at our company we are facing a particular routing problem, for which I have found many related questions and answers for parts, but not for the whole.
This is the scenario:
- our office has a fixed IP to the outside world
- this IP is registered to be used as a VPN client for foreign VPN servers (this is a government requirement in our country)
- our employees have been using this for a while without any problems, using a VPN client on their machines
- now people are working from home and it is very hard (let's call it impossible) to get static IP addresses for all employees at their residences
- this means that, as per our government regulations, they can't connect to the foreign VPN servers
- we now want to, somehow, route the traffic from the employee's residences through our office network to the foreign VPN servers (legal note: this is allowed, so there's no issue there)
- different employees need to have access to different foreign VPNs
So, our first thought was to use VPN chaining: run a VPN server at our office, let the employees connect to that one (domestic VPNs are not restricted) and then chain that connexion to the respective foreign VPNs.
That would mean some advanced routing based on our internal VPN usernames or certificates, but, as per my understanding after reading about OpenVPN Chaining, requires some extra configuration on the foreign VPN servers - which are not under our control.
So, is there another solution to our problem? Perhaps trying to use a proxy or an SSH tunnel from the residences to our office? Or is there another entirely different solutions which we are not thinking about?
The main restriction remains that the only wat that we can connect to the foreign VPN servers is from our registered, fixed office IP address, but that the users of those VPNs are working from their residences with dynamic IP addresses.
Thanks for thinking along!
