I am looking at having 2 ways for users to access a secure service.
public IP with only a select list of fixed IPs allowed to connect (easy)
e.g. server1-example-com, server2-example-com (and only certain incoming IPs allowed at the cloud provider security level).
a VPN service, and if you are connected to that VPN you will then be able to access the server through its IP (eg vpn1-example-com) - but this IP address is not normally accessible
- so Cloudflare automatically changes this from a “DNS only” A record to a “DNS only - reserved IP” A record.
The problem is that vpn1-example-com is not found my by user’s DNS (does not resolve). I got around this by changing their wifi adapters DNS to 8-8-8-8 (away from their fibre providers default DNS I assume). Now they can connect to the VPN, and vpn1-example-com resolves.
BUT i need a slightly more robust system that does not rely upon me Anydesking to their system and changing their DNS settings.