Introduction

I have been using Tailscale for some time now(roughly 2 years), I think it's really impressive that their free version for individuals basically covers everything you need + some nice functions. Things like taildrop, mullvad integration are all quite nice.

I've always liked that you can map a network drive onto your devices, since you can just save your, for example, VS Code folder inside that then it will be accessible throughout your devices. But I didn't like transferring files over public network. People who knows all know I am a bit of a security/privacy freak. But then I always been using Google Drive as the Virtual Drive, it's convenient but I think it's really the time to say NO to Google collecting your data, since every single company wants your data to train their AI now. So I decided to switch away from that.

Tailscale has a really nice function called 'Taildrive" which is pretty similar to Google Drive's mapping function, but the problem is it's in Alpha, and it uses WebDAV, sure, it comes with more permission/policy settings, but I don't really need them, and you have to connect to the Tailscale network to access them, what if I am in a situation that I can't use Tailscale etc?

That's why we need a more flexible solution to this problem.

I have considered hosting WebDAV + Tailscale by myself, but WebDAV has a 50MB limit, even we can change that to 4GB, but that means you need to go to Regedit for every single devices you want to use, imagine you want to connect to the central server by using other people's device, that too much of a work, and I really don't like limitations like this, I am focusing on Secure + Flexible + Convenience + Scalable. Since I also don't want to download any additional software, I think we are only left with one option:

Samba + Tailscale

This is the best solution(imo) for our situation.

Screenshot from my tailscale

Now we first declare some terms:

Central Server(CS): The server hosting the data

Client: The device that maps the virtual drive

Some information:

SMB: SMB is a network communication protocol developed by IBM in the 1980s for sharing access to files, printers, and serial ports among computers. It facilitates resource sharing over a network, allowing applications and users to read, create, and update files on remote servers.

Samba: Samba is an open-source implementation of the SMB/CIFS protocol suite. It enables interoperability between Unix/Linux systems and Windows machines, allowing Unix/Linux servers to share files and printers with Windows clients and vice versa. Samba is also now widely adopted in Android systems, more specifically, many Android file manager apps now has Samba integrated.

Building

The whole process is very straight forward

apt install samba

Create a folder for sharing

mkdir /your/path/here

Then change the config file

vim /etc/samba/smb.conf

You should have everything you need uncommented

Here, you should change your interfaces to your interface's name, it could also be a ip/netmask. I binded it to tailscale's interface so now all of my devices that's connected to my tailscale has the access to the folder. Under WireGuard's strong encryption, in a private network, I would consider this is a strong security in terms of individual usages.

Here the server role should be standalone since this is the only CS.

These two parameters are related to guests(obviously)

map to guest = bad user maps unidentified users to guest user
userhare allow guests = yesallows guest users to access the shared files without being identified

Now we save and quit to test it

testparm

We are good if you see Loaded services file OK.

Now we need to create a user and set it's password

smbpasswd -a username

This will set the password for an user, this user should be an existing user in your user group, for example, root.

If you want a new username, you will need to create a new user on the system using

adduser [newuser]

Then you need to give the newuser permission

setfacl -R -m "u:new_user:rwx" /your/path/here

Now we just need to add the sharing section in smb.conf

vim /etc/samba/smb.conf

Add these lines

[sharing]
comment = Samba is the best
path = /your/path/here
read only = no
writable = yes
browseable = yes
guest ok = no
valid users = @root

You should at least change the path and valid users

Now we go out and test again

:wq
testparm

We restart the samba

systemctl restart smbd

Now we can map this flder as a drive to our Win PC!

Mapping virtual drive(network drive)

In File explorer, go to This PC, click on the three dots, select map network drive.

Then the folder will be in the format of

\\<ip>\<path>

After entering username and password, you are ready to go!