cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

cPanel VPN server

Travis Ellis shared this idea 8 years ago
Open Discussion

Created on the behalf of a customer: Regarding the vpn, what I was asking for was a cPanel installation that would set up the software to use cPanel VPNs on a server. I think this would be beneficial both to the end user and cPanel. Say for example I want to set up a server for cPanel VPS instances. I could use a cPanel installer to install all the necessary software to do this.

Replies (18)

photo
2

It would be very nice to be able to sell VPN accounts and allow our users to access resources located in the country of our server. This is in very high demand now a days.

photo
1

Yes, I concur with Jamie Z. It would be great if we can provide our customers with VPN Server as well.


Thank you.

photo
1

This is yet another area that Cpanel should "support" as a configuration, but not necessarily as an application. A how-to, quasi-support mode would be a lot better than a binary: yes/no.

photo
1

I think this would be a nice add-on like DNSonly or Mailonly, I agree customers want VPN but this would be better than running it on the same servers as the websites that require high-performance.

photo
1

Agreed

photo
photo
1

Maybe using Linux Containers and RHEL/Centos 7. Possibly work with the Centos team, and offer an official disk image for RHEV's openstack implementation.

photo
2

I would love to use VPN on same server used for my websites.

photo
4

This should only be added as a security option. For example to access cPanel or WHM via a secure connection on a private IP. It should use L2TP over IPSec so that every modern device could connect and allow management without having to install a 3rd party client.


Attempting to route everyday internet traffic through a server designed to serve as a web server is not smart. You are taking away resources that should be used for Apache, MySQL, etc.

photo
1

Do we have any update on this? I don't really want to sell VPN services, but it would be good idea, especially for setting up a secure network for globally dispersed servers - for backups, shared SQL, etc.


But I can also see how it could be beneficial to clients: A client connects to the server's VPN and can then use MySQL Management Studio from his PC to securily manage his databases.

photo
1

No updates at this time, no. We aren't seeing much movement on this request from the community (there's only been 2 additional votes for it in three weeks), but it's still something we've been discussing internally.

photo
2

I very definitely up-voted this. I and my business partner are the only ones accessing our WHM / CPanel setup but we are doing it from all over the place and I have CPHulk locking down all connections which means we have to know where we are going to be connecting from BEFORE we get there so we can add the ip to the white-list. I want to set up a VPN to access WHM for myself and my partner so we don't have to keep doing what we have been. Also having the data streams encrypted would be an added bonus. I'm fine with generating certificates too if that makes things easier. I know how to, and have, set up VPNs with Linux but I'm terrified of crashing our WHM on our production server. (I had it happen using yum for an update on something once). Please discuss this with whatever teams needed. I'm almost desperate for a solution and I doubt I'm the only one.

photo
photo
1

Useless: cPanel is for Hosting Website/databases/email management !


If you use same server for VPN and sending email, the IP reputation of emails will be very bad ....

photo
1

imagine access to whm/ssh ... only from vpn users ;)

photo
photo
3

I agree with PH-Quentin. I had "Voted up" this question a few years ago.

Now that I have experience, I changed my vote to "No!".


cPanel's team should direct their efforts to implement/solve things related to web hosting.

If you want to provide VPN Services, go ahead, but let cPanel out of this.


Also, if you want an additional layer of security, use firewall to block cPanel's and WHM's ports outside your network, and then reserve another machine to act as VPN server, to allow your entrance in your private network.


This is something I would NOT like to see in a future build of cPanel.

photo
1

Please people, VPN on webhosting server? You will make your server VERY slow and there is no added value at all. Create a seperate VPN to handle this kind of service.

photo
2

Maybe is not a webhosting server, and it's a VPNhosting server.

photo
1

Exactly, why think that all servers will be used as webhosting? when someone mounts or rents a server it will not necessarily be used for web. I can rent a server only for emails, another only for web and in this same way, rent one exclusively for vpn.

photo
1

There are plenty of other good ways to manage VPN hosting then to confuse this option with cPanel. cPanel needs to stay focused on its roots and integrating new technologies that serve web hosting. There are plenty of things it doesnt currently natively support to work on.

photo
1

I do not agree that it will put the server very slow, that really depends on the characteristics of the server, I do not think that because some have a server poor features, the exclusion of the VPN in the WHM would be a great point to take into account When choosing cPaner, I think I should give action for the integration and installation of vpn in WHM.

photo
photo
2

While I understand that some people might have a need for setting up a VPN on their server, I don't think cPanel should be involved since there are much more widely needed updates/additions for cPanel.

To the relatively small number of people who need a VPN solution, there are ways to install services like OpenVPN on you server via SSH if you so desire; which is relatively straight forward if you know what you are doing. If you struggle setting that up, then running a VPN on your own is probably not wise.

photo
2

Hey folks! I appreciate the opinions being shared, but I don't want to go too far down into a discussion of whether or not we should. It seems like opinions in both ways have been shared. Right now, Id' say we're set on those two. If you have any further information to share about our potential implementation of this request, feel free to share it. If you think we shouldn't work on it, feel free to downvote it.

photo
1

Ok. I think this depends on how the server is provisioned in the sense of what its being designed to service.

For plenty of reasons (primarily legal compliance), a cPanel account may want their site(s) tunneled into their corporate network and not accessible from a public URL. This is especially true for 'Intranet'-style sites. Since, traditionally, static IPs are setup at the account level, configuring an account to serve over a VPN-IP would need to be done at the admin level. BUT, this is where the server is acting as a VPN client. Not unreasonable, but I think the OP was after something different.

If you want your cPanel server to be a VPN server as well ... I could see application in the reverse of the above paragraph where the company doesn't want a Intranet site publicly accessible and therefore a VPN tunnel to access the site makes sense. OK, but with HTTPS this need has 90% gone away? Assume you go ahead ... then you're tunneling all of those users' traffic if not configured correctly.

As someone whose been burned by RBLs I don't want unfiltered end-user traffic running through my server and making that matter worse. So, obviously turning on a 'VPN Server' on my server is on my list of 'never going to happen'. It seems to me that people wanting to sell tunneling services should use dedicated infrastructure for that ... however, since accounts have a 'user account' structure and some small businesses may effectively have that as their directory, I see the benefits of this option.

But I tend to agree with Ryan on 'priorities and work-around' front.

photo
4

I would like to see the ability for cPanel servers to act as a VPN server which will be very useful for remote backups, as well as website development / MySQL access, etc.


Put it this way, if cPanel can act as a VPN server, a client behind a public IP address can securely connect to his cPanel account in order to manage his MySQL databases and develop his website without having to login to cPanel and use the File Manager every time he wants to upload files to the server.


From a backup point of view, for people who use 3rd party servers to store their backups, this would add an extra layer of security as well.

photo
1

Maybe better as a separate cPanel owned product? Or a separate add-on?

The extra load created by bundling a VPN (among other issues, could be problematic. We already have clients using their own subscribed VPN services to connect to cPanel, and manage things,) - I know from professional experience, managing VPN servers, along with inherent security requirements, is often not the simplest thing, if a node goes down, the user better have several others available in mesh.

Without logging into cPanel? - There be dragons!

Using an FTP / SFTP client is often much more more efficient that using "File Manager" to upload, download, etc. ;)

Just thinking out loud...

photo
photo
2

Whilst there are some good ideas I do thing there are far more important things for Cpanel to focus on.

For web development you can easily connect via openvpn or a very cost effective service (many around now) using secure ftp directly into the account without using Filemanager.

The comment above re backups etc could be useful but again if backups are using rsync over SSH that's secure anyway.

I think the OP is asking for a stand alone VPN installer which works with Cpanel, or Cpanels ability to integrate with a VPN, maybe openvpn or something. However, as I say, my opinion is that time should be spent on making Cpanel better and better, especially integration between servers, configs etc with things like this being additional extras on the sidelines.

photo
1

I am referring to a "standalone VPN installer which works with cPanel", as you mention. This way it would bypass firewalls and other possible limitations clients might have. Using a 3rd party VPN service is an unnecessary expense for most clients.

photo
1

That’s a valid point in that respect.

We restrict whm access to ip’s so a static ip is needed, luckily most customers are not resellers.

We force secure ftp for file access.

The only thing about a stand alone vpn is access... if they used a different password to cpanel, in order to access ip restricted cpanel it seems abit pointless if they are accessing the vpn account with a dynamic ip.

It depends what the aim of the vpn is as that itself could become a security risk of compromised and available to all with access which bypasses the firewall.

photo
1

Saying that, you could easily do this now if you wanted to supply your customers with a free vpn service.

Set up open vpn on a vm and allow the vpn server ip through the server firewalls.

Then give your clients access to the openvpn server. That would achieve the same thing.

photo
1

Accessing WHM and cPanel from a VPN adds an extra layer of security which is what I am after.

Secure FTP is fine but it's limited to uploading and downloading files to/from the server. Imagine someone running an app from his desktop that connects to a service on the cPanel server. As an example, one of our clients has a custom build app that updates MySQL with house rental listings for his website. As he sells / trades a house he updates the app on his laptop (and other staff members can do the same) and it automatically updates the website as well. To overcome firewall limitations the developer had to write a PHP script to act as a gateway but this is now open for exploits.


If all of this could be run over a VPN, where the client's IP's are controlled, hacking would be less of a problem.

On a more general scale, now you can give clients a secure way to manage their Wordpress / Joomla! / OSCommerce / etc websites as well, since the admin backends could be limited to their VPN IP address.


I am not sure if this is the case, but if the cPanel password is a linux user password, then VPN passwords could automatically be generated / updated that way as well?

photo
4

Yes, I install and setup OpenVPN manually. But it would be better if it could be managed from WHM, and optionally from cPanel if root / the reseller allow their clients to setup their own VPN certificate and password.

photo
1

In your particular case I can certainly see where it benefits you/your client.

I would say though that this is not a typical shared hosting customer. Infact if I was your client, I would have simply signed up for a VPN, over 3 years now some are only £80 with a dedicated ip. Much less than he paid the dev to create the PHP?!

All in all, I think this is a possible integration with Cpanel in the future, maybe a 3rd party app to integrate openvpn rather than a core cpanel feature. (which would be useful but not prioritised over other much needed improvements)

photo
photo
5

As a server admin setting up VPNs on the same server as the cpanel installs would be beneficial, not for reselling (although extra income is always an interesting idea so maybe for reselling down the line) but in terms of privately connecting to servers for administration purposes or clients to do the same would be great.

Various reasons of course, like public networks such as coffee shops etc, work place networks which allow guests or have high turnovers, clients who are completely unaware of online security and are walking targets.

Personally for me this would be useful in my particular use case, I work in an office that has a load balancer across 2 IPs, while the internals of the network are secure all workers and guests (office provides meetings rooms and hot desks) are forwarded out the same 2 modems depending on load. Whitelisting the office IPs are not beneficial because the IPs are not static and it would also leave the server open to attack from people onsite whereas a VPN connection would negate most of the risk by adding the extra layer of security and allowing only access to the intended users.

Also in terms of smaller organisations and free lancers etc, renting / buying another server and using that for external VPN is not always cost effective. Some people can only afford the 1 server or VPS

Leave a Comment
 
Attach a file