Solved

Virtual network inside 1 server

Posted on 2012-04-12
4
400 Views
Last Modified: 2012-06-27
Im trying to figure out the best way to secure access to a particular website, which is only required to be accessed by a few individuals.

My idea at the moment, is to create a VPN server, where the users can connect and get onto the site by loading their own web software up and connecting, however Im not sure how I can setup a network inside my server.

Is it possible to setup a virtual network inside my server (eg 192.168.1.1-254), so when a user connects, I can assign them an IP address (eg 192.168.1.200-210), and have my apache listening to other ports (eg 192.168.1.100-110).

My issue is I have a stand-alone server, which I want to use as my VPN server, and apache server, so users can connect via secure VPN and then see the web site inside. I dont have any more IPs apart from its external IP address (which currently is serving all the sites, but not securly).

Any ideas, even if Im going along the right path here of doing this?

Thank you
0
Comment
Question by:tonelm54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 37838439
I would use apache to secure the site, and simply put it on a different port ( 8080 etc )

A lot less work I would think

I hope this helps !
0
 

Author Comment

by:tonelm54
ID: 37838535
True, and thats how it currently works, however there is a lot of very sensitive information to be uploaded, so I need to protect it a little more.

I would just restrict to only certain IPs but the IPs the users are using to connect will change.

I could change the host so it only listens for a particular host, then change the hosts file on the PCs but the PCs will also change.

I know I could simply use usernames and passwords, but I would like to secure the data transmittion, and only have 1 IP address for multiple sites, so cant use SSH.

Ive been thinking for a while on this, and think the only way is to use VPN, and then "somehow" use internal IPs and get Apache to listen to these internal IPs :-S

Good fun ehh :-)
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 250 total points
ID: 37838645
Can you do a vpn on your router rather than on the Windows server ?
0
 
LVL 1

Accepted Solution

by:
nmitev earned 250 total points
ID: 37843053
If you run the site over https rather than http thats secure enough for all banks and online shops out there. As long as it is for internal use only, you don't need to buy certificates, you can generate them yourself.
If you want an additional authentication stage before that, you can set up a clientless VPN server on a  separate machine and then a static OpenVPN tunnel between that and your server. The secure apache instance can then be configured to listen only on the tun1 (or any number here) interface belonging to the tunnel between the web server and the VPN server.

Look at http://sourceforge.net/projects/openvpn-als/.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question