Hi epoch1970,
If I am understanding correctly, this would mean I would not be able to use my own machine to connect to the branch-offices though?
That would make it much less convenient (albeit more secure, and the two will often be inversely related). I can imagine having to walk back and forth between the destination (isolated) machine and my own to get information / required tools all the time. I think I'd prefer to stick with having to wait for a staff member to be onsite at the branch-office and talk them through whatever might be required Image may be NSFW.
Clik here to view.
However, is there any other way to isolate an incoming VPN connection so that, rather than just being on the LAN, it terminates only on a specific endpoint? If so, perhaps I could use a VPN solution like you are suggesting, but have it terminate on a machine (might be a VM) that was powered off most of the time?
Thanks,
Alan.
Currently fifteen.How many branches? This is a mess, with many branches it qualifies as an unmanageable mess.
This would seem to be more secure since the the destination machine at head-office would be isolated from the rest of the local network.Use a VPN and separate the network from applications and users. OpenVPN with certificates will do fine. Manage certificates creation strictly.
Route incoming internet connections to a separate host in a DMZ network, not into the main LAN. To work on remote sites, walk up to the host in DMZ.
Alternatively, run openvpn on the router of the main site and have all hosts connect to it. Within the LAN, run one more VPN client and connect to the router in order to access remote sites.
Plan for concurrent connections and accessing multiple sites from a single workstation (some sort of copy-paste scenario.) In other words, plan for a host naming scheme, IP network sizes/numbers, IP ports.
HTH
If I am understanding correctly, this would mean I would not be able to use my own machine to connect to the branch-offices though?
That would make it much less convenient (albeit more secure, and the two will often be inversely related). I can imagine having to walk back and forth between the destination (isolated) machine and my own to get information / required tools all the time. I think I'd prefer to stick with having to wait for a staff member to be onsite at the branch-office and talk them through whatever might be required Image may be NSFW.
Clik here to view.
However, is there any other way to isolate an incoming VPN connection so that, rather than just being on the LAN, it terminates only on a specific endpoint? If so, perhaps I could use a VPN solution like you are suggesting, but have it terminate on a machine (might be a VM) that was powered off most of the time?
Thanks,
Alan.
Statistics: Posted by Alan2409 — Tue Sep 10, 2024 9:14 pm
