---
Alias: ["VPN"]
Tag: ["Server", "Privacy", "Security", "Web"]
Date: 2021-10-11
DocType: "Server"
Hierarchy: "NonRoot"
location:
Performance:
CPU: 1Core
RAM: 1GB
Bandwidth: 1T
Speed:
Characteristics:
OS: Ubuntu 20.04
Domiciliation: FR
IPv4: 5.135.0.192
Hostname: vpn.mfxm.fr
Host: HostNamaste
SubDomain: vpn
Disk:
Capa: 30GB
Type: RAID-10
UsedSpace: 22%
TimeStamp: 2021-11-13
CollapseMetaTable: yea
---
Parent:: [[mfxm Website Scope|mfxm.fr]], [[Privacy & Security]]
---
^Top
 
```button
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
```
^button-ServerVPNEdit
```button
name Save
type command
action Save current file
id Save
```
^button-ServerVPNSave
 
# Server VPN
 
```ad-abstract
title: Summary
collapse: open
VPN server sitting in France for accessing French media as if at home.
```
 
```toc
style: number
```
 
---
 
### Server parameters
[[#^Top|TOP]]
 
```ad-quote
title: Dashboard access
[Login - HostNamaste ](https://www.hostnamaste.com/clients/login )
[Control Panel ](https://manage.hostnamaste.com/login.php )
```
 
```ad-quote
title: Address
The service will be located under ** [vpn.mfxm.fr ](https://vpn.mfxm.fr )** .
```
 
---
 
### Services
[[#^Top|TOP]]
 
```ad-abstract
title: Service description
The VPN server will host a single VPN service and dependencies bare metal.
```
 
#### Installed server dependencies
[[#^Top|TOP]]
##### Security
| Program name | Type | Description |
| ----------------------- | ------- | ------------------------------------------------------ |
| ** [[Configuring Fail2ban|fail2ban]]** | Daemon | Blocks suspicious attempts to login |
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS |
| **logwatch** | Daemon | Monitors activity on server and sends activity logs |
 
[[Configuring Telegram bots|Telegram bots]] are also being implemented to receive logs from logwatch & [[Configuring Monit|monit]].
 
##### fail2ban
[[#^Top|TOP]]
Classic [[Configuring Fail2ban|fail2ban]] installation with a dedicated configuration:
```ad-command
~~~bash
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~
```
With the following parameters:
```ad-code
~~~yaml
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~
```
 
Please refer to the [[Configuring Fail2ban|conf guide]] for a detailed description.
 
##### Postfix
[[#^Top|TOP]]
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
 
##### UFW
Firewall management, see [[Configuring UFW|here]] for more details.
 
---
 
#### Dedicated Server parameters
[[#^Top|TOP]]
 
| Service | Used value
|---------|:---------:
  |  
**Port: SSH** | 2227
**Port: WG** | 61242
**Port: WG GUI** | 10086
 
---
 
#### VPN Service
[[#^Top|TOP]]
 
```ad-info
title: wireguard installer
[GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers ](https://github.com/angristan/wireguard-install )
```
 
##### File repository
```ad-path
title: Client Config files
/home/melchiorbv/wg0-client-(clientname).conf
```
```ad-path
title: Server Config file
/etc/wireguard/wg0.conf
```
 
##### VPN client parametrisation
[[#^Top|TOP]]
```ad-command
title: In `~` for `melchiorbv`
~~~bash
./wireguard-install.sh
~~~
```
 
##### VPN parameters
```ad-code
title: WireGuard config
~~~bash
IPv4 or IPv6 public address: 5.135.0.192
Public interface: eth0
WireGuard interface name: wg0
Server's WireGuard IPv4: 10.66.66.1
Server's WireGuard IPv6: fd42:42:42::1
Server's WireGuard port [1-65535]: 61242
First DNS resolver to use for the clients: 94.140.14.14
Second DNS resolver to use for the clients (optional): 94.140.15.15
~~~
```
 
---
 
#### User Interface
[[#^Top|TOP]]
```ad-address
title: Open WG's GUI
http://5.135.0.192:10086
```
 
```ad-info
Everything is rather self-explanatory.
[Dev Github with help ](https://github.com/donaldzou/WGDashboard )
```
 
---
 
### Pricing
[[#^Top|TOP]]
 
< mark class = "green" > VPN Server< / mark > | One-off cost | Recurring subscription p.a.
--------|---------------|:----------------------:
< p style = "color:cyan" > **Server hosting**</ p > |   | *$25*
^VPNServerCost
 
---
 
### Tasks & Further steps
 
- [ ] [[Server VPN]]: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday ⏳ 2022-10-04 📅 2022-10-04
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ⏳ 2022-04-12 📅 2022-04-12 ✅ 2022-04-11
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14 ✅ 2022-01-08
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13
- [ ] :shield: [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard %%done_del%% 🔁 every 3 months 📅 2022-09-18
- [x] :shield: [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard 🔁 every 3 months 📅 2022-06-18 ✅ 2022-06-20
- [x] [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard 🔁 every 3 months 📅 2022-03-18 ✅ 2022-03-18
[[#^Top|TOP]]