What do you use for your cloud VPN?

Question

I have a couple of servers running in digital ocean with some docker web applications on them. I want to block access to these web services from the public internet but allow them from the VPC network. The only out of the box solutions I see for digitalocean are proprietary apps like OpenVPN. WireGuard is a good alternative but requires a surprisingly high amount of configuration, and all the third party UIs are barely maintained.I can&rsquo;t believe this isn&rsquo;t a solved problem so very curious what people are using to access VPCs. Preferably open source.

atmosx · Accepted Answer

> I have a couple of servers running in digital ocean with some docker web applications on them. I want to block access to these web services from the public internet but allow them from the VPC network.
What you need is a private network[1]. A private VPC will allow instances to communicate with each other, but to access them from the outside a "bastion host" is required. If you install a VPN in the bastion house and add the appropriate routes and settings, you'll be able to connect to your instances internally. This is the "proper" way to create a "private" network.
You could achieve the same thing using Cloud Firewall[2]. The cloud firewall supports droplet as a "source" definition.
UPDATE: You can create a private network using a shared VPN but it is an overkill if instances are on the same data centre.
[1]: https://www.digitalocean.com/docs/networking/vpc/#features
[2]: https://www.digitalocean.com/docs/networking/firewalls/#feat...

AkshayPrabhu · Answer

Have you considered AlgoVPN [0], I've not used it personally but heard positive reviews from those who have. They claim to be "set of Ansible scripts that simplify the setup of a personal WireGuard".[0] - https://github.com/trailofbits/algo

cpach · Answer

Tailscale might be an alternative https://tailscale.com/

quantumofalpha · Answer

> WireGuard is a good alternative but requires a surprisingly high amount of configuration
Not really. It has a bit of a learning curve, but once you get past it it's actually a total joy to use.
But if you want something even simpler, I could suggest https://github.com/jedisct1/dsvpn

dcminter · Answer

I thought OpenVPN was free, and cursory searching suggests that the "Community Edition" version is indeed GPL.Are there features you need from the non-CE version?

lmarcos · Answer

> I can&rsquo;t believe this isn&rsquo;t a solved problem so very curious what people are using to access VPCs.I'm actually facing the same scenario, but I thought that a bastion ssh server between the VPC and the internet was enough. I'm totally new to these things, so could someone tell me the differences between a VPN and a VPC+bastion server?

tehskylark · Answer

ZeroTier is another option worth looking at for your use case.https://www.zerotier.com/

8b16380d · Answer

Wire guard on mullvad. They have OpenVPN support as well.

kyawzazaw · Answer

OpenVPN + PiHole on DigitalOcean

What do you use for your cloud VPN?

Have you considered AlgoVPN [0], I've not used it personally but heard positive reviews from those who have. They claim to be "set of Ansible scripts that simplify the setup of a personal WireGuard".
[0] - https://github.com/trailofbits/algo

Tailscale might be an alternative https://tailscale.com/

> WireGuard is a good alternative but requires a surprisingly high amount of configuration
Not really. It has a bit of a learning curve, but once you get past it it's actually a total joy to use.
But if you want something even simpler, I could suggest https://github.com/jedisct1/dsvpn

I thought OpenVPN was free, and cursory searching suggests that the "Community Edition" version is indeed GPL.
Are there features you need from the non-CE version?

ZeroTier is another option worth looking at for your use case.
https://www.zerotier.com/

Wire guard on mullvad. They have OpenVPN support as well.

OpenVPN + PiHole on DigitalOcean

What do you use for your cloud VPN?

Have you considered AlgoVPN [0], I've not used it personally but heard positive reviews from those who have. They claim to be "set of Ansible scripts that simplify the setup of a personal WireGuard".[0] - https://github.com/trailofbits/algo

Tailscale might be an alternative https://tailscale.com/

> WireGuard is a good alternative but requires a surprisingly high amount of configurationNot really. It has a bit of a learning curve, but once you get past it it's actually a total joy to use.But if you want something even simpler, I could suggest https://github.com/jedisct1/dsvpn

I thought OpenVPN was free, and cursory searching suggests that the "Community Edition" version is indeed GPL.Are there features you need from the non-CE version?

ZeroTier is another option worth looking at for your use case.https://www.zerotier.com/

Wire guard on mullvad. They have OpenVPN support as well.

OpenVPN + PiHole on DigitalOcean

Have you considered AlgoVPN [0], I've not used it personally but heard positive reviews from those who have. They claim to be "set of Ansible scripts that simplify the setup of a personal WireGuard".
[0] - https://github.com/trailofbits/algo

> WireGuard is a good alternative but requires a surprisingly high amount of configuration
Not really. It has a bit of a learning curve, but once you get past it it's actually a total joy to use.
But if you want something even simpler, I could suggest https://github.com/jedisct1/dsvpn

I thought OpenVPN was free, and cursory searching suggests that the "Community Edition" version is indeed GPL.
Are there features you need from the non-CE version?

ZeroTier is another option worth looking at for your use case.
https://www.zerotier.com/