Securing my e-commerce website and SSH access

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
pipoy
OpenVpn Newbie
Posts: 2
Joined: Wed Nov 15, 2017 2:22 pm

Securing my e-commerce website and SSH access

Post by pipoy » Wed Nov 15, 2017 2:47 pm

So here is the end result that I want to happen.
Close all ports except 80, 443, and openvpn ports maybe?

Then I will allow all ports to be open if you are connected to the openvpn making the server to be secured.

Lets narrow my example to SSH connection.

So right now I have Server 1 as my website and also a openvpn installed.
All ports are closed except 80,443
I whitelist this IP 172.27.224.0/20 in/out all ports.
So if not connected to VPN, I cannot access SSH.
But if connected, i cannot have it working. I cannot connect to my server using VPN and im not sure why.

Now, I experimented another method.
I have Server 1 as my website. And Server 2 as my openvpn server.

I closed all ports of my Server 1 except 80, 443.. And whitelist the IP address of Server 2.
So when I am connected to the Server 2 via openvpn, I can connect to my Server 1 via SSH
This time it worked.

So what am I doing wrong? Is it possible to have the website and openvpn into 1 server?

Another thing. I have to whitelist the IP address of Server 2. But how come I cannot SSH if I whitelist the IP address of OpenVPN (172.27.224.0/20)?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Securing my e-commerce website and SSH access

Post by TinCanTech » Wed Nov 15, 2017 8:39 pm

pipoy wrote:
Wed Nov 15, 2017 2:47 pm
Is it possible to have the website and openvpn into 1 server?
Of course it is .. even my desktop is running Apache and Openvpn server & clients.
pipoy wrote:
Wed Nov 15, 2017 2:47 pm
Close all ports except 80, 443, and openvpn ports maybe?
You must ensure openvpn is open otherwise you will lock yourself out completely !
pipoy wrote:
Wed Nov 15, 2017 2:47 pm
I whitelist this IP 172.27.224.0/20 in/out all ports.
So if not connected to VPN, I cannot access SSH.
But if connected, i cannot have it working. I cannot connect to my server using VPN and im not sure why.
If we assume (because I see no configs or logs) that your VPN uses 10.8.0.0/24 (the example subnet) .. then whitelist the VPN subnet 10.8.0.0/24 for access to SSH and make sure sshd is listening on all interfaces (which it usually is) ..

then over the VPN SSH access you shall have to your server Only if over your VPN you connect :mrgreen:

Post Reply