VPN: Difference between revisions

From Open Source Ecology
Jump to navigation Jump to search
No edit summary
Line 4: Line 4:


OSE launched a single staging/dev server in Hetzner Cloud in 2019. For [[OSE_Development_Server#Security|security reasons]] it's imperative that this server is locked-down and sitting *behind* a VPN.
OSE launched a single staging/dev server in Hetzner Cloud in 2019. For [[OSE_Development_Server#Security|security reasons]] it's imperative that this server is locked-down and sitting *behind* a VPN.
===Important Files & Directories===
For more information about our vpn configuration, please see the following files & directories on the <code>osedev1</code> server:
# <code>/usr/share/easy-rsa/3/pki/</code>
# <code>/etc/openvpn/</code>


==Looking Forward==
==Looking Forward==

Revision as of 11:34, 23 October 2019

A VPN is a system that establishes a private network across a public network, such as the Internet

Use in Dev Server

OSE launched a single staging/dev server in Hetzner Cloud in 2019. For security reasons it's imperative that this server is locked-down and sitting *behind* a VPN.

Important Files & Directories

For more information about our vpn configuration, please see the following files & directories on the osedev1 server:

  1. /usr/share/easy-rsa/3/pki/
  2. /etc/openvpn/

Looking Forward

Ideally, OSE would have a single rack of colocated hardware at a datacenter near FeF. As campuses pop-up, we could provision new racks at new datacenters that peer with each-other over time, if needed.

The reality is that we have a dedicated server in Falkenstein, Germany[1]; a cloud instance at a different DC in Falkenstein; a physical office in Missouri, USA that will likely have servers in the future[2]; and developers (some with their own servers) all over the world -- which begs the question: how do you architect a VPN with this hodge-podge of geographically dispersed servers & clients?

Certainly a hub-and-spoke [3] openvpn model is possible, but that introduces a single-point-of-failure.

A better option would be a decentralized mesh-style VPN solution, such as ZeroTier.

See Also

Links

  1. https://wiki.hetzner.de/index.php/Benennung_Rechenzentren/en
  2. https://wiki.opensourceecology.org/wiki/OSE_Internet#Internet_Upgrades_2019
  3. http://www.internet-computer-security.com/VPN-Guide/VPN-Topologies.html
Retrieved from "https://wiki.opensourceecology.org/index.php?title=VPN&oldid=201754"