Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@desimone

desimone/crashplan.freenas.md

Last active April 16, 2017 16:22
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save desimone/7073074 to your computer and use it in GitHub Desktop.
Save desimone/7073074 to your computer and use it in GitHub Desktop.
Download ZIP
How-to install the Crashplan plugin with Freenas
Raw
crashplan.freenas.md

How-to : Crashplan & Freenas

Pre-requisites

Install

Step 0: Skip if you are using existing install

Step 1: Install the Crashplan plugin

Plugins --> Install Crashplan crashplan crashplan install 2

Step 2: Enable the tunable to allow for linux emulation

NOTA BENE The gui is wrong here. The correct command is linux_load.

linux_load=YES

tunables

Step 3: Reboot

reboot

Step 4 : Accept TOS

fail

Step 5 : Enable Crashplan plugin

turn on service

Step 6 : Create a sshd user for the crashplan jail, enable TCP forwarding

Per the wiki

[root@freenas] /mnt/zpool# jls
   JID  IP Address      Hostname                      Path
     1  -               crashplan_1                   /mnt/zpool/jails_2/crashplan_1
[root@freenas] /mnt/zpool# jexec 1 /bin/tcsh

Create a new user

root@crashplan_1:/ # adduser
Username: crashplan
.....
Login group is crashplan. Invite crashplan into other groups? []: wheel
....
Username   : crashplan
Password   : *****
Full Name  :
Uid        : 1001
Class      :
Groups     : crashplan wheel
Home       : /home/crashplan
Home Mode  :
Shell      : /bin/tcsh
Locked     : no

At this point, I like to copy my pub key to make things easier on me.

➜  ~  ssh-copy-id crashplan@192.168.1.103

Now, let's create a tunnel. This will redirect localhost 4200 to 4243 on the crashplan jail.

NOTA BENE On a mac, make sure you use 127* not localhost. Localhost causes a redirect loop.

ssh -L 4200:127.0.0.1:4243 crashplan@192.168.1.103 -N -v -v

Step 7 : Configure Crashplan for headless

See crashplan's documentation

Set up a ssh tunnel by editing the ui properties file. ui.properties file location

Linux (if installed as root): /usr/local/crashplan/conf/ui.properties
Mac: /Applications/CrashPlan.app/Contents/Resources/Java/conf/ui.properties
Solaris (if installed as root): /opt/sfw/crashplan/conf/ui.properties
Windows: C:\Program Files\CrashPlan\conf\ui.properties

Change the service port to 4200, which we will use to tunnel to the remote connection.

servicePort=4200

Step 8 : Connect with crashplan (FAIL)

ssh -L 4200:127.0.0.1:4243 crashplan@192.168.1.103 -N -v -v
OpenSSH_5.9p1, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.103 [192.168.1.103] port 22.
debug1: Connection established.
debug1: identity file /Users/bdd/.ssh/id_rsa type 1
debug1: identity file /Users/bdd/.ssh/id_rsa-cert type -1
debug1: identity file /Users/bdd/.ssh/id_dsa type -1
debug1: identity file /Users/bdd/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
debug1: match: OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 489/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 47:80:ec:ed:06:a4:ee:1e:88:65:57:29:fc:ab:bd:65
debug1: Host '192.168.1.103' is known and matches the RSA host key.
debug1: Found key in /Users/bdd/.ssh/known_hosts:8
debug2: bits set: 520/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/bdd/.ssh/id_rsa (0x7ffe31410cc0)
debug2: key: /Users/bdd/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/bdd/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp aa:79:62:66:54:09:ea:7e:9b:53:b4:68:01:b9:28:cc
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.103 ([192.168.1.103]:22).
debug1: Local connections to LOCALHOST:4200 forwarded to remote address 127.0.0.1:4243
debug1: Local forwarding listening on ::1 port 4200.
debug2: fd 5 setting O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 4200.
debug2: fd 6 setting O_NONBLOCK
debug1: channel 1: new [port listener]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Connection to port 4200 forwarding to 127.0.0.1 port 4243 requested.
debug2: fd 7 setting TCP_NODELAY
debug1: channel 2: new [direct-tcpip]
debug2: channel 2: open confirm rwindow 2097152 rmax 32768

[root@freenas] ~# jexec crashplan_1 sockstat -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
crashplan sshd      4149  5  tcp4   192.168.1.103:22      192.168.1.83:53226
root     sshd       4147  5  tcp4   192.168.1.103:22      192.168.1.83:53226
root     java       3952  56 tcp4   127.0.0.1:4243        *:*
root     java       3952  57 tcp4   *:4242                *:*
root     java       3951  56 tcp4   127.0.0.1:4243        *:*
root     java       3951  57 tcp4   *:4242                *:*
root     java       3950  56 tcp4   127.0.0.1:4243        *:*
root     java       3950  57 tcp4   *:4242                *:*
root     java       3949  56 tcp4   127.0.0.1:4243        *:*
root     java       3949  57 tcp4   *:4242                *:*
root     java       3948  56 tcp4   127.0.0.1:4243        *:*
root     java       3948  57 tcp4   *:4242                *:*
root     java       3947  56 tcp4   127.0.0.1:4243        *:*
root     java       3947  57 tcp4   *:4242                *:*
root     java       3946  56 tcp4   127.0.0.1:4243        *:*
root     java       3946  57 tcp4   *:4242                *:*
root     java       3945  56 tcp4   127.0.0.1:4243        *:*
root     java       3945  57 tcp4   *:4242                *:*
root     java       3944  56 tcp4   127.0.0.1:4243        *:*
root     java       3944  57 tcp4   *:4242                *:*
root     java       3943  56 tcp4   127.0.0.1:4243        *:*
root     java       3943  57 tcp4   *:4242                *:*
root     java       3942  56 tcp4   127.0.0.1:4243        *:*
root     java       3942  57 tcp4   *:4242                *:*
root     java       3941  56 tcp4   127.0.0.1:4243        *:*
root     java       3941  57 tcp4   *:4242                *:*
root     java       3940  56 tcp4   127.0.0.1:4243        *:*
root     java       3940  57 tcp4   *:4242                *:*
root     java       3935  56 tcp4   127.0.0.1:4243        *:*
root     java       3935  57 tcp4   *:4242                *:*
root     java       3934  56 tcp4   127.0.0.1:4243        *:*
root     java       3934  57 tcp4   *:4242                *:*
root     java       3933  56 tcp4   127.0.0.1:4243        *:*
root     java       3933  57 tcp4   *:4242                *:*
root     java       3932  56 tcp4   127.0.0.1:4243        *:*
root     java       3932  57 tcp4   *:4242                *:*
root     java       3931  56 tcp4   127.0.0.1:4243        *:*
root     java       3931  57 tcp4   *:4242                *:*
root     java       3930  56 tcp4   127.0.0.1:4243        *:*
root     java       3930  57 tcp4   *:4242                *:*
root     java       3929  56 tcp4   127.0.0.1:4243        *:*
root     java       3929  57 tcp4   *:4242                *:*
root     java       3928  56 tcp4   127.0.0.1:4243        *:*
root     java       3928  57 tcp4   *:4242                *:*
root     java       3927  56 tcp4   127.0.0.1:4243        *:*
root     java       3927  57 tcp4   *:4242                *:*
root     java       3926  56 tcp4   127.0.0.1:4243        *:*
root     java       3926  57 tcp4   *:4242                *:*
root     java       3797  56 tcp4   127.0.0.1:4243        *:*
root     java       3797  57 tcp4   *:4242                *:*
root     java       3444  56 tcp4   127.0.0.1:4243        *:*
root     java       3444  57 tcp4   *:4242                *:*
root     java       3443  56 tcp4   127.0.0.1:4243        *:*
root     java       3443  57 tcp4   *:4242                *:*
root     java       3442  56 tcp4   127.0.0.1:4243        *:*
root     java       3442  57 tcp4   *:4242                *:*
root     python2.7  3404  3  tcp4   192.168.1.103:12346   *:*
root     java       3399  56 tcp4   127.0.0.1:4243        *:*
root     java       3399  57 tcp4   *:4242                *:*
root     java       3398  56 tcp4   127.0.0.1:4243        *:*
root     java       3398  57 tcp4   *:4242                *:*
root     java       3397  56 tcp4   127.0.0.1:4243        *:*
root     java       3397  57 tcp4   *:4242                *:*
root     java       3396  56 tcp4   127.0.0.1:4243        *:*
root     java       3396  57 tcp4   *:4242                *:*
root     java       3395  56 tcp4   127.0.0.1:4243        *:*
root     java       3395  57 tcp4   *:4242                *:*
root     java       3394  56 tcp4   127.0.0.1:4243        *:*
root     java       3394  57 tcp4   *:4242                *:*
root     java       3393  56 tcp4   127.0.0.1:4243        *:*
root     java       3393  57 tcp4   *:4242                *:*
root     java       3381  56 tcp4   127.0.0.1:4243        *:*
root     java       3381  57 tcp4   *:4242                *:*
root     sshd       3213  5  tcp4   *:22                  *:*
root     java       3179  56 tcp4   127.0.0.1:4243        *:*
root     java       3179  57 tcp4   *:4242                *:*
root     syslogd    3076  7  udp4   *:514                 *:*
?        ?          ?     ?  tcp4   192.168.1.103:12346   192.168.1.101:60840
?        ?          ?     ?  tcp4   192.168.1.103:12346   192.168.1.101:51273

[root@freenas] ~# kldstat
Id Refs Address            Size     Name
 1   59 0xffffffff80200000 132bb68  kernel
 2    1 0xffffffff8152c000 143c50   linux.ko
 3    1 0xffffffff81670000 e3c8     xhci.ko
 4    1 0xffffffff81812000 156757   zfs.ko
 5   14 0xffffffff81969000 55c1     opensolaris.ko
 6    1 0xffffffff8196f000 485c     geom_stripe.ko
 7    1 0xffffffff81974000 10477    geom_raid3.ko
 8    1 0xffffffff81985000 efdd     geom_raid5.ko
 9    1 0xffffffff81994000 581e     geom_gate.ko
10    1 0xffffffff8199a000 49d5     geom_multipath.ko
11    1 0xffffffff8199f000 b6b      dtraceall.ko
12    1 0xffffffff819a0000 4ee2     profile.ko
13    3 0xffffffff819a5000 4049     cyclic.ko
14   11 0xffffffff819aa000 23da87   dtrace.ko
15    1 0xffffffff81be8000 fb2d     systrace_freebsd32.ko
16    1 0xffffffff81bf8000 109cf    systrace.ko
17    1 0xffffffff81c09000 459e     sdt.ko
18    1 0xffffffff81c0e000 4953     lockstat.ko
19    1 0xffffffff81c13000 be50     fasttrap.ko
20    1 0xffffffff81c1f000 6672     fbt.ko
21    1 0xffffffff81c26000 55bd     dtnfscl.ko
22    1 0xffffffff81c2c000 4590     dtmalloc.ko
23    1 0xffffffff81c31000 44e3     dtio.ko
24    1 0xffffffff81c36000 28bff    if_cxgbe.ko

fail

@mikedevita
Copy link

My crashplan app doesn't seem to like the tunneling, it ignores it completely..

edit:
forgot to uncomment, my b. I got passed the login screen but now when crashplan tries to open up it whines about not being able to connect to engine...

debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 4200 for 127.0.0.1 port 4243, connect from 127.0.0.1 port 51400, nchannels 3

@niepi
Copy link

niepi commented Nov 8, 2013

@desimone did you got the plugin working, because i got stuck a the login screen?

@claym
Copy link

claym commented Nov 24, 2013

ssh-copy-id: Command not found.

:(

Also,

ssh -L 4200:127.0.0.1:4243 crashplan@192.168.1.14 -N -v -v

just ends with

debug1: Entering interactive session.

and then does nothing

@desimone
Copy link
Author

desimone commented Jan 2, 2014

@niepi actually no. I think the issue is with the plugin at this point. Intermittently, I was able to login and the backup job would start. But nothing I'd depend on.

For now, I'm back on ubuntu server.

@desimone
Copy link
Author

desimone commented Jan 2, 2014

@claym you need to have ssh-copy-id installed. It's not required. You can use password based auth.

@Nealtron
Copy link

I'm also receiving the "debug1: Entering interactive session." message. What do I need to do to correct this behavior?

@sirkkalap
Copy link

Hi @desimone,

Few things that I noticed while following these instructions today ( 2014-02-23 ) running FreeNAS 9.2.1_RC (should be close enough to 9.2.1 stable, but I have not upgraded yet)

The Crashplan jail image is currently version 3.5.3_1. This version is FreeBSD, so no need for linux_load.

  1. I did not need to set the linux_load=YES. Neither did I reboot the FreeNAS.
  2. In step 6 you will need to enable sshd inside the Crashplan jail ( 192.168.1.103 ). This is covered by the instructions, but I failed to notice the "Per the wiki" -link at first. Now with Crashplan being FreeBSD, the ssh was simple to enable ( http://doc.freenas.org/index.php/Adding_Jails#Accessing_a_Jail_Using_SSH_Instead_of_its_Shell_Icon ).

I quess TCP-port forwarding on FreeNAS (192.168.1.101) SSH-service is not neccessary, since if I am not mistaken there are no ssh connections to it, only to 192.168.1.103, which is the jail.

The ssh-connection is only required because Crashplan admin port ( 4243 ) does not listen to LAN-connections inside jail. It only listens to 127.0.0.1, which is the loopback device.

I have not figured out yet where the new encrypted RaidZ volume will be used. My jail has its own dataset cut out from my original first vol1.

Thanks for your great instructions!

@sirkkalap
Copy link

I forked this gist and updated it to FreeNAS 9.2.1 and Crashplan plugin 3.5.3_1: https://github.com/sirkkalap/freenas-crashplan-howto

@heggink
Copy link

heggink commented Jun 25, 2014

Actually, I found elsewhere that you can make crashplan listen on all interfaces rather than localhost. Requires following change on server:

"Using your favorite text editor, edit the following file:

/usr/pbi/crashplan-amd64/share/crashplan/conf/my.service.xml
Within this file, change the from "127.0.0.1" to "0.0.0.0". Save, and then restart the Crashplan service"

No ssh tunneling required to redirect 4243 to 4200. Just change the IP address for the client to direct to your jail and leave the port what it was.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment