Best network share protocol for transfers across continents?

[Prodo123]

I have a home server running in Asia and work in North America. The server has 6TB of storage which I regularly need access to. When I'm home I just use encrypted SMB through the local network, but it turns out that both AFP and SMB are unreliable for anything else. (Curiously enough when I connect by VPN to the server both protocols work fine)

Are there better ways to make this work? I'd prefer it be encrypted as I don't want my uni snooping in on my files...and I don't want to resort to VPN+SMB every time I need to do something on my server.

The university has gigabit internet speeds; my home server has 100 Mbps up/down. VPN+SMB achieves around 2 Mbps.

 

[sevoneone]

If you want your data secure, I would go with SSH/SFTP. Though I think I would still want to pass this through a VPN so I wouldn't be exposing SSH on my home server to the internet. Open port 22 on your public IP and it doesn't take very long for a never ending bombardment of failed brute force SSH attacks to start showing up in your logs. At the very least look into setting up port knocking.

 

[Prodo123]

If you want your data secure, I would go with SSH/SFTP. Though I think I would still want to pass this through a VPN so I wouldn't be exposing SSH on my home server to the internet. Open port 22 on your public IP and it doesn't take very long for a never ending bombardment of failed brute force SSH attacks to start showing up in your logs. At the very least look into setting up port knocking.

I've looked into SFTP for a while. I know I can connect through terminal, but would it also mount through Finder, and how would performance fare? Would raw SFTP be more efficient than SMB over VPN?

Also, how is WebDAV over HTTPS? I haven't been able to set up WebDAV successfully, ever. I've seen it being thrown around for this kind of situation on the internet, too. I have a valid certificate issued by StartSSL and HTTPS works on my hosted website.

I blocked most brute force SSH attempts with Little Snitch. The problem is that Little Snitch is set by default to reject all incoming connections unless approved by the user with the GUI; maybe I'll have it so that I can approve my connection through VPN+VNC when I need it instead of opening the ports. It's useful, but bothersome.

Or go port knocking like you suggested. Looks like I have a lot of studying to do!

 

[2984839]

SFTP is the best choice. Performance is difficult to estimate, but I think it is likely to be better than SMB over a VPN because it is much less complex.

I also trust the security of SSH/SFTP far more than any VPN. You can run it on a different port than port 22 to drastically cut down on the brute force attempts.

 

[NazgulRR]

I have a similar thing going on as you: mac mini server in one country, while I live in another and travel around. I can pretty much max out the upload speed of the home server that is 20mbps when I connect to it.

if you SSH to the server via terminal and map the ports correctly, you can mount the drives in Finder just as if you were local or VPN. Here's how: http://verysimple.com/2008/03/09/mount-an-osx-afs-shared-drive-over-ssh/ This is SFTP via Finder and while it's bit cumbersome to get running each time (terminal has to be running, etc), it works just fine.

It's always good to have backup options as well. I have 1) SSH via Terminal + AFP mounting via Finder, 2) SFTP via an app such as Forklift, Transmit, etc. 3) VPN + AFP mounting via finder. The latter is the easiest. I find the speeds pretty similar between those.

Could it perhaps that they are throttling the network when it goes through the ports you are using for your VPN? Could you set up an OpenVPN server at your home server via tcp port 443 to avoid possible throttling?