On Thu, 13 Jun 2024 at 11:08, BD <dzidek23(a)gmail.com> wrote:
> An example that I have seen working was a ZTNA configuration with Fortinet hardware and SDN for network separation.
That sort of thing will be out of my budget!
> I suspect the same thing could be achieved using pfSense and network management (with
> a nice GUI to control it). Quick search on the Internet for "pfSense zero trust" returned a
> few interesting sites. Additionally pfSense can serve as a VPN concentrator too.
I spent a bit of time looking into this. The biggest issue for me is
that it's FreeBSD and most of our stuff is hosted at DigitalOcean, and
they no longer offer FreeBSD as an option. I can of-course look
elsewhere, but DO combine the bandwidth of all your services and we're
nowhere close to using it all, so putting a VPN which could
potentially be fairly heavy traffic somewhere it can use that
bandwidth makes sense if I can.
I spent ages playing with Wireguard - there are some useful tools for
building the config ([1], [2]) but I never got a configuration which
worked properly with my phone over mobile data (or my laptop using
mobile data over a hotspot) and as that's one of the main things I
needed to achieve I ended up walking away from my attempts (in part
because I managed to get the old SSL-based VPN working over those
connections by turning off "FastSSL".
I'd like to get this working at some point but a day and half of
experimenting and getting nowhere useful was as much (more if I'm
honest) as I could afford to allocate to it.
[1] https://www.wireguardconfig.com/ - Configuration builder
[2] https://github.com/mvpsnet/wireguard4vps - PHP-based manager
--
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0344 251 1450
Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER