New record: 3rd syslog Post in 3 days.

Wasabi used to have a nice offer 4$/TB/month, S3 interface and a few years ago they even started to offer their services in European data centers. And because Synology HyperBackup natively supports S3 with custom endpoints it was a breeze to set up.

But over the years they have increased their prices, while at the same time their service got worse year over year.

When I got my second Synology, the plan was to allocate a small portion of storage on each machine and receive the backups of the other. And since both Synologys are hundreds of kilometers apart, it would even counts as proper off-site backup.

Reddit is full of both reports that it works reliably, and that it always refuses connect from one machine to the other. However all agree that for it to work ports 5001 (HTTPS Webinterface) and 6281 (HyperBackup Vault) have to be reachable.

In my case, the port 5001 isn’t reachable from the internet, but a reverse proxy terminates the traffic on a subdomain using SNI.

Eventually I gave up, since Wasabi did mostly work, and a working but increasingly expensive backup is better than a free one that isn’t reliable. But then the E-Mails about failing backup jobs slowly started to get more and more, until I was fed up and had another go.

Tailnet

I had Tailscale installed on both machines. Normally used to route traffic when using unencrypted WiFis or when i’m abroad and need a German IP. But due to the way Synology has set up the networking on their devices, I could connect from the Tailnet into the NAS but not from the NAS out to the Tailnet.

The Tailscale Docs have a workaround which involves creating the needed tun device on each boot. Now that they can see each other, we can use the Tailnet link-local IPv6 to set up the backup. Since the SSL cert for the login frame (and in my case even worse: PassKey auth) is broken, you’ll have to use the “Password Login” option.