Expose public ip of server only through site to site vpn?
I have a request from a new business partner to create a site to site VPN with them. Not an issue done it many times. This site to site will have an SFTP server on our end that they will connect to to transmit files. The catch is they want the sftp server to have a public IP that is routed through the VPN tunnel and they would access it via the public IP. Definitely know how to expose a private endpoint(FTP server) to a public IP(as we have a few in other areas) but I'm unsure how to handle this specific request so the traffic is only routable through the VPN (thereby limiting access to the sftp to only being accessible via that site to site VPN).