[WIP] OpenVPN +API networking setup
There was confusion on what people can or should expect or decide on when setting up a VPN service. There's 'gateway,' 'API', and reverse proxy,openvpn-frontend, and maybe more? The old platform had 2 IPs on each VPN node, 1 for ingress, one for egress traffic.
openvpn-frontend: this opens port 443 on http/dns servers: this role will be scheduled on http/dns servers, so this role contains the dns modifications.
A typical 2-server setup would look like this:
* +-------------------------------------------+
| |
+-------------+ +-------------------+> VPN Gateway <---------+-----------------> INTERNET WORLD
| CLIENT | 135.181.37.103/32 95.217.26.109/32
+-------------+ <--------------------++ INGRESS EGRESS |
| only needs sslh when API |
| is here too. |
| |
+-------------------------------------------+
API/provides eip.json
MAY be on the same IP/server
as the VPN gateway ingress
This only uses sslh when on the same
IP as VPN gateway. This is also the Frontend
in float**