Access Server: all about network configurations
Access Server — is software for creating and managing a virtual private network developed by OpenVPN Technologies, Inc. It provides a secure remote connection to the network and protects transmitted data using the VPN encryption protocol. Access Server allows administrators to easily configure and manage user access to network resources via VPN, providing a high level of security and configuration flexibility. This is a powerful tool for providing secure remote access to corporate resources and protecting confidential information.
Main network configuration options when using Access Server
There are many different network configurations supported by the flexibility of Access Server. Depending on your requirements, these configurations are a good starting point for setting up a VPN. Once deployed, Access Server will create a VPN subnet for easy routing and provide an additional layer of security when enabling access to private networks. Below are the three most common network configurations used when deploying OpenVPN Access Server:
- one network interface on a private network;
- configuration with two network interfaces – public and private;
- one network interface on a public network.
Basic setup: one network interface in a private network
The basic setup is one network interface on a private network behind a firewall. Use Access Server to set up secure access to a private network behind a firewall. In this configuration, the Access Server is located on the internal corporate network. Users outside the network gain access using VPN. In this configuration, Access Server has one network interface to the private network. There may be other interfaces on the system that are not used by Access Server.
For this configuration, the Internet Gateway forwards TCP/UDP port traffic from the public IP address to the Access Server's private IP address. At a minimum, one TCP port is forwarded (usually port 443). This TCP port can carry both VPN tunnel traffic and web/connection client server traffic. If desired, VPN tunneling can be separated from the web client server traffic, in which case the TCP or UDP port (for example, UDP port 1193) is additionally forwarded for the VPN tunnel.
A variation of this network configuration assumes that the Access Server with a single interface is connected to the DMZ buffer network provided by the firewall. As mentioned above, the same forwarding of client traffic is required. Additionally, you may need to configure your firewall to allow traffic between the Access Server and the private network behind the firewall.
Public + private network interfaces
A configuration with two network interfaces - one for public access and the other for private, private access - is often used when the Access Server is located inside a corporate network, but has its own public IP-address. In this configuration, Access Server communicates with clients outside the corporate network through its public IP interface, while a different network interface is used to communicate with devices on the private IP network and transfer data between VPN tunnels and the private network.
Configuration with one network interface on a public network
If we consider a configuration with a single network interface on a public network, it is most often used when the Access Server is hosted in a data center in order to create a virtual IP network to which all VPN clients can connect to interact with those deployed on the server services.
After installation, Access Server creates a separate virtual VPN subnet, in which each connected VPN client is assigned its own IP address. If you have administrator permission to access private networks, Access Server also configures a NAT or internal routing system so that VPN clients from this virtual network can reach the private network through a private server IP-address. Access Server can create two virtual networks: one to assign "static" VPN IP addresses (i.e. the administrator defines specific IP addresses for users) and another for “dynamic” ones. VPN IP addresses.
All of these configurations provide a secure and flexible way to provide network access via VPN using Access Server, and the deployment of a virtual VPN subnet after configuration further improves the functionality and security of the entire network infrastructure.
Private VPN server: effective interaction with network resources
A private VPN server, when working together with Access Server, depending on the user’s needs, can be used as an additional level of protection, a tool for flexible and convenient remote access, as well as a backup server option if one is unavailable from Access Server.
The interaction between the private VPN server and the Access Server is carried out over the public Internet or through the VPN network, depending on the security requirements and network configuration. In any case, communication between these servers requires configuration of routing, firewall and other network components.
The decision to rent or buy a private VPN server on Private VPN server – profitable and reasonable. On the site, everyone will find comprehensive information about available rental options, various methods of paying for VPN server services, as well as useful information about the location of servers and other important information. After analyzing all the factors, you can choose the optimal solution that best suits your needs.