They don't consider the case where some are on the LAN and some on 
the Internet.

Say my bb server is on the LAN as 192.168.1.1, but on the Internet as 1.2.3.4. 
Then there is no single hostname that is appropriate for both types of 
client, apart from the ugly kludge of having the LAN traffic travel to the 
Internet router and back via NAT (using the Internet address in both types of 
client).

As a solution, I would suggest having a new option in the client. Presently, 
the server name is used _both_ for resolving to an IP address and for 
verifying the SSL certificate presented. I would suggest having these 
represented by two options instead of by one. One option would indicate the 
hostname for the server, and a second would verify what the server's SSL 
certificate is expected to contain. If the second option is not specified, 
then it would default to the first. This would mean that there would be no 
issues for people upgrading their clients - sane degradation would occur.

The very popular OpenVPN takes the approach suggested above - see its "remote" 
and "tls-remote" options in its man page (http://openvpn.net/man.html).

Kind regards,
David Anderson

P.S. A hello to Ben - he probably won't remember, but about 10 years ago I 
sent him a MineSweeper clone which I'd written for RISC OS 3, which he kindly 
reviewed! Actually it's the memory of Ben's reputation in the RISC OS world 
which commended boxbackup to me.