Thought I would share a recent project where I utilized Nethserver as an integral service with a client’s recent need to work remotely with minimal fuss. This client is traveling to a remote state for an extended period of time but requires access to large database files at the office. With ~ 5 users on site they have business class internet using a common cable modem/router and a mix of Win 10 Home/Pro machines.
Putting this all together I needed to target the following needs for this project:
- Simple remote access to Windows device
- Central account provider for identity management
- VPN access
- Reasonable security enforcement
- Scalable user/resource needs
I chose to go with @mrmarkuz’s work with Guacamole for remote access using the SAMBA account provider backed for user identetity management. Accessing Guacamole over the web required a valid SSL certificate and this company had their own domain name. Instead of using this automated ACME-DNS Let’s Encrypt script I chose to go with PfSense VM for the job to manage my certificates, firewall/networking, VPN and proxy connections. Cloudflare is used to proxy & separate desired HTTPS traffic and 2fa enabled for Gucamole users with Fail2Ban remediate & notify multiple login failures. This project request came last Friday and had to be live today so I chose to virtualize NethServer and PfSense and configured Guacamole within 3 hours on a HP ProDesk 600 G3 i3-6100T/16GB RAM mini desktop.
Finally and probably the most important thing I did was to go over and purchase a subscription because Nethserver needs to eat too. In the future I may demo some of this via video but most would be repetitive. I’m still waiting for Threat Shield to become a more stable/developed product with reliable lists. It easily has the potential to replace PfSense as my edge service. Fun note I was able to use LDAP authentication against Nethserver with my OpenVPN PfSense service.