𝗙𝗿𝗼𝗺 𝗩𝗣𝗦 𝘁𝗼 𝗮 𝗦𝗺𝗮𝗿𝘁, 𝗖𝗼𝘀𝘁-𝗘𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻
Recently, a customer with an e-commerce business approached us for a VPS setup. We were curious and asked about their use case, highlighting the significant ongoing costs of a VPS.
After a discussion, we learned they needed to grant their overseas supplier partner shared access to a system for collaborative tasks. They wanted to avoid sharing their personal PC on their personal network, which could expose their data and network to security risks.
Instead of a costly VPS, we proposed a custom solution leveraging their existing home network infrastructure:
–>An old laptop
–>WireGuard VPN Server
–>Dynamic DNS
Having already installed a UniFi’s solution for them, the implementation was a breeze.
Our first step was to harden the Security on the Windows PC. This was done by ensuring that it is running the latest version, restricting access to specific applications and folders using Windows Policy Manager under the User Account that was to be used for this purpose. We then enabled Remote Desktop Protocol (RDP) for remote access.
Next, we used the user-friendly UniFi OS interface to effortlessly spin up a WireGuard VPN server. We created multiple client accounts for the supplier’s users and implemented strict firewall policies to ensure that VPN clients could only access this specific PC. Access to the rest of the internal network was explicitly blocked.
To further enhance security and control, we configured the firewall to block internet access (WAN) for the connected VPN clients. This forces them to route all internet traffic through the designated PC, preventing unauthorized access to other online resources and protecting our client’s bandwidth from being misused.
Finally, since our client didn’t have a static IP, we set up Dynamic DNS using a free service like no-ip.com directly from the UniFi’s interface. This ensures that the VPN server remains accessible even when the supplied IP address rotates through their ISP.
The result? Our client and their supplier can now securely access the system from anywhere in the world without the high cost of a VPS, while also ensuring the integrity and security of the client’s internal network.
𝗪𝗵𝗮𝘁 𝘄𝗼𝘂𝗹𝗱 𝘆𝗼𝘂 𝗵𝗮𝘃𝗲 𝗱𝗼𝗻𝗲?
We’d love to hear your thoughts. Would you have taken the easier route and suggested a VPS, or would you have pursued a similar custom solution? What other approaches would you consider?
Recent Comments