We need to provide remote access to a contractor to work on a few embedded boards (imagine something like a few raspberry pis)..
What would be a good design so he gets VPN access to a restricted VLAN without internet access or connection to our corporate network?
Are these embedded boards also isolated ? Or sitting in some network with lots of other gear?
I guess simple L2TP VPN, then a simple firewall-rule only allowing access to IP addresses X,Y,Z (the embedded systems). And you can additional specify protocols that can be used, eg. https/http and ssh or something.
Obviously, once the contractor connects to these embedded systems he can “jump” further into your network depending on your current design. If the embedded systems are not sitting on a isolated branch of your network you are a bit limited…
Thanks for your answer.
Ideally, we want this to be isolated in layer 2.
Basically, a small VLAN with its own switch and a bunch of devices, sensors, etc.. He should be able to do whatever he needs inside this VLAN.
If necessary we can have a VPN “ingress” in a cloud host that tunnels and is part of this VLAN.
Has someone set-up something like this?