0

I'm trying to figure out the topology of a VPN I'm being asked to set up and I've very little experience in networks at all so apologises if I get lost in the weeds.

I need to connect to a clients Azure network in a site 2 site configuration based off their security requirements, but we deal primarily in Linux based web servers hosted on Digital Ocean, our aim is to access their network and databases for scraping and to return back to us to run scripts on.

As far as I've read so far I can use IPsec configurations on Linux servers to create a tunnel between the networks, but in some documents it refers to routers and VM's, do I need a router to create a bridge between our server and theirs? Or am I getting lost in the terminology or don't understand the topology.

Also when it says things like VM's I assume an GUI of some kind. Really I just want to open a connection between storage, get the data and bring it back to our server.

If anyone has any input or can point to some resources I'd be very grateful.

Improve this question

1 Answer 1

Reset to default
0

I think you are confusing Site-to-Site (S2S) with Point-to-Site (P2S) VPNs.

Site-to-Site

enter image description here A VPN device is required to configure a Site-to-Site (S2S) cross-premises VPN connection using a VPN gateway. Site-to-Site connections can be used to create a hybrid solution, or whenever you want secure connections between your on-premises networks and your virtual networks. This article provides a list of validated VPN devices and a list of IPsec/IKE parameters for VPN gateways.

Once a S2S VPN in connected you don't have to make any configuration changes to the systems on you local network to connect to Azure. It doesn't matter if they are Linux, Windows or Mac. The network device on your local end works with the VPN Gateway on the Azure side to ensure the traffic can get where it needs to go (assuming everything is configured properly).

Point-to-Site

A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.

The rule of thumb is if you have more than 10 computers (servers or client systems) on a single network that you want to connect to Azure, you should consider a S2S VPN. With P2S, you need to configure authentication and this overhead gets to be too much with more than a couple handfuls of computers.

Summary

This picture brings it all together. As you can see there are a couple connections here. On the lower left, you will see a S2S connection from on-prem and in the upper left you will see a P2S connections. Both connections are going to the same VPN Gateway on the Azure side.

enter image description here

Improve this answer
2
  • Ok, so my assumption thus far while working with this client is that we will be going with a S2S configuration because they must have multiple other connections between themselves and others, as you stated "P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet". So based on that and what you've stated, our topology will need to be a Linux based VPN server that creates a tunnel between another Linux server of ours and their Azure network, is that correct?
    – Jason is a robot
    Commented Jul 5, 2022 at 13:42
  • My recommendation is to use a validated VPN device. docs.microsoft.com/en-us/azure/vpn-gateway/…
    – Ken W - Zero Networks
    Commented Jul 5, 2022 at 15:15

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .