VPN: Difference between revisions

From Open Source Ecology
Jump to navigation Jump to search
(Created page with "A VPN is a system that establishes a private network across a public network, such as the Internet ==Use in Dev Server== OSE launched a single staging/dev server in Hetzner...")
 
No edit summary
Line 9: Line 9:
Ideally, OSE would have a single rack of colocated hardware at a datacenter near FeF. As campuses pop-up, we could provision new racks at new datacenters that peer with each-other over time, if needed.
Ideally, OSE would have a single rack of colocated hardware at a datacenter near FeF. As campuses pop-up, we could provision new racks at new datacenters that peer with each-other over time, if needed.


The reality is that we have a dedicated server in Falkenstein, Germany<ref>https://wiki.hetzner.de/index.php/Benennung_Rechenzentren/en</ref>; a cloud instance at a different DC in Falkenstein; a physical office in Missouri, USA that will likely have servers in the future; and developers all over the world -- which begs the [https://serverfault.com/questions/980743/vpn-connection-between-distinct-cloud-instances question]: how do you architect a VPN with this hodge-podge of geographically dispersed servers & clients?
The reality is that we have a dedicated server in Falkenstein, Germany<ref>https://wiki.hetzner.de/index.php/Benennung_Rechenzentren/en</ref>; a cloud instance at a different DC in Falkenstein; a physical office in Missouri, USA that will likely have servers in the future<ref>https://wiki.opensourceecology.org/wiki/OSE_Internet#Internet_Upgrades_2019</ref>; and developers all over the world -- which begs the [https://serverfault.com/questions/980743/vpn-connection-between-distinct-cloud-instances question]: how do you architect a VPN with this hodge-podge of geographically dispersed servers & clients?


Certainly a hub-and-spoke <ref>http://www.internet-computer-security.com/VPN-Guide/VPN-Topologies.html</ref> openvpn model is possible, but that introduces a single-point-of-failure.
Certainly a hub-and-spoke <ref>http://www.internet-computer-security.com/VPN-Guide/VPN-Topologies.html</ref> openvpn model is possible, but that introduces a single-point-of-failure.

Revision as of 12:43, 9 September 2019

A VPN is a system that establishes a private network across a public network, such as the Internet

Use in Dev Server

OSE launched a single staging/dev server in Hetzner Cloud in 2019. For security reasons it's imperative that this server is locked-down and sitting *behind* a VPN.

Looking Forward

Ideally, OSE would have a single rack of colocated hardware at a datacenter near FeF. As campuses pop-up, we could provision new racks at new datacenters that peer with each-other over time, if needed.

The reality is that we have a dedicated server in Falkenstein, Germany[1]; a cloud instance at a different DC in Falkenstein; a physical office in Missouri, USA that will likely have servers in the future[2]; and developers all over the world -- which begs the question: how do you architect a VPN with this hodge-podge of geographically dispersed servers & clients?

Certainly a hub-and-spoke [3] openvpn model is possible, but that introduces a single-point-of-failure.

A better option would be a decentralized mesh-style VPN solution, such as ZeroTier.

See Also

Links

  1. https://wiki.hetzner.de/index.php/Benennung_Rechenzentren/en
  2. https://wiki.opensourceecology.org/wiki/OSE_Internet#Internet_Upgrades_2019
  3. http://www.internet-computer-security.com/VPN-Guide/VPN-Topologies.html
Retrieved from "https://wiki.opensourceecology.org/index.php?title=VPN&oldid=198314"