06-01-2021 10:47 AM - edited 06-01-2021 11:39 AM
OK Since this is something that would really be nice to have I tried something new today and it seems promising. Here are the details:
step 0: GP external portal/gateway - working but cannot get valid cert for this using let's encrypt
step 1: configure/setup internal portal/gateway
step 2: install nginx proxy manager on something
step 3: setup proxy host to use your external domain to forward to GP internal IP address (i.e. 192.168.whatever:443)
step 4: setup NAT and security policies to allow port 80 and 443 inbound to your nginx proxy manager host
step 5: test it... you should be able to hit your internal VPN portal from the internet using your domain name
step 6: use nginx proxy manager to auto-generate a let's encrypt cert - this is where I have a problem, for me I get an error and cannot get the cert to generate, i have been trying to troubleshoot this but so far no luck... but I think I have 90% of the way there and this *should* work but something is wonky with the cert fetching process in the nginx proxy manager container
EDIT:
It works! for some reason I put 443 in my Destination NAT policy, I must have been still waking up this morning. After removing that and making sure the security policy allows 80 and 443 the proxy manager grabbed a cert and I have a valid chain on the VPN portal now, this should auto renew going forward
