Obsidian/05.02 Networks/Server VPN.md

---

Alias: ["VPN"]
Tag: ["Server", "Privacy", "Security", "Web"]
Date: 2021-10-11
DocType: "Server"
Hierarchy: "NonRoot"
location:
Performance:
 CPU: 1Core
 RAM: 1GB
 Bandwidth: 1T
 Speed: 
Characteristics:
 OS: Ubuntu 20.04
 Domiciliation: FR
 IPv4: 5.135.0.192
 Hostname: vpn.mfxm.fr
 Host: HostNamaste
 SubDomain: vpn
Disk:
 Capa: 30GB
 Type: RAID-10
 UsedSpace: 17%
 TimeStamp: 2021-10-11

---

Parent:: [[mfxm Website Scope|mfxm.fr]]

---

 

```button
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
```
^button-ServerVPNEdit

```button
name Save
type command
action Save current file
id Save
```
^button-ServerVPNSave

 

# Server VPN

 

```ad-abstract
title: Summary
collapse: open
VPN server sitting in France for accessing French media as if at home.
```

 

```toc
style: number
```

 

---

 

### Server parameters

 

```ad-quote
title: Dashboard access
[Login - HostNamaste](https://www.hostnamaste.com/clients/login)
[Control Panel](https://manage.hostnamaste.com/login.php)

```

 

```ad-quote
title: Address
The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** .
```

 

---

 

### Services

 

```ad-abstract
title: Service description
The VPN server will host a single VPN service and dependencies bare metal.
```

 

#### Installed server dependencies

##### Security

| Program name | Type | Description
|----------------|------|-------------
| **fail2ban** | Daemon | Blocks suspicious attempts to login
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS
| **logwatch** | Daemon | Monitors activity on server and sends activity logs

 

##### fail2ban

Classic installation with a dedicated configuration:

```ad-command
~~~
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~
```

With the following parameters:

```ad-code
~~~
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~
```

 

##### Postfix

Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.

 

##### UFW

Firewall management, see [[Configuring UFW|here]] for more details.

 

---

 

#### Dedicated Server parameters

 

| Service | Used value
|---------|:---------:
  |  
**Port: SSH** | 2227
**Port: WG** | 61242

 

---

 

#### VPN Service

 

```ad-info
title: wireguard installer
[GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers](https://github.com/angristan/wireguard-install)
```

 

##### File repository

```ad-path
title: Client Config files
~~~
/home/melchiorbv/wg0-client-(clientname).conf
~~~
```

```ad-path
title: Server Config file
~~~
/etc/wireguard/wg0.conf
~~~
```

 

##### VPN client parametrisation

```ad-command
title: In `~` for `melchiorbv`
~~~
./wireguard-install.sh
~~~
```

 

##### VPN parameters

```ad-code
title: WireGuard config
~~~
IPv4 or IPv6 public address: 5.135.0.192
Public interface: eth0
WireGuard interface name: wg0
Server's WireGuard IPv4: 10.66.66.1
Server's WireGuard IPv6: fd42:42:42::1
Server's WireGuard port [1-65535]: 61242
First DNS resolver to use for the clients: 94.140.14.14
Second DNS resolver to use for the clients (optional): 94.140.15.15
~~~
```

 

---

 

### Pricing

 

<mark class="green">VPN Server</mark> | One-off cost | Recurring subscription p.a.
--------|---------------|:----------------------:
<p style="color:cyan">**Server hosting**</p> | &emsp; | *$25*
^VPNServerCost

&emsp;

---

&emsp;

### Tasks & Further steps

&emsp;

- [ ] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13


&emsp;
&emsp;