Virtual network inside 1 server

Im trying to figure out the best way to secure access to a particular website, which is only required to be accessed by a few individuals.

My idea at the moment, is to create a VPN server, where the users can connect and get onto the site by loading their own web software up and connecting, however Im not sure how I can setup a network inside my server.

Is it possible to setup a virtual network inside my server (eg 192.168.1.1-254), so when a user connects, I can assign them an IP address (eg 192.168.1.200-210), and have my apache listening to other ports (eg 192.168.1.100-110).

My issue is I have a stand-alone server, which I want to use as my VPN server, and apache server, so users can connect via secure VPN and then see the web site inside. I dont have any more IPs apart from its external IP address (which currently is serving all the sites, but not securly).

Any ideas, even if Im going along the right path here of doing this?

Thank you
tonelm54Asked:
Who is Participating?
 
nmitevCommented:
If you run the site over https rather than http thats secure enough for all banks and online shops out there. As long as it is for internal use only, you don't need to buy certificates, you can generate them yourself.
If you want an additional authentication stage before that, you can set up a clientless VPN server on a  separate machine and then a static OpenVPN tunnel between that and your server. The secure apache instance can then be configured to listen only on the tun1 (or any number here) interface belonging to the tunnel between the web server and the VPN server.

Look at http://sourceforge.net/projects/openvpn-als/.
0
 
SysExpertCommented:
I would use apache to secure the site, and simply put it on a different port ( 8080 etc )

A lot less work I would think

I hope this helps !
0
 
tonelm54Author Commented:
True, and thats how it currently works, however there is a lot of very sensitive information to be uploaded, so I need to protect it a little more.

I would just restrict to only certain IPs but the IPs the users are using to connect will change.

I could change the host so it only listens for a particular host, then change the hosts file on the PCs but the PCs will also change.

I know I could simply use usernames and passwords, but I would like to secure the data transmittion, and only have 1 IP address for multiple sites, so cant use SSH.

Ive been thinking for a while on this, and think the only way is to use VPN, and then "somehow" use internal IPs and get Apache to listen to these internal IPs :-S

Good fun ehh :-)
0
 
SysExpertCommented:
Can you do a vpn on your router rather than on the Windows server ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.