Many of the corporates have their own IT infrastructure and take care of long term maintenance of their IT software and hardware. When technical partners/vendors help them develop new applications, the entire development and testing environments are provided by the clients themselves. As access to these will be restricted, developers will need to be on the VPN always. Site to site VPN helps the entire development team be on the VPN. If every developer has to be on VPN then there is a pain of logging in individually, worry about traffic every time they browse or sometimes making their system not accessible in the local network.
Our development team had many machines with Mac and Ubuntu OS where we had trouble configuring the specific VPN software to work. We were also short of time to get the paperwork going and get a site to site VPN up and running. It was only with the help of few windows systems we were able to connect and run some tests and do development work. There was an urgent need for everyone to access client’s systems and resources, it was at this time Apache HTTP server and Rinetd came to the rescue.
This is what we did to solve our VPN bottleneck.
- Get a machine such that the VPN software runs on that OS. In our case it was windows XP.
- Give the machine an easy to remember name on the network like my-team-vpn.company-domain.com
- Install Apache HTTP server and set up ProxyPass and ReverseProxyPass such that all the HTTP based test environments are given a local url. Like http://my-team-vpn/QA-env/index.html should serve from http://client-machine-QA-env/index.html
- For other TCP connections like DB and LDAP, setup Rinetd and configure redirects like 10.1.1.1 369 to IP and port on the client machine.
- Keep the machine always on the VPN.
- Publish the URLs and ports to be used by the development team without using VPN.
With the above steps we were able to complete our development without going through the paper work of setting up site to site VPN.