What I want to do is only allow access to another vps server if I access it thru a vpn connection… not sure how to do this. Hosting24 gives each vps server a public ip.
Where I am stuck: How do I limit access to vps servers so they can only be access thru openvpn?
If anyone can point me to some documentation or in the right direction I would appreciate it.
You need to configure the firewall on the server appropriately, probably something like nftables, iptables or pf (I’m a bist rusty in that department).
First of all, you need to get the tunnel up and running. Then when you enable the firewall, you will need an Allow rule for traffic coming in on the public interface on the VPN server port. If you wish, everything else can be blocked. It may also be necessary to add a rule to allow the VPN clients to access ports on the VPN server, so that you can reach your services.
How exactly the rules are configured depends on what firewall you use.
That makes sense… I think with hosting24 the vps servers are using firewalld ((centos). I don’t think they support anything like vlans or cloud firewalls etc… so I think everything would need to do thru firewall rules.
I don’t know what type of firewall they offer in the management interface or how flexible it is. Regardless, implementing a firewall locally on the server itself should always work and it would be my preferred way of doing it.
I’m so dumb… went to linode around the same price as hosting24 + has vlan support. Spun up an openvpn instance without much issue but just realized out of the box you only get 2 vpn connections… going down the wireguard route. Thanks for the feedback though!
I’m not sure I’m following. What’s a VPS got to do with VLANs? It has a public IP address and can probably only talk to its gateway on layer 2. No need to mess around with Ethernet / VLANs. And since you can do whatever you like with it, what’s stopping you from installing your own VPN server on it with no restrictions whatsoever? Maybe I’m not understanding the service you bought from hosting24 or Linode, but when I read VPS, I think of a linux box that I can SSH into and do stuff with.
Vlan would let me not expose the servers directly to the internet and isolate them… to your point with firewalld or the like I can control access thru the vpn server. The vlan is nice but not necessary… the pricing on linode is a bit more but seems to have more features.
My end goal is to only allow access to the internal vps servers thru the vpn… the vlan is just another level of isolation.