I need to provide remote MySQL access to a cPanel server for a handful of clients. However, I do not want to open 3306 to the world (for obvious reasons). cPanel's remote MySQL whitelisting mechanism isn't secure enough on its own. I've already had a server get "partially" compromised by ransomware (which has since been recovered via hardening, cleanup and backup restoration procedures).
My plan is to do one of the following:
A.) Install Pritunl on the same (WHM/cPanel) server, and limit access to port 3306 to the VPN's IPs
-- or --
B.) Install Pritunl on a separate instance (in the same data center) and use private IPs / tunneling for access.
In either case, I need to provide quick and easy VPN access to 3 to 5 clients on a variety of platforms. (OpenVPN Access Server, for the web interface, is too expensive for my use case... which is why I'm opting for Pritunl.)
I'm not sure which method (A or B) is "better", but I have failed to configure option B on my own. (probably has something to do with iptables configurations and/or assigning network adapters correctly -- e.g., eth0/ens7/etc.). I am not a network / firewall specialist, and I feel that haphazardly tossing in various iptables rules, ALLOW / ACCEPT / FORWARD / etc. (adapting snippets found around the web) probably isn't the best idea since security is so important here. Trial and error just isn't worth the risk.
Note: The main server I need to provide access to runs Cloudlinux + LiteSpeed, LVE + CSF + Imunify360.
My task for you would be to implement either option A or option B, depending on your recommendation. I'm happy to assist with any setups / configurations, and provide info as needed -- but root access will only be provided for a secondary server if we go with option B.
Some of my clients absolutely require remote MySQL access for database administration, but they also travel a lot (too many dynamic IPs to manage efficiently). I currently have 3306 blocked in CSF until a proper VPN solution is implemented. So this project is somewhat urgent!
*** I should also mention that my limited attempts to set up OpenVPN myself ended up routing all local computer traffic through the VPN... and we don't want that. Only specific traffic should route through the VPN -- namely 3306, and perhaps FTP port 21.
Feel free to ask any questions.
11 freelancers are bidding on average $162 for this job
Systems Admin for more than than 12 years and I have used VPN for such scenarios. If you have option B already in place I can help with it and its workable.
Hello, l have read your project description and I will recommend option B for your scenario. I will do install a VPN server and you clients will be able to access mysql easily. Best regards,
We have a lot of experience of working on server and can do it for you. You can also connect us on [login to view URL] using our chatbot for further discussion. Would love to connect.