From my understanding, the impetus was that F5 submitted a CVE for a vulnerability, for an optional, “beta” feature that can be enabled. Dounin did not think a CVE should be submitted, since he did not considered it to be “production” feature.

That said, the vulnerability is in shipping code, regardless of whether it is optional or not, so per industry coding practices, it should either be patched or removed entirely in order to resolve the issue.

TrueNAS has an OpenVPN plugin available, which is typically the recommended option.

You are trying to solve two different, but related problems, and there are discrete solutions for both.

One is a personal cloud. You need a secure place to store your shit from multiple users and devices, from multiple networks. You’ll need a mostly static IP and dyndns or your own domain, and certificates signed by a public CA/letsencrypt.

Then, you are looking for a backup application that supports rsync or sftp/scp over ssh or vpn, that is also cross compatible (Android and PC/Linux). Point this to the service above, and you are good to go.

This.

At some point, you need to be able to quantify the risk to your business before you can do this.

For instance, if your business earns $10 per transaction, and you perform 100 transactions per second, the difference between five and six nines (313 seconds vs 31 seconds) is $282,000; nowhere near enough to justify the added investment.

However, if you perform ten thousand transactions per second, the difference is $28.2M. Which, frankly, is still not enough for the added staff and infrastructure costs that would be required. Enough for other mitigations, sure, but not six nines.

For reference, Visa is pretty widely quoted to do 24,000 transactions per second. Suffice to say, as Notorious stated, it is really really difficult.

Edit: Important to note that for the first example, these are already enormously huge numbers. Such a business, assuming no holidays or weekends, would be grossing $31.5 billion per year, in the same ballpark as Oracle and Coca Cola.

So when we say the company is losing 282,000, this is a tiny, tiny fraction of revenue. Even 99.5%, which is almost two days of downtime, would “only” be a loss of 0.5% of all revenue for the year. Sure, this is $157M, but even that would probably not cover the cost of a six nines infrastructure.

That said, they could save up to $120M per year by going to 99.9%, and that might be doable.