Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Virtual network inside 1 server

Posted on 2012-04-12
4
397 Views
Last Modified: 2012-06-27
Im trying to figure out the best way to secure access to a particular website, which is only required to be accessed by a few individuals.

My idea at the moment, is to create a VPN server, where the users can connect and get onto the site by loading their own web software up and connecting, however Im not sure how I can setup a network inside my server.

Is it possible to setup a virtual network inside my server (eg 192.168.1.1-254), so when a user connects, I can assign them an IP address (eg 192.168.1.200-210), and have my apache listening to other ports (eg 192.168.1.100-110).

My issue is I have a stand-alone server, which I want to use as my VPN server, and apache server, so users can connect via secure VPN and then see the web site inside. I dont have any more IPs apart from its external IP address (which currently is serving all the sites, but not securly).

Any ideas, even if Im going along the right path here of doing this?

Thank you
0
Comment
Question by:tonelm54
  • 2
4 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 37838439
I would use apache to secure the site, and simply put it on a different port ( 8080 etc )

A lot less work I would think

I hope this helps !
0
 

Author Comment

by:tonelm54
ID: 37838535
True, and thats how it currently works, however there is a lot of very sensitive information to be uploaded, so I need to protect it a little more.

I would just restrict to only certain IPs but the IPs the users are using to connect will change.

I could change the host so it only listens for a particular host, then change the hosts file on the PCs but the PCs will also change.

I know I could simply use usernames and passwords, but I would like to secure the data transmittion, and only have 1 IP address for multiple sites, so cant use SSH.

Ive been thinking for a while on this, and think the only way is to use VPN, and then "somehow" use internal IPs and get Apache to listen to these internal IPs :-S

Good fun ehh :-)
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 250 total points
ID: 37838645
Can you do a vpn on your router rather than on the Windows server ?
0
 
LVL 1

Accepted Solution

by:
nmitev earned 250 total points
ID: 37843053
If you run the site over https rather than http thats secure enough for all banks and online shops out there. As long as it is for internal use only, you don't need to buy certificates, you can generate them yourself.
If you want an additional authentication stage before that, you can set up a clientless VPN server on a  separate machine and then a static OpenVPN tunnel between that and your server. The secure apache instance can then be configured to listen only on the tun1 (or any number here) interface belonging to the tunnel between the web server and the VPN server.

Look at http://sourceforge.net/projects/openvpn-als/.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question