Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
manikyath

Firewall for very specific use case

Recommended Posts

Posted · Original PosterOP

soo.... it's one of those "me" topics again..

 

i'm looking for a firewall / router software that'll allow remote users to connect to a VPN, which will grant them access to the stuff i host on my server, as an alternative for port forwarding (and passwords, whitelists, and all the other garbage that brings..), sort of a DIY hamachi alternative that isnt terrible.

 

in other words, i want something i can throw in a VM on my server, that does the following:

- user needs to connect trough windows' built in VPN (NO exceptions here, end users are dum users)

- all connected users need to be seperated (cannot ping each other, etc.)

- this same VM needs a form of "port forwarding" where i can easily allow or disallow access to a certain port, on a certain IP address.

- this all, ideally, fits in a VM with 1GB RAM or less.

 

according to following (extremely professional) schematic:

762f8e0058.png

 

Things i dont care about

- high secure VPN connections. all that's going over the VPN is essentially meant to be on a public network anyways.

- enterprise features

- heritage of sorts, where a piece of software is better because it has more history.

 

Things i DO care about

- ease of use, both for configuration, and for the end user.

- as low resource usage as sensibly possible

- keeping it to a single VM, mostly for resource usage, and number of hops, since latency is of notable concern.

 

Things i've tried, and why they failed

- PFsense: VPN configuration is horrible, even when following the guide to the letter. creating firewall rules ("port forwarding") 

- OPNsense: see above

- IPFire: this web interface is actually worse than D-link..

- linux firewall: PLEASE SOMEONE FIND ME AN EASY TO USE INTERFACE FOR THIS.. I NEED THIS IN MY LIFE.

 

 

So.. in short, i need a platform of sorts that runs in a virtual machine, has a VPN server that plays nice with windows' vpn client, and has an easy interface for firewall/portforward management. the latter being split into making rules, and enabling/disabling them.

Link to post
Share on other sites

I think to make them invisible to one another you'd have to start at the lowest level that is practical...like the LAN...then have a virtual network with a virtual VPN server for each user?  Like these kind of puzzles though.

Link to post
Share on other sites

Depending on what is actually being hosted a VPN may not even be necessary. I'm not really sure how you've come the the conclusion that a VPN is less hassle to setup and manage than just port forwarding.

Link to post
Share on other sites
Posted · Original PosterOP
2 hours ago, Emtu said:

Depending on what is actually being hosted a VPN may not even be necessary. I'm not really sure how you've come the the conclusion that a VPN is less hassle to setup and manage than just port forwarding.

because i often cycle what gameservers i'm hosting, and not all of them have sensible passwording systems, or allow you to hide from the in-game serverlist. in a sense every hour i spend on figuring out this setup, pays off in 2-3 iterations of configuring passwords or a whitelist on whatever game server.

Link to post
Share on other sites

Can you not just swap in a EdgeRouter Lite or a Mikrotik hEX and use the VPN service on those. If you can relax needing to use the native Windows VPN OpenVPN Community has always been a good option and it's really not that hard to install the client and get connected, probably easier than the Windows VPN.

Link to post
Share on other sites
Posted · Original PosterOP
1 hour ago, leadeater said:

Can you not just swap in a EdgeRouter Lite or a Mikrotik hEX and use the VPN service on those. If you can relax needing to use the native Windows VPN OpenVPN Community has always been a good option and it's really not that hard to install the client and get connected, probably easier than the Windows VPN.

unfortunately the windows VPN is a necessity, because i have some end users that dont want to install anything...

 

as for the VPN router side of things... my main router is a VPN router, but its VPN implementation has some limitations that basicly make it not suitable for this.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×