I'm working at a small company that offers helpdesk and development services to various customers, and we frequently need to connect to their VPNs to access their databases or virtual machines. Each client has their own VPN solution—some use OpenVPN, others prefer Wireguard or Microsoft, and some use Checkpoint. Unfortunately, we can't set up permanent site-to-site connections for various reasons.
We're looking for a way to manage simultaneous connections to multiple VPNs without requiring our local users to install all the different VPN clients on their machines.
Here's what I'm thinking: I could set up an LXC or VM for each VPN client that connects to the customer's VPN as needed. My plan is to create a web portal where users can request access to specific customers. Here's how I envision it working:
1. While at the office or connected through our own VPN, users access the portal.
2. They request a VPN connection to a particular customer.
3. The solution connects to the VPN (if it's not already connected) and adds a routing rule to allow the requesting user's machine to connect to that customer's VPN.
I have several questions regarding this approach:
1. How is this situation typically managed?
2. Is this solution viable?
3. Would you do anything differently?
4. Are there existing tools or solutions that are similar?
5. What other solutions would you recommend for my situation?
4 Answers
As someone who manages internal IT, I wouldn't allow external teams to have consistent access to our systems. I prefer to have MSPs connect via remote sessions under my supervision. This way, I can end the connection when the work is done. It's all about security—maintaining client protection over convenience.
In my past role as an ERP consultant, I set up a virtual machine for each client’s VPN software. This way, I could RDP into the VM, connect to the VPN, and then access what I needed. It was an effective way to manage multiple connections without cluttering my local machine.
It sounds like you're heading in the right direction! Remote support tools like ConnectWise Control are perfect for situations like this. If you need full access, I recommend installing a jumpbox and using SSH tunneling whenever screen sharing isn't an option.
Consider using Devolutions Remote Desktop Manager. It allows you to set up various VPN profiles that you can share within your team, streamlining the remote connection process. It's a bit complex but has many customizable features.
That makes sense, but in small businesses, the MSP often acts as the entire IT department and needs comprehensive access. Just ensure there's a solid contract in place.