0

Grettings,

I'm trying to figure out a way to make things work. Basically, my coworker needs an access to our client's backend dashboard and to get access they need to whitelist our public IP. Since we can't get a static IP from our ISP, it could be possible to do so with OpenVPN. If any of you know any other, smarter solution please let me know, but for now I'm going with this. So, if I uderstood everything correctly, I need to set up our OpenVPN access server, generate certificates, coworker would connect to VPN, would have a static ip address I assigned previously and get whitelisted. I'm new to all this so please if someone could explain a little bit if I'm wrong. Thanks in advance!

dongogongo
  • 1

2 Answers2

1

Implement IPv6. Get a static prefix from your ISP. Provide the network admin a prefix, the /48 for your site, or a /64 if restricting to one subnet is preferred.

The other organization will also need to implement IPv6. Tell them that static IPv4 is not practical for you.

Source IP address allow listing, while a useful control, is often not sufficient. IP addresses can be spoofed, or internet routes altered maliciously. Confirm this application is using strong authentication.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
0

No, you got it wrong. OpenVPN (or any VPN for that matter) creates a private network between the endpoints (hence the name: Virtual Private Network) -- in your case, it will provide a network between your server and your coworker. It will not provide any IP addresses reachable from the outside world. If anything needs to "come out of" the VPN tunnel, it will do so through the computer on which the VPN server runs.

If you need a static IP, then you either request one from your ISP, or, it you need it only temporarily, and don't want to pay for it, you can "cheat" yourself a static IP by subscribing to a cloud service. Usually you get some free time, along with some virtual money to "spend" on cloud services.

Then, you create a compute instance, attach a static IP to it, install OpenVPN on the virtual machine, and set up the VPN to rewrite the default route on the client, routing everything through the static IP of the virtual machine you now have.

Probably it is easier and a bit more comfortable to just get a static IP from your provider.

Lacek
  • 6,585
  • 22
  • 28
  • Thank you for the answer Lacek. I just have a follow up question. Would this solve the problem? If we get NordVPN with a dedicated IP address, person connects to VPN, gets a dedicated IP and now it's visible under that address. Our client whitelists that IP address, and we should be able to access the dashboard as long as we're connected to VPN. – dongogongo Mar 02 '21 at 11:31
  • The person doesn't get dedicated IP. It gets a route where it is being S-NAT to the dedicated IP. But from the Internet that looks indistingushable, everybody sees that person is coming from the dedicated IP anyway. – Nikita Kipriyanov Mar 02 '21 at 11:43