This is an automated archive.

The original was posted on /r/sysadmin by /u/sosieet on 2023-09-13 14:23:24+00:00.


Hello folks,

I’ve been pondering the current landscape of accessing internal services, which extends beyond just websites to databases, caches, and more. I’m curious if solutions like Tailscale, Netmaker, Pritunl Enterprise, OpenVPN, or any remote access VPN are still commonly used.

Here’s the backstory: In the past, I set up Pritunl open-source for my company to enable access to our internal services, including internal URLs, database servers, caches, etc. This was necessary because in our AWS infrastructure, the only publicly available endpoints are web-related via ELBs/ALBs, and all our internal servers have private IPv4 addresses.

However, as I upgraded to newer versions of Pritunl, I encountered a peculiar bug where every new user I added failed their 2FA challenge, even with the correct 2FA code. This issue affected only new users, while previous ones were fine. I even attempted to migrate the MongoDB database to a new server, but the problem persisted. Now, I’m faced with two options:

  1. Start from scratch, which means sending out entirely new VPN profiles to all users.
  2. Embark on complex MongoDB surgery to ensure all previous settings (CA/server certs, DH params, static HMAC keys) are transferred to a new server with fresh settings.

Given this situation, I’m considering either investing in Pritunl Enterprise or exploring alternative solutions. I’d greatly appreciate your feedback, particularly in how you’ve tackled this challenge, especially considering that most endpoints are now secured with OAuth2.

Thanks in advance!