FQDN Gelocation vs Certificate Geolocation

kensmithh95 · September 20, 2023, 10:59pm

Hello Everyone, thanks for taking the time to read this. We have VPN for US region (separate fqdn) and VPN for UK region (separate fqdn). Leadership wants to segregate both region VPN based on certificates. Is there any way to achieve this?

lagapidis · September 23, 2023, 6:23am

Hello Johan

Yes, you can achieve this by implementing certificate-based authentication for your VPNs. Here’s a general outline of how you can do this:

Certificate Authority (CA): You will need a Certificate Authority. This could be an internal CA (like Microsoft Certificate Services) or an external CA (like Verisign, Comodo, etc.).
Generate Certificates: Generate separate certificates for the US and UK regions. Make sure to include the VPN’s FQDN in the certificate’s Common Name (CN) or Subject Alternative Name (SAN) field.
Install Certificates: Install the respective certificates on the VPN servers. For the US VPN, install the US certificate, and for the UK VPN, install the UK certificate.
Distribute Certificates to Clients: Distribute the respective certificates to the VPN clients in each region. US clients should receive the US certificate, and UK clients should receive the UK certificate.
Configure VPN Servers: Configure your VPN servers to require certificate-based authentication. This will force the VPN server to check the client’s certificate before allowing a connection.

Once set up, you should test the configuration to ensure everything is working as expected. A client with a US certificate should be able to connect to the US VPN but not the UK VPN, and vice versa.

Keep in mind that the exact steps can vary depending on the VPN solution and CA you are using, as well as the actual VPN arrangement you want to achieve (i.e. Is this a point-to-point VPN between sites in the US and UK, or VPN services delivered to end users to connect to corporate networks at each location, or a VPN service used as a proxy for your browsing and Internet activity?). Knowing a bit more about such uses will aid in further refining the solution. I hope this is a good first step to resolve your particular issue.

I hope this has been helpful!

Laz

kensmithh95 · September 26, 2023, 5:12am

This is just perfect!
I was able to configure some parameters and get it partially working.
Thanks a lot for the assistance! You Rock!

lagapidis · September 27, 2023, 5:54am

Hello Johan

That’s great to hear! Always a pleasure to help out.

Laz