VPN

From Open Source Ecology
Jump to: navigation, search

A VPN is a system that establishes a private network across a public network, such as the Internet

Use in Dev Server

OSE launched a single staging/dev server in Hetzner Cloud in 2019. For security reasons it's imperative that this server is locked-down and sitting *behind* a VPN.

Important Files & Directories

For more information about our vpn configuration, please see the following files & directories on the osedev1 server:

  1. /usr/share/easy-rsa/3/pki/
  2. /etc/openvpn/

Developers: How to request access to the dev VPN

This section is intended for the OSE Developer that requires access to the developer VPN and would like to make a request for access to the OSE sysadmin.

Install Prerequisites

In order to connect to our vpn, you should install the following prerequisite software

sudo apt-get install openvpn openresolv

TODO: finish this guide

Sysadmin: How to grant access to the dev VPN

This section is intended for the OSE sysadmin and will describe the process of granting access to the developer VPN for OSE developers.

TODO

Looking Forward

Ideally, OSE would have a single rack of colocated hardware at a datacenter near FeF. As campuses pop-up, we could provision new racks at new datacenters that peer with each-other over time, if needed.

The reality is that we have a dedicated server in Falkenstein, Germany[1]; a cloud instance at a different DC in Falkenstein; a physical office in Missouri, USA that will likely have servers in the future[2]; and developers (some with their own servers) all over the world -- which begs the question: how do you architect a VPN with this hodge-podge of geographically dispersed servers & clients?

Certainly a hub-and-spoke [3] openvpn model is possible, but that introduces a single-point-of-failure.

A better option would be a decentralized mesh-style VPN solution, such as ZeroTier.

See Also

Links

  • https://wiki.hetzner.de/index.php/Benennung_Rechenzentren/en
  • https://wiki.opensourceecology.org/wiki/OSE_Internet#Internet_Upgrades_2019
  • http://www.internet-computer-security.com/VPN-Guide/VPN-Topologies.html
  • Retrieved from "https://wiki.opensourceecology.org/index.php?title=VPN&oldid=202249"