We have several networks. Our network is fully controlled by us and we have Amazon EC2 server in it. Other networks are not controlled by us and we can’t change their configuration seriously. These networks contain their own physical servers.
We need to create several persistent VPN connections between our server and other servers. At the same time servers we are connecting to should not be able to get access to the information at the computers outside of their network.
For example, I have server A. There are servers B, C and D. Each of servers are in independent network and connected to the A by VPN.
- B should have no access to C and D.
- C should have no access to B and D.
- D should have no access to B and C.
- A should have access to B, C and D.
Is is possible to create such configuration? Any usefull ideas about technologies I should look at and use? Maybe you have some examples of such configuration?
It is certainly possible to create such a configuration. You’re create a simple star topology with node A acting as the router between the various networks. In this position, you can implement firewall and routing rules on node A to limit communication between the various networks.
There are a variety of tools you could use to implement the VPN. I’m partial to OpenVPN, which may be pre-packaged for your distribution.
The OpenVPN HOWTO is a good place to start, and it includes information about setting up multiple instances of OpenVPN on the same machine (which is what you would do to create multiple distinct networks).