Fermé

New OpenVPN / Pritunl configuration

Hi guys!

I need to provide remote MySQL access to a cPanel server for a handful of clients. However, I do not want to open 3306 to the world (for obvious reasons). cPanel's remote MySQL whitelisting mechanism isn't secure enough on its own. I've already had a server get "partially" compromised by ransomware (which has since been recovered via hardening, cleanup and backup restoration procedures).

My plan is to do one of the following:

A.) Install Pritunl on the same (WHM/cPanel) server, and limit access to port 3306 to the VPN's IPs

-- or --

B.) Install Pritunl on a separate instance (in the same data center) and use private IPs / tunneling for access.

In either case, I need to provide quick and easy VPN access to 3 to 5 clients on a variety of platforms. (OpenVPN Access Server, for the web interface, is too expensive for my use case... which is why I'm opting for Pritunl.)

I'm not sure which method (A or B) is "better", but I have failed to configure option B on my own. (probably has something to do with iptables configurations and/or assigning network adapters correctly -- e.g., eth0/ens7/etc.). I am not a network / firewall specialist, and I feel that haphazardly tossing in various iptables rules, ALLOW / ACCEPT / FORWARD / etc. (adapting snippets found around the web) probably isn't the best idea since security is so important here. Trial and error just isn't worth the risk.

Note: The main server I need to provide access to runs Cloudlinux + LiteSpeed, LVE + CSF + Imunify360.

My task for you would be to implement either option A or option B, depending on your recommendation. I'm happy to assist with any setups / configurations, and provide info as needed -- but root access will only be provided for a secondary server if we go with option B.

Additional info:

Some of my clients absolutely require remote MySQL access for database administration, but they also travel a lot (too many dynamic IPs to manage efficiently). I currently have 3306 blocked in CSF until a proper VPN solution is implemented. So this project is somewhat urgent!

*** I should also mention that my limited attempts to set up OpenVPN myself ended up routing all local computer traffic through the VPN... and we don't want that. Only specific traffic should route through the VPN -- namely 3306, and perhaps FTP port 21.

Feel free to ask any questions.

Thanks!

Compétences : Linux, Administration Système, MySQL, Administration de Bases de données, Sécurité Web

en voir plus : pritunl client configuration, pritunl vs openvpn, pritunl android, pritunl alternative, pritunl openvpn config, uninstall pritunl ubuntu, pritunl import profile, pritunl github, openvpn server configuration windows, openvpn server configuration, openvpn server configuration browse internet, basical openvpn server configuration windows, openvpn client configuration windows, openvpn netscreen configuration, openvpn sip configuration, mikrotik openvpn server configuration, gamingwonderland provides these features and web search on your chrome new tab please read carefully by clicking the button abov, heroicplay provides these features and web search on your chrome new tab please read carefully by clicking the button above and, note the create the mobile apps development free, web search on your chrome new tab please read carefully by clicking the button above and installing the gamingwonderland chrome

Concernant l'employeur :
( 45 commentaires ) Stillwater, United States

Nº du projet : #27534031

11 freelance font une offre moyenne de $162 pour ce travail

osmanbsd

Systems Admin for more than than 12 years and I have used VPN for such scenarios. If you have option B already in place I can help with it and its workable.

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 2 jours
(150 Commentaires)
7.4
izghitu

Hi, Instead of option A or B I can setup the VPN server on the cPanel server directly and configure it not to route client's traffic through it. Your clients will connect directly to the VPN server running on the cPa Plus

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 3 jours
(396 Commentaires)
7.0
(49 Commentaires)
6.3
(86 Commentaires)
5.7
kashifnadeem86

Hello, l have read your project description and I will recommend option B for your scenario. I will do install a VPN server and you clients will be able to access mysql easily. Best regards,

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 3 jours
(25 Commentaires)
5.5
(15 Commentaires)
4.6
Grendon

Hi there. Actually there is an option C. And includes not using OpenVPN or iptables. Is easy to setup and maintain and it has access rules that can be setup to control what traffic goes through the connections. Soun Plus

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 5 jours
(3 Commentaires)
3.3
mailred

Greetings, After careful reading of your project description, i would like to work on it. I completed another project a few weeks back, that also involved similar setup. Here is the link, incase you want to check it ou Plus

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 7 jours
(1 Évaluation)
2.4
serhiihashenko

Hello. I offer high-quality and affordable web development and design services, providing customized solutions that best fit your business's unique needs. Having over 8 years of experience in the software industry, I h Plus

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 3 jours
(0 Commentaires)
0.0
bytebrackets

We have a lot of experience of working on server and can do it for you. You can also connect us on [login to view URL] using our chatbot for further discussion. Would love to connect.

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 2 jours
(0 Commentaires)
0.0
shahmhaswadkar12

I have configured priunl and OpenVPN in my environment so I can help you out with accomplish your requirement.

%bids___i_sum_sub_35% %project_currencyDetails_sign_sub_36% USD en 7 jours
(0 Commentaires)
0.0