So, I get its probably better to have everything segregated into one private network, but can't the boxes be public facing? Why not make it easier and just making it public facing to have a more 'real' approach? I know its not hard to download an OpenVPN client but just wondered. Am I being stupid and missing something? You can segregate it through AWS EC2 VPC's the same right?
I am not hating, as having internal IP's makes it cleaner. Just wondering why we do it through a VPN?
Oh and surely its not for encryption as its hacking a deliberately vulnerable system.