I need to be able to connect printers at homes to our network in order to communicate with a dev server. So, in order to maintain some sort of security, and to avoid doing site2site connections at everyone's home, I had this idea:
What if I set up something like an OpenVPN server, and configured routers to connect to it, and handed those out? The VPN network would just be like a DMZ, where the only thing open to that network are the necessary ports on the dev server. So, users could connect anything to the router, and they wouldn't be able to do anything other than the printer stuff, so it would discourage them from connecting things in the first place.
My questions:
1 - Is this a good approach? Any better ideas out there?
2 - Being primarily a server guy, I'm not amazing at network stuff beyond the basics. Would I put the OpenVPN server in front or behind the Sonicwall? If I put it in front, I could just port forward the couple of things to the dev server. If I put it behind, I'd just forward VPN traffic to the server, and then put the DMZ on a different VLAN? Is there a better way?
No comments:
Post a Comment