I'm not sure how best to describe this situation without it getting word. We have a number of servers behind a pfSense firewall at a datacenter. One of the servers is a web site that needs to be accessible only by computers on our client's network (also behind pfSense elsewhere)... This solution has been implemented and working based on IP address restrictions.
Now the client wants to allow a few people access to the web site while at home. Unfortunately, password protecting it is not an option. VPN access seems to be the only options but I'm wondering what the best approach would be. We do not want to allow VPN access into the datacenter network and administratively this would be a hassle. Instead, we would like to force these home users onto the client network, using the client's gateway ... resulting in an allowable IP address to the restricted web site. This is simple to implement, but creates a lot of additional traffic if we leave them using the default gateway. Unfortunately, the client network is using a wireless connection that pays by the gigabyte. This will be an issue when a home users forgets to stop downloading music, movies, etc... We also would prefer not to install a new VPN client (like OpenVPN, even though it looks like the best solution). I was thinking a simple PPTP connection (not sure if this would work really), turning off the default gateway on the client end... Then, using pfSense on the client network, make a rule that would map an internal IP address (10.10.10.100) to the web site's public IP address... Then, make a public DNS entry mapped to the internal IP address and instruct the users to use this new DNS entry when remotely accessing this restricted site. Would this work? I guess my other question is, what is the best way to get this to work? Regards, Chuck
