Firewall for very specific use case

[manikyath]

soo.... it's one of those "me" topics again..

 

i'm looking for a firewall / router software that'll allow remote users to connect to a VPN, which will grant them access to the stuff i host on my server, as an alternative for port forwarding (and passwords, whitelists, and all the other garbage that brings..), sort of a DIY hamachi alternative that isnt terrible.

 

in other words, i want something i can throw in a VM on my server, that does the following:

- user needs to connect trough windows' built in VPN (NO exceptions here, end users are dum users)

- all connected users need to be seperated (cannot ping each other, etc.)

- this same VM needs a form of "port forwarding" where i can easily allow or disallow access to a certain port, on a certain IP address.

- this all, ideally, fits in a VM with 1GB RAM or less.

 

according to following (extremely professional) schematic:

 

Things i dont care about

- high secure VPN connections. all that's going over the VPN is essentially meant to be on a public network anyways.

- enterprise features

- heritage of sorts, where a piece of software is better because it has more history.

 

Things i DO care about

- ease of use, both for configuration, and for the end user.

- as low resource usage as sensibly possible

- keeping it to a single VM, mostly for resource usage, and number of hops, since latency is of notable concern.

 

Things i've tried, and why they failed

- PFsense: VPN configuration is horrible, even when following the guide to the letter. creating firewall rules ("port forwarding") 

- OPNsense: see above

- IPFire: this web interface is actually worse than D-link..

- linux firewall: PLEASE SOMEONE FIND ME AN EASY TO USE INTERFACE FOR THIS.. I NEED THIS IN MY LIFE.

 

 

So.. in short, i need a platform of sorts that runs in a virtual machine, has a VPN server that plays nice with windows' vpn client, and has an easy interface for firewall/portforward management. the latter being split into making rules, and enabling/disabling them.

[Stu_Bear]

I think to make them invisible to one another you'd have to start at the lowest level that is practical...like the LAN...then have a virtual network with a virtual VPN server for each user?  Like these kind of puzzles though.

[Emtu]

Depending on what is actually being hosted a VPN may not even be necessary. I'm not really sure how you've come the the conclusion that a VPN is less hassle to setup and manage than just port forwarding.

[manikyath]

2 hours ago, Emtu said:

Depending on what is actually being hosted a VPN may not even be necessary. I'm not really sure how you've come the the conclusion that a VPN is less hassle to setup and manage than just port forwarding.

because i often cycle what gameservers i'm hosting, and not all of them have sensible passwording systems, or allow you to hide from the in-game serverlist. in a sense every hour i spend on figuring out this setup, pays off in 2-3 iterations of configuring passwords or a whitelist on whatever game server.

[leadeater]

Can you not just swap in a EdgeRouter Lite or a Mikrotik hEX and use the VPN service on those. If you can relax needing to use the native Windows VPN OpenVPN Community has always been a good option and it's really not that hard to install the client and get connected, probably easier than the Windows VPN.

[manikyath]

1 hour ago, leadeater said:

Can you not just swap in a EdgeRouter Lite or a Mikrotik hEX and use the VPN service on those. If you can relax needing to use the native Windows VPN OpenVPN Community has always been a good option and it's really not that hard to install the client and get connected, probably easier than the Windows VPN.

unfortunately the windows VPN is a necessity, because i have some end users that dont want to install anything...

 

as for the VPN router side of things... my main router is a VPN router, but its VPN implementation has some limitations that basicly make it not suitable for this.