I note the comment below from another post on these forums...
"I have webmin/virtualmin on 7 servers and restrict access to a single ip address. If I need to manage anything remotely, I vpn into the network that has access and can manage the servers from there."
I have a static ip address at home and am very keen to explore this option.
I am supposing that the reason i need to be able to do this is because i would be also accessing my webmin/virtualmin installations as an administrator using mobile devices such as tablets and laptops whilst away from the office. So if i restrict access to a particular ip address, this will render my mobile roaming access inoperable if the mobile device ip address changes.
One consideration however, this server is also used in conjunction with WHMCS for client automation and provisioning of web-hosting services, so client access to their own shared cpanel accounts (virtual servers) should not have this restriction for their own user logins.
I am not sure of the model i need to follow in order to achieve this...my assumption is that it via an ssh tunnel but how does that work through my home network exactly? (any help articles on this would be appreciated)
@adamjedgar
Hi.. I dont quiet understnad what you are askin.. scenarios can be achieved like this:
YOU admin >> VPN >> webmin login (ports like 10k or if you use any custom port should be disabled on your router/switch/firewall
YOUR USERS non server admins but domain admins >> direct connect to WHMCS or whatever software you are using - this means your script should be on custom port or standard web ports like ssl port.
...is this the correct what I am understanding from your question? (If not I am sorry, you can always explain a bit more in details) your options are..
setup vpn server with all users (usernamens and passwords - usually separated from normal or any logins), with fail2ban or similar filters to prevent attacks on user/pass-es
then use it like this:
you >> VPN >> once connected have access to ssh, webmin or whatever you want - please note that if you plan to give this extra security layer via vpn which I am using as well is to dissable all ports you want to protect on your switch/FW/router
this will also work in same manner for clients - as you will be closing those ports they will have to connect to vpn first to be able to work on your server..
If WHMCS runs on standard secured ports (ssl like) then they will not need to use vpn to connect to it but ssh and other services they would need vpn access.
..perhaps you could be a bit clearer what you mean, I would try to help you at my best ;)
last - on my end vpn works awesome, I do not use ftp at all and ssh have public access but only via ssh keys, rest is via vpn on same server - wrapped up by some tasty fail2ban filter, means one machine does whole job and thanks to fail2ban there is not much worries about attacks (if you know what you are doing).
Configuring/troubleshooting Debian servers is always great fun