Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home

NashBrydges

@scottalanmiller said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

@NashBrydges said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

@scottalanmiller said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

What VPN are you planning to use?

Good question. I'm interested in recommendations since Linux is still so new. I'm essentially looking to create a site-to-site VPN between Ubuntu and Sophos UTM. And if I'm using a single network interface, I'm assuming this will require some sort of split dns setup?

So it is the Sophos that is the limiting factor here. What does Sophos support? It does not support ZeroTier, Pertino or Hamachi so those are ruled out. Does it support OpenVPN or IPSec?

Sophos does dupport IPSec.

NashBrydges

@scottalanmiller said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

@NashBrydges said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

And if I'm using a single network interface, I'm assuming this will require some sort of split dns setup?

What does the interface have to do with it? DNS is not dependent on interface.

To be clear about my intended use, I want to have HTTPS traffic from the internet continue to route to the server via its public IP address. The site-to-site VPN is to allow all other traffic. If I setup a simple site-to-site VPN, then ALL traffic will route through the VPN. This is not what I want to do since I have a dyamic IP and the server needs to be reachable via the domain name. My public DNS records can't point to my dynamic IP without having to be changed whenever my IP changes.

Mike Davis

This is more a matter of routing by port number than by DNS.

@NashBrydges said in [Ubuntu Server 2 Network Interfaces

To be clear about my intended use, I want to have HTTPS traffic from the internet continue to route to the server via its public IP address. The site-to-site VPN is to allow all other traffic. If I setup a simple site-to-site VPN, then ALL traffic will route through the VPN. This is not what I want to do since I have a dyamic IP and the server needs to be reachable via the domain name. My public DNS records can't point to my dynamic IP without having to be changed whenever my IP changes.

scottalanmiller

@NashBrydges said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

To be clear about my intended use, I want to have HTTPS traffic from the internet continue to route to the server via its public IP address. The site-to-site VPN is to allow all other traffic. If I setup a simple site-to-site VPN, then ALL traffic will route through the VPN.

No, that is not what happens. You are mixing the concepts of routing, traffic origination and such. If you set up a VPN, your web server will still be listening to the public IP address. You are imagining a problem to solve that does not exist.

Also, no relationship to DNS.

Dashrender

@scottalanmiller said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

@NashBrydges said in Ubuntu Server 2 Network Interfaces whith 1 that is public + 1 that VPNs back home:

To be clear about my intended use, I want to have HTTPS traffic from the internet continue to route to the server via its public IP address. The site-to-site VPN is to allow all other traffic. If I setup a simple site-to-site VPN, then ALL traffic will route through the VPN.

No, that is not what happens. You are mixing the concepts of routing, traffic origination and such. If you set up a VPN, your web server will still be listening to the public IP address. You are imagining a problem to solve that does not exist.

Also, no relationship to DNS.

the only time you might run into a problem is if you Ubuntu server registers itself into your local DDNS sever at your site when it comes online through the VPN with the same host name as what you use on the public internet. These seems unlikely, so you shouldn't ever see this problem.

DustinB3403

@scottalanmiller I get what he wants to do, which is have a dedicated VPN Interface so that there is no bottleneck or interference with the public interface for the website.

He is creating an issue out of nothing though, the single interface should be more than enough to support a management VPN and the website.

donaldlandru

Depending on what your agreement includes, how much you plan on hosting in azure, etc. You may want to look at the VPN gateway, essentially a vRouter that can communicate with your azure private networks and create a site to site tunnel back home. Make sure not to confuse this with ExpressRoute.

https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/

NashBrydges

@donaldlandru Sorry about the radio silence, had a couple emergencies to deal with.

This is clearly my best option. Thanks for pointing that out, I was just reading up on it and will have to give it a try.

Murtlap

Linux computers are as vulnerable to hacks, malware attacks and virus infections just like any PC or Mac. Linux or Ubuntu operating systems do not provide any additional protection. You can make your connections secure and anonymous with a VPN easily. A VPN service can also allow Linux users to bypass censorship filters and geo blocks.

travisdh1

@Murtlap We'd all agree with you on the Linux isn't any more secure just because it's Linux point! Hopefully we'll have the video from my speech at MangoCon available soon. If not, you can always look at my slide deck.