Hey everyone! Hope you're all doing well. I used to set up OpenVPN on a Linux VM about 4 to 5 years ago, and now I'm exploring some alternatives. I came across WireGuard, particularly wg-easy, which seems to allow for easy configuration. I'm curious about the pros and cons of using OpenVPN versus WireGuard. I know OpenVPN lacks a web interface, which wg-easy provides for easier user management. So, given that I plan to deploy PostgreSQL with VNet integration, private AKS, and a few storage accounts and key vaults—essentially nothing too crazy—what should I keep in mind? I'll have multiple environments, each with its own subscription. Thanks in advance!
6 Answers
Have you considered if you really need a VPN, or could you just use RDP/SSH with Azure Bastion instead? It might simplify your setup. You can check out Microsoft's guide on Azure Bastion for more info!
Yes, a VPN is necessary for accessing our Dev, QA, and Stage environments. We won't require one in Production, but we need to think about data migration speeds and bandwidth for uploads to the database, especially before we switch.
We've been using OPNsense on a small VM with a WireGuard VPN for about three years now without any hiccups. It has a straightforward UI making it easy to manage access to different resources like subnets and AKS.
The decision really hinges on your budget. Like mentioned earlier, Azure VPN is the easiest route but it might not be the most cost-effective.
If budget isn't a major concern, Azure VPN Gateway paired with Azure Private DNS Resolver is the easiest option out there. It's seamless, though it might be pricier than others.
OpenVPN can be a bit of a hassle to configure, but WireGuard's web UI really simplifies things. If you prefer automation, you might want to check out Dataflint's integrated solutions. Make sure you pick what works best for your workflow!
I appreciate the suggestion! However, we will definitely need a VPN for different environments like Dev and QA, especially since our setup needs to be PCI compliant.