So… The title.
Why? Because for example my router from Gl.iNet supports smb:// LAN NAS (you can plug hard drive in it and share through LAN). But this is not really safe approach, so I wish to have more protection…
Hi,
Please give me a little more of a description of your layout and hardware. Are you looking for local synchronization or both local and remote synchronization?
There are a couple of ways to add SMB to C. On Android.
There is a CIFS app in the Google Play Store but I have heard complaints from one or two people about reliability so instead I use RSAF to access SMB with Cryptomator and it works great so long as you start the app running in the background before accessing data.
RSAF allows C to see an SMB share as a local folder.
If you need any help trying it let me know I will assist.
Why Android?
- I wanna use smb:// links as ENCRYPTED vault (just like Cryptomator does with any other cloud)
- No sync. See 1.
- I do not need windows support. Only Android + linux
- I know about workarounds, but why not include in codebase?
Thank you very much for your help!
- Android.
I use RSAF from github to connect to SMB shares on Android and C sees that share as a local folder and can open a vault located on a Microsoft SMB server or Linux server running Samba.
- Linux.
I’m also a Linux user. I use rclone to mount an SMB share to a local Linux folder where Cryptomator can access and open the vault.
Neither Solution synchronizes anything it treats the nas server or whatever you have as a local folder.
This should be an accurate solution to your needs. Technologically it’s the only way today to use SMB with Cryptomator on both Android and Linux.
Why it’s not in the product I do not know.
Cryptomator on desktop operating systems relies on the operating system or other apps such as rclone to provide access to other servers of any protocol.
I do not have an explanation for why SMB is not in the Android client. Android products over the years hasn’t changed very much at all and I doubt it will be there anytime soon.
On Android RSAF is an SAF “storage access framework” and provides remote access to any software that supports the storage access framework which Cryptomator apparently does.
Ive been using Cryptomator for several years now and this is the only solution that im aware of that is available to you today.
For example on Android I use another app that scans documents into PDF files on the phone. RSAF lets that supposed local folder be a Cloud Drive so for me the PDF program automatically scans and uploads them to Microsoft OneDrive without even knowing that it’s talking to onedrive.
If you want to give this solution a try I can offer assistance with configuration if you need it.
I think i will be better just install webdav server on my router… Too many workarounds. Luckily it is openwrt based
Ok.
So you’re thinking if you put a webdav server on your router Cryptomator can then be configured to use webdav to connect to your vault? AI suggests that this should work.
Just remember your router has a weak processor so communication might be slow. I suggest that you run a webdav server on your Linux machine and then you can port forward from your router to that webdav. Or you can use tailscale to securely access your Linux server from outside your home.
I just did a little bit of research for you and here are my results regarding setting up what you are thinking of.
I just checked wrt firmware and webdav and it it suggests that https is going to consume a lot more resources on your router than http and it looks like it requires a hard drive attached to the router.
If you need direct remote access to a PC in your home or office I suggest using a peer-to-peer VPN called tailscale. I use their free service.
If you install it on your computer and on your cell phone or laptop you log into the same account and you’ll have a private end-to-end encrypted IP address for each device. Then when you connect on your remote machine you use the private IP address that was assigned to the server in your house and it goes through your router automatically.
I did a little more research.
Wrt firmware also supports wireguard VPN server. I would use that instead of webdav running on the router and then run webdav on your Linux machine where you’ll get better performance.
WireGuard on the router
WebDAV on the internal PC
Android app connects to the PC’s WebDAV address through the VPN
That is usually the best balance of:
compatibility
speed
security
simplicity
Architecture:
Android device
↓
WireGuard tunnel
↓
OpenWrt router
↓
Internal PC running WebDAV
This gives you several advantages over running WebDAV on the router itself:
The PC handles file serving directly
Better CPU and disk performance
Easier permissions/user management
Easier indexing/searching
Better caching
Less strain on OpenWrt
And importantly:
The WebDAV server stays completely private on the LAN
You do NOT expose WebDAV ports to the internet
Only WireGuard is exposed
That’s a strong security model.
A couple practical tips:
Use the PC’s WireGuard/LAN IP directly in the Android WebDAV client
Example:
or
You usually do NOT need HTTPS on WebDAV if it is only accessible through WireGuard.
WireGuard already encrypts the tunnel.
Double encryption often just adds overhead and certificate hassles.
If possible, give the PC a static DHCP lease in OpenWrt so its IP never changes.
Performance-wise:
This setup is typically faster than:
WebDAV on router USB storage
Samba-over-app-translation layers
Cloud relay systems
Especially if your PC has SSD storage.
One thing to watch:
Some Android WebDAV clients are surprisingly inefficient with many small files.
For large media files or backups, performance is usually fine.
For folders with thousands of tiny files, SFTP can sometimes perform better if your app supports it.
If you want, I can also help you choose:
the best lightweight WebDAV server for Windows/Linux
best Android WebDAV clients
OpenWrt WireGuard setup
split tunnel vs full tunnel
how to make the connection work automatically when away from home
1 Like