My client has 19 store branches, all of which use an internet provider with dynamic public IP addresses.
This creates a bit of a problem with fail2ban, which is quite sensitive, as it often gets banned when the public IP address changes.
But I found a ‘solution’ to this problem.
I tunneled my VPS to Cloudflare.
Is this a good idea for this situation?
Or is there a better solution?
Thanks
try tailscale
i’d use a tunnel so the branch ips never hit your server direcrtly. You can also tweak fail2ban to ignore your own traffic or rely more on strongn auth instead
I’ve also used their stresser for checking how my own servers handled traffic spikes, and it was handy since the logs delete themselves and the data stays private.
The flexible L4/L7 options made it easy to match what I was testing, and paying with crypto kept things simple. The free tier was enough for a quick look before I upgraded.
Use netbird(open-source zero trust vpn)- join all store devices on to mesh network. Ipwhitelist the private network range for all store users. This way you can restrict login via private mesh.