How to access services on a Linux VPS via VPN?

[EOM]

I have two services running on a VPS instance that are currently bound to the external IP address (25.25.25.25). I want those services to only be accessible over a VPN. I'm able to connect to the VPN and i'm given my internal IP address for tun0 but i'm confused about how to setup the virtual interface to bind the services to listen on(if i even need one at all)

My question is, how do I pull back my two services to a subnet that lives "behind" the VPN, but within the same virtual host and then route that traffic to clients over the VPN? I've done lots of VPN's on Cisco/Juniper/etc where there's actual subnets that are behind the device to route to, but never done this on Linux within the same host.



I'm on Centos 6 and my VPN is StrongSwan.

 

[MrColin]

The two services should have config settings of thier own, set them to the internal interface. Additionally, firewall the external interface correctly.
Test for efficacy and re-examine if needed.

 

[EOM]

Yes, right now the two services have their own configs and i have them bound to the external interface; I want to pull them back to an internal, possibly virtual interface.

last night i tried
"
ip addr add 192.168.100.2 dev eth1
"

and I was able to ping that IP through my VPN tunnel successfully. So I think I'm 90% of the way there. Not all of my VPS's will have an "eth1" interface available. How can i create a virtual, internal only interface on linux? Would I need to reference or create an additional loopback and bind the services there?


EDIT - i supppose that answered my own question. I moved the IP from the eth1 interface to the lo:1 interface. It works. I bound my service to the new IP address and the client is able to connect via the VPN.

Is that best practice for what I'm trying to achieve? To add a loopback address?