Hello all,
several users need to connect to an application running on some host (H1) out there listening on some port. The only way to connect to it is by using VPN. So we would need to configure several VPNs between their laptops and the host H1. We thought the easiest way to do that would be to create some VM (VM1) in an isolated (for security reasons it is important requirement) VPC in AWS which then will have VPN configured between VM1 and H1 (sort of like in the attached picture). And users will connect to VM1 using RDP and then use the app on H1 through web browser running on VM1.
The required VPN for H1 is IPSEC VPN.
Is this the simplest (but secure) solution ? Is there any alternative to it ?
You forgot the “attached picture”.
-
Where is H1? Sounds like it is not already in AWS and probably not under your control?
-
why add the complexity of a bastion/jump host (VM1) if you’ve going to VPN between H1 and VM1 anyway? Just have the users VPN directly to H1. This seems like unnecessary complexity unless you are trying to man-in-the-middle users, which may or may not be a valid requirement.
You could just set up aws client vpn. Your setup sounds like a mess and really provides no additional benefit.
Sorry - I was pretty sure it was attched …
Have just attached it.
The H1 host is not under my control.
The reason for this idea was that we _cannot_ connect to H1 host without VPN.
If we have X clients we would need to establish X VPN connections between our laptops and the H1 host. In the model above there is only one VPN config: between VM1 and H1.
You can set up client vpn to the Amazon vpc and then from there connect to H1. You don’t need necessarily need the VM1 in the mix there.
And don’t expose rdp to the internet ffs.
Thanks u/roiki11.
Are you referring to client vpn between H1 and AWS VPC or between laptops and VPC ?
The problem is that H1 can be only accessible through VPN - there is no other way.
AWS has a service called Client VPN.
this indeed looks very interesting - thank you u/roiki11 
