In the private VPS cloud solution I have built and setup in the last couple of years there was a small nagging issue that needed to be solved. I wanted to have a routed layer 2 network and be able to use the public load balancers provided by the VPS provider.
When we started the platform, we got the non-routed layer 2 network up and running pretty fast. Adding a OpenVPN server made the Site-2-Site more and less working. It works, the only caveat I had was that everybody had the same originating source IP in the layer 2 network. We still had the issue that all of the servers could access the internet directly. And with the number of server rising ( > 40 ) an increasing worry.
How to solve the following issues:
- Limit direct connection to the internet to those servers that host our sites
- Be able to access those servers that do not need to be connected directly to the internet
- Create a indirect connection to the internet for these servers
- Have a single point of entry for the VPN connections.
- Make sure that not all servers are accessible for all users.