I have an Arch Linux machine acting as an SSH and file server, using vsftpd for FTP and samba for SMB. I would like to access this server via SMB over the Internet, and it is currently set up to allow that. However, I do not want to do this unless the connection between the client and server is encrypted.
To be clear: The files/directories being transferred are not encrypted; what I want is for the network traffic to be encrypted, like using SSL to encrypt a connection to vsftpd.
The clients being used are Windows Explorer on Windows 7 and Windows 8.1, and Dolphin and Caja on Linux. I do not have administrative privileges on some of the Windows PCs. Ideally, the solution could be implemented at the Samba server and would work even with the clients that I have no control over without the need for a specialized client program. However, if this is not possible, I can continue to use encrypted FTP on those clients and implement the solution on the PCs I administer.
Please note that I am new to the world of Samba/SMB/CIFS, so I would appreciate the simplest effective solution and easy-to-follow instructions.
Best Answer
SMB traffic should not transit the public internet (without some form of protection). Period. In fact, many ISPs actually block the ports used by SMB/CIFS.
Set up a VPN connection to your server first (preferrably OpenVPN or IPsec), and then you can use SMB over your VPN tunnel from wherever you'd like.