Friday, December 13, 2019

VPN not allowed, but I do it anyways.

Hey guys,

I’m a networking/media tech guy for an isolated media network. The network is about 100 users connected to a media server for video editing.

The server itself is 8 chassis stripped together as one big server with 128 HDDs. So the Maintance for this server is a big job. Plus it’s about 5 years old already!

Our media network works behind the client run internet. The clients parent company owns the building and provides Internet.

So to my question. I want to monitor the server remotely. But the parent company is no internet. But it’s not our clients policy, it’s the execs policy above her.

So I have a secure 256 aes open vpn tunnel that uses WAN whitelisted blocked IPs and certificates with TA keys. My OpenVPN network is set to auto update the OS and as an additional security measure it auto blocks any WAN attempt to get in. Only a few guys have a key and cert to access the tunnel.

On my tunnel I have Zabbix and nagios to monitor and report the health of the server.

So I’ve already tested the client network and it does allow my “phoning home” connection to establish. So I know they are allowing vpns. Most likely due to their own IT needs to administer the network.

It seems to me that if you let the IT guys tunnel in then you should let the media network guys tunnel in. I’m pissed they are going to take away my monitor solution. It’s gonna be so hard to maintain that server a long with all the other servers we maintain from other clients.

What would you guys do? Hook up a low key vpn server on site, or through in the towel and wait for the client to call when they are having issues?



No comments:

Post a Comment