Solving routing issue in Private VPS Cloud 

In the private VPS cloud solution I have built and setup in the last couple of years there was a small nagging issue that needed to be solved.  I wanted to have a routed layer 2 network and be able to use the public load balancers provided by the VPS provider.

When we started the platform, we got the non-routed layer 2 network up and running pretty fast. Adding a OpenVPN server made the Site-2-Site more and less working. It works, the only caveat I had was that everybody had the same originating source IP in the layer 2 network. We still had the issue that all of the servers could access the internet directly. And with the number of server rising ( > 40 ) an increasing worry.

How to solve the following issues:

  • Limit direct connection to the internet to those servers that host our sites
  • Be able to access those servers that do not need to be connected directly to the internet
  • Create a indirect connection to the internet for these servers
  • Have a single point of entry for the VPN connections.
  • Make sure that not all servers are accessible for all users.