Answer the question
In order to leave comments, you need to log in
Proxmox on Hetzner, how to set up a VPN with the office?
Welcome all.
There is an office in a major city of the CIS.
PC park, about 20, there is a file share, network printers. Almost all PCs are thick clients that will connect via RDP to a Windows server on Hetzner.
Mikrotik equipment in the office:
- Mikrotik AH1100AHx4 router
- 3 switches Mikrotik CRS328-24P-4S+RM
Server ordered on Hetzner (32 core, 128 RAM, 2 Tb SSD). Hetzner will have an RDP server for users from the office, a domain, a file server, a 1C database server.
I ask to prompt on a question: how to organize a network between office and a remote server?
Suppose I install Proxmox for virtualization.
How to provide routing? By means of Proxmox itself? Or install a virtual Mikrotik Router OS on Proxmox? Which VPN to choose?
Interested in general terms, what are the options for solving such a problem.
The task looks like this: to connect virtual servers on Hetzner with the office, including access to network printers, and network balls in the office.
Answer the question
In order to leave comments, you need to log in
A cheap option is a VPN from a windows server inside Proxmox to a router in the office. There is a problem of protecting proxmox itself - it will look outside.
A beautiful option is a separate virtual machine based on linux\mikrotik, on which the public address of the Hetzner server will hang and which will forward packets inside the virtual network, receive VPN from the office or even directly from remote users, protect your virtual machines and proxmox.
Because If you need to drive in an SMB tunnel, then OpenVPN on Mikrotik is not an option, it's too slow. In terms of performance, IPsec or GRE + IPsec is optimal. Everyone is looking forward to WireGuard on Mikrotik in Stable.
WiKi
It is
possible to lift GRE directly on ProxMox + OpenVSwitch. But it is difficult to set up, debug, support.
https://documentation.online.net/en/dedicated-serv... It
would be optimal to bring up a guest machine and use it as a GW. White IP is better to use 2, one for WEB ProxMox, the second for GW.
As a GW
pfSense
VyOS
Linux + iptables
Mikrotik
Linux + iptables is my choice, because I can lift almost everything on it and this is a minimum of resources for a guest VM.
Raise a regular OpenVPN network.
https://github.com/nyr/openvpn-install
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
You can also buy a license for CHR Mikrotik for $45 and install it in a virtual machine. After building tunnels between Mikrotiks and so on.
I would put a guard, on it the response and performance is much better than on openvpn, it is especially sensitive on rdp.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question