Hi Lee,
If you are allowing remote access only to SQL Server Database on a Windows server with a 'sql login' have you tried these steps.
1) Identify IP address of your server.
2) Identify the Port used for SQL Server
(I dont understand why you stated that it's wide open if using default port - a user still needs to be in SQL Server to get access - could you explain)
3) Use connects via VPN
4) Once authenticated uses local SSMS
connects via IP: (e.g. if ip is 192.1.1.1)
connection could be in the server name: 192.1.1.1,1433
login would be a 'sql login' you have created since you mentioned you don't have windows logins setup.
1. The server has an external IP which I know because I use that to connect to it via RDP
2. 1433
b. If I open port 1433 on the firewall, anyone in the world can try and connect to that port and potentially connect if they crack a password
3. Yes, I have set up a VPN to the server, and it allows me to connect, but I still can't access the SQL Server using SSMS on my local machine unless Ipoen the port on the firewall, but that negates the need for the VPN.
To verify, I have opened port 1433 on the firewall. Now I can connect to the SQL server remotely with or without the VPN which isn't what I want. I only want someone to be able to conenct to SQL once they have the VPN conencted. How do I do that?
Thanks,
~L
Regards,
Lee