Cloud computing is becoming prevalent, and the concept of having your data stored on your system’s hard drive is getting out of the mainstream. With the advent of the internet, everything is shifting online, and now it is more feasible to host and store your data on Cloud-based servers. It gives you instant accessibility without having to carry it all the time with you.
We are assuming that you have good know-how about VPNs, and how you set them up on Windows, Mac, Linux, etc. If you aren’t well-versed with these terminologies, we suggest doing some research and studying these concepts to better understand this article.
This blog post will elaborate on a secure connection to Cloud Infrastructure by using VPN Tunnel. Even without a VPN app, you can create a secure path between your home or work and the online cloud infrastructure by creating a VPN Tunnel.
The good thing is that these tools are also available for free. They might not work as the paid ones unless you use the best free VPN for Windows to secure your privacy from your ISP.
If you’re using a free VPN service and wondering how to set up a VPN tunnel, here’s what you need to know:
Why is a Secure Connection to Cloud Infrastructure by VPN Tunnel Thought as a Way?
The biggest concern within the organization, when planning about shifting the IT infrastructure from in-house facility to cloud services, is the communication channel to be adopted to exchange sensitive data which are related to security.
With reference to the security of the stored data, different encryption systems can be adopted. However, you should put your trust in your service provider, whose employees are the only technical resources to actually possess the techniques and tools for your data assessment in a fairly transparent way.
If we talk about the communication channel through which your data will pass, encryption protocols such as SSL/TLS aren’t always feasible options and can’t be implemented in every case. Hence, it is mandatory to develop a safe communication channel through which the movement of your data will occur.
The complications surface, for instance, when you desire to mount a volume on your office PC connected to your in-house server storage using CIFS or NFS. To address the said issue, it is suggested that you must build a VPN tunnel between your cloud infrastructure and the systems physically available in your home or office.
Ways to Secure Connection to Cloud Infrastructure by VPN Tunnel
The main reason for Dropbox getting so much criticism and the curse is probably due to the desktop clients. This type of computing service turned the file transfer procedure into convenience, but in reality, the client is taking a shortcut and probably compromising the security of data. The process of mounting is much more vigorous from the networking point of view.
A VPN is a private network of servers, usually built between two points with the help of a transmission system and the internet (public net), that is intended to provide you the same conditions or benefits that you would have got with a transmission line made in the private and HOC.
In the past, while establishing a cloud infrastructure, companies expected the existence of a cloud-based server to function as a gateway to other servers that act as a host for different services (mail servers, web servers, database servers, and others), right on gateway can place PPTPD or the daemon that permits the creation of a VPN connection.
Moving forward, you can get access to the gateway through SSH and install PPTPD unfussy employing aptitude in the case of deb-based Linux:
apt-get install -y pptpd bcrelay
This syntax will install ppp, bcrelay, pptpd. However, in most cases you might not require installing pptpd bcrelay, rather, pptpd only (keeping in view the flavor).
Now it’s time to proceed and configure the system. Start by opening the file /etc/ppp/chap-secrets and add the credentials of the users whom you want to grant permission to use the VPN. Use nano or vi to open that file:
myusernamejohn pptpd myp@s$word 11.12.0.2
myfriendsusersmith pptpd hispa$$w0rd 14.15.0.3
Through the above-mentioned configuration, two different users will get access, each distinguished with a particular password.
Now proceed to get the PPTP configuration done. Open the main configuration file /etc/pptpd.conf, and select the ranges of IP addresses to be allocated to the users who will remotely connect remotely to your cloud infrastructure:
localip 12.13.0.1
rackspaceip 71.72.0.2-10
Next up, you just need to define the IP address of the DNS server that the clients will use. Open the file /etc/ppp/pptp-options and you will find commented lines such as ms-dns. Enterthe IP address of DNS server 2(Google DNS can be used here). MS-CHAP V2 PPTP VPN isn’t considered safe but definitely a better option than CHAP. Double-check that it’s looking like this:
ms-dns 8.8.8.8
#ms-dns 8.8.4.4
proxyarp
nodefaultroute
Lock
Nobsdcomp
mtu 1490
mru 1490
Restart pptpd :
/etc/ init.d/pptpd restart
For accessing the private network to the cloud service gateway server offline, you must run packets forwarding and activate it by adding the following syntax to /etc/sysctl.conf by uncommenting and making it true (0 to 1):
net.ipv4.ip_forward=1
sysctrl -p will reboot the service after the changes are saved. Next, you will need to add the following rules to iptables firewall:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state “state
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
Till this point of configuration, the gateway server is set to receive connections from the PC, only their VPN client needs to be configured in your office or home. For deb-based Linux, it will be :
apt-get install pptp-linux
Now, in this step, you will add the credentials of the users who want to connect, as well as originally shown for the server. Edit the file /etc/ppp/chap-secrets:
John VPNRackspace “addpassword” *
pty “pptp IP.RACK.SERVER.CLOUD –nolaunchpppd”
name “John”
remotename VPNRackspace
Require-mppe-128
Usepeerdns
Usepeerdns
Executing the pon, poff command will connect to the remote server. In order to check pon / poff etc., you can also run the man command. The process is basically identical in OS X too.
Read also: