Best way to proxy local servers through VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
vitaprimo
Posts: 2
Joined: Sun Jul 30, 2017 12:36 pm

Best way to proxy local servers through VPN

Post by vitaprimo » Sun Jul 30, 2017 1:49 pm

Hello!

I'm looking for a little guidance, I hope I'm in the right place.

I have in my network several servers and services that need to be accessed everyday but hackers have lately been going harder on my IDS and IPS. Many times a week I need direct console access to my computers so VNC/RDP ports are open, and, along with SSH and SIP, these are the ones that get attacked the hardest. Fortunately I have a PKI in place in lieu of regular passwords for most stuff and they haven't been able to beat down the firewall...yet. About three days ago I received a Little Snitch VNC incoming connection alert on one computer and that's what made me do something more about it, yes, the port *is* deliberately open and NATting to that computer but still.

After some research I found out a VPS provider with good transfer cap prices so I though on placeshifting my servers' gateway to and from the internet over VPN so all the actual server equipment remains in place and relays the server-related traffic and other Intranet requests remotely, in a place where a DDoS attack couldn't completely halt my network; their data transfer quotas seems reasonable and I wouldn't be sending all the traffic thought that remote exit anyway, just the server stuff. Regular traffic could be policy routed to exit locally but my IP address wouldn't have public DNS information attached to them, so there would be, at least in my head, less chance of getting pinpointed by hackers.

Yesterday I came across SoftEther VPN completely by accident, I was researching on how to setup IKEv2 StS tunnels on Linux distros I haven't worked with before and I'm finiding incredibly appealing the software. The whole bridge and server thing is not that clear though, from all the examples the closes I could find to my scenario would be the [public to]-cloud-to LAN except that's missing the public access at the beginning. Another scenario would be the Virtual NAT or Safety NAT, something like that, it wasn't very clear so I'm here.

I thought about designating a local server so the public, rented VPS host makes the links (I have three, for bandwidth reasons) to a designated internal server and this in turn be isolated on a DMZ zone by the firewall because from what I got in the documentation, there's little protection coming from traffic from a SoftEther VPN bridge interface.

Am I even remotely close to right? If so, or if not, what else could I do to implement this right. In theory I know how to set it up but this has got to be the hardest thing I've [networkingly-speaking] done since I decided I wanted Active Directory-assigned VLANs without even knowing if that was even a thing. LOL. I really appreciate your input.

Regards!

vitaprimo
Posts: 2
Joined: Sun Jul 30, 2017 12:36 pm

Re: Best way to proxy local servers through VPN

Post by vitaprimo » Thu Feb 01, 2018 1:44 pm

Thanks but I've tried lots of stuff, nonstop for months, proxies usually only work with certain kinds of traffic, not everything and a very specific query don't return much hits.

I ended up setting up pfSense on a VPS and tunneling to my firewall, static routing on both ends also was needed because in the end only one server I *realy* needed to proxy after all. And there there was the issue of default gateways and multihoming, since I'd still want that host local connectivity so it could communicate with Active Directory it was a complete nightmare but made it work in the end. :)

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Best way to proxy local servers through VPN

Post by thisjun » Thu Feb 15, 2018 6:09 am

Do you want to redirect the traffic from VPS to local?
or
to access to VPS to maintenance?

Post Reply