Hi, I need to configure temporary connection for new virtual server. Question is how to do it propertly? For now i have one subnet with VPN, I want to second, separated VPN where users can connect only to new virtual server. In VLAN configuration need to pick some interface, but there exist only virtual connection. Do i need pick interface where phisical server who hosts virtual server is? And then, on virtual machine gateway will be VLAN ip address? Plus, do i need use same subnet for VPN as on VLAN?
Normally it is a task for a firewall to sort out which VPN user can connect to which LAN host or subnet. Network segmentation into subnets and VLANs is helpful to keep things clear but it is more important for control of communication between groups of hosts on the LAN than between VPN users and LAN hosts.
Depending on what kind of VPN you use, virtual interfaces may or may not be dynamically created and added to interface lists for active users; firewall rules then refer to these interface lists rather than individual interfaces or individual IP addresses, which makes them simpler. So you then may have two VPN user profiles, each adding the interfaces to a different interface list, or assigning IP addresses from a different pool, and create firewall rules permitting access to internal resources referring to these properties.
So to suggest a proper solution, the key questions are what type of VPN you use, and what are the other required restrictions - from where else than from the VPN users should the new virtual server be reachable, and what the server itself should be able to reach.