From 237ba3f31e80eca7f17082928b6fc45b383a7198 Mon Sep 17 00:00:00 2001 From: Mel Date: Mon, 11 Oct 2021 19:15:06 +0100 Subject: [PATCH] vpn init --- .../plugins/obsidian-admonition/data.json | 2 +- .../plugins/obsidian-admonition/manifest.json | 2 +- .../plugins/obsidian-admonition/styles.css | 1 - .obsidian/workspace | 24 +- Networks/@Networks.md | 3 +- Networks/Configuring Monit.md | 7 +- Networks/Configuring Postfix.md | 2 +- Networks/Configuring UFW.md | 2 +- Networks/Server VPN.md | 256 ++++++++++++++++++ Networks/VPS Console Dialogue.md | 2 +- Networks/mfxm Website Scope.md | 19 ++ 11 files changed, 300 insertions(+), 20 deletions(-) create mode 100644 Networks/Server VPN.md diff --git a/.obsidian/plugins/obsidian-admonition/data.json b/.obsidian/plugins/obsidian-admonition/data.json index 4278a9f5..faab4206 100644 --- a/.obsidian/plugins/obsidian-admonition/data.json +++ b/.obsidian/plugins/obsidian-admonition/data.json @@ -43,7 +43,7 @@ }, "syntaxHighlight": false, "copyButton": false, - "version": "6.3.3", + "version": "6.3.4", "autoCollapse": false, "defaultCollapseType": "open", "syncLinks": true, diff --git a/.obsidian/plugins/obsidian-admonition/manifest.json b/.obsidian/plugins/obsidian-admonition/manifest.json index 6d209a32..8fae4bc6 100644 --- a/.obsidian/plugins/obsidian-admonition/manifest.json +++ b/.obsidian/plugins/obsidian-admonition/manifest.json @@ -1,7 +1,7 @@ { "id": "obsidian-admonition", "name": "Admonition", - "version": "6.3.3", + "version": "6.3.4", "minAppVersion": "0.11.0", "description": "Admonition block-styled content for Obsidian.md", "author": "Jeremy Valentine", diff --git a/.obsidian/plugins/obsidian-admonition/styles.css b/.obsidian/plugins/obsidian-admonition/styles.css index 686039cf..5327081d 100644 --- a/.obsidian/plugins/obsidian-admonition/styles.css +++ b/.obsidian/plugins/obsidian-admonition/styles.css @@ -85,7 +85,6 @@ details.admonition:not([open]) { padding-bottom: 0; - box-shadow: none; } details.admonition > summary { diff --git a/.obsidian/workspace b/.obsidian/workspace index d3937756..13102590 100644 --- a/.obsidian/workspace +++ b/.obsidian/workspace @@ -9,7 +9,7 @@ "state": { "type": "markdown", "state": { - "file": "Reading list/@Reading master.md", + "file": "Networks/@Networks.md", "mode": "preview" } } @@ -68,7 +68,7 @@ "state": { "type": "backlink", "state": { - "file": "Reading list/@Reading master.md", + "file": "Networks/@Networks.md", "collapseAll": false, "extraContext": false, "sortOrder": "alphabetical", @@ -107,15 +107,15 @@ }, "active": "c1cbd199334b4022", "lastOpenFiles": [ - "Reading list/@Reading master.md", - "Family/Basville.md", - "Family/Birthdays.md", - "Home/MRCK.md", - "Computer setup/Git.md", - "Computer setup/Tesseract.md", - "Computer setup/VLC.md", - "Computer setup/youtube-dl.md", - "Computer setup/@Computer Set Up.md", - "Computer setup/Internet services.md" + "Networks/@Networks.md", + "Networks/Server VPN.md", + "Networks/Server Tools.md", + "Networks/mfxm Website Scope.md", + "Networks/mfxm.fr.jpg", + "Networks/Selfhosting.md", + "Networks/VPS Console Dialogue.md", + "Networks/Configuring Monit.md", + "Networks/Server Cloud.md", + "Networks/Server Alias.md" ] } \ No newline at end of file diff --git a/Networks/@Networks.md b/Networks/@Networks.md index 8d6b3ad8..d60f0bc8 100644 --- a/Networks/@Networks.md +++ b/Networks/@Networks.md @@ -168,11 +168,12 @@ hide task count ![[Server Alias#^AliasServerCost]] ![[Server Cloud#^CloudServerCost]] ![[Server Tools#^ToolsServerCost]] +![[Server VPN#^VPNServerCost]] |_**Aggregation**_ | One-off Cost | Subscription p.a. |--------|:------------:|:-----------------: -_**Total**_ | *€14.5* | *€118.79* +_**Total**_ | *€14.5* | *€140.29*   diff --git a/Networks/Configuring Monit.md b/Networks/Configuring Monit.md index a4bd1b48..9fbf7d5d 100644 --- a/Networks/Configuring Monit.md +++ b/Networks/Configuring Monit.md @@ -11,7 +11,7 @@ CollapseMetaTable: Yes --- -Parent:: [[Selfhosting]], [[Server Cloud]], [[Server Alias]], [[Server Tools]] +Parent:: [[Selfhosting]], [[Server Cloud]], [[Server Alias]], [[Server Tools]], [[Server VPN]] --- @@ -68,6 +68,11 @@ title: Tools server http://monit-tools.mfxm.fr ``` +```ad-address +title: Cloud server +http://vpn.mfxm.fr:2812 +``` +   --- diff --git a/Networks/Configuring Postfix.md b/Networks/Configuring Postfix.md index 6fe54286..2b13fa5d 100644 --- a/Networks/Configuring Postfix.md +++ b/Networks/Configuring Postfix.md @@ -11,7 +11,7 @@ CollapseMetaTable: Yes --- -Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]] +Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]   diff --git a/Networks/Configuring UFW.md b/Networks/Configuring UFW.md index 6e25bd41..a73fdda2 100644 --- a/Networks/Configuring UFW.md +++ b/Networks/Configuring UFW.md @@ -11,7 +11,7 @@ CollapseMetaTable: Yes --- -Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]] +Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]] --- diff --git a/Networks/Server VPN.md b/Networks/Server VPN.md new file mode 100644 index 00000000..16c95a69 --- /dev/null +++ b/Networks/Server VPN.md @@ -0,0 +1,256 @@ +--- + +Alias: ["VPN"] +Tag: ["Server", "Privacy", "Security", "Web"] +Date: 2021-10-11 +DocType: "Server" +Hierarchy: "NonRoot" +location: +Performance: + CPU: 1Core + RAM: 1GB + Bandwidth: 1T + Speed: +Characteristics: + OS: Ubuntu 20.04 + Domiciliation: FR + IPv4: 5.135.0.192 + Hostname: vpn.mfxm.fr + Host: HostNamaste + SubDomain: vpn +Disk: + Capa: 30GB + Type: RAID-10 + UsedSpace: + TimeStamp: + +--- + +Parent:: [[mfxm Website Scope|mfxm.fr]] + +--- + +  + +```button +name Edit Server parameters +type command +action MetaEdit: Run MetaEdit +id EditMetaData +``` +^button-ServerVPNEdit + +```button +name Save +type command +action Save current file +id Save +``` +^button-ServerVPNSave + +  + +# Server VPN + +  + +```ad-abstract +title: Summary +collapse: open +VPN server sitting in France for accessing French media as if at home. +``` + +  + +```toc +style: number +``` + +  + +--- + +  + +### Server parameters + +  + +```ad-quote +title: Dashboard access +[Login - HostNamaste](https://www.hostnamaste.com/clients/login) +[Control Panel](https://manage.hostnamaste.com/login.php) + +``` + +  + +```ad-quote +title: Address +The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** . +``` + +  + +--- + +  + +### Services + +  + +```ad-abstract +title: Service description +The VPN server will host a single VPN service and dependencies bare metal. +``` + +  + +#### Installed server dependencies + +##### Security + +| Program name | Type | Description +|----------------|------|------------- +| **fail2ban** | Daemon | Blocks suspicious attempts to login +| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS +| **logwatch** | Daemon | Monitors activity on server and sends activity logs + +  + +##### fail2ban + +Classic installation with a dedicated configuration: + +```ad-command +~~~ +sudo nano /etc/fail2ban/jail.d/sshd.local +~~~ +``` + +With the following parameters: + +```ad-code +~~~ +[sshd] +enabled = true +port=2227 +maxretry = 10 +bantime = 1m +~~~ +``` + +  + +##### Postfix + +Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly. + +  + +##### UFW + +Firewall management, see [[Configuring UFW|here]] for more details. + +  + +--- + +  + +#### Dedicated Server parameters + +  + +| Service | Used value +|---------|:---------: +  |   +**Port: SSH** | 2227 +**Port: WG** | 61242 + +  + +--- + +  + +#### VPN Service + +  + +##### File repository + +```ad-path +title: Client Config files +~~~ +/home/melchiorbv/wg0-client-(clientname).conf +~~~ +``` + +```ad-path +title: Server Config file +~~~ +/etc/wireguard/wg0.conf +~~~ +``` + +  + +##### VPN client parametrisation + +```ad-command +title: In `~` for `melchiorbv` +~~~ +./wireguard-install.sh +~~~ +``` + +  + +##### VPN parameters + +```ad-code +title: WireGuard config +~~~ +IPv4 or IPv6 public address: 5.135.0.192 +Public interface: eth0 +WireGuard interface name: wg0 +Server's WireGuard IPv4: 10.66.66.1 +Server's WireGuard IPv6: fd42:42:42::1 +Server's WireGuard port [1-65535]: 61242 +First DNS resolver to use for the clients: 94.140.14.14 +Second DNS resolver to use for the clients (optional): 94.140.15.15 +~~~ +``` + +  + +--- + +  + +### Pricing + +  + +VPN Server | One-off cost | Recurring subscription p.a. +--------|---------------|:----------------------: +

**Server hosting**

|   | *$25* +^VPNServerCost + +  + +--- + +  + +### Tasks & Further steps + +  + +- [ ] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday + + +  +  \ No newline at end of file diff --git a/Networks/VPS Console Dialogue.md b/Networks/VPS Console Dialogue.md index 0eda7a1e..25bc1f41 100644 --- a/Networks/VPS Console Dialogue.md +++ b/Networks/VPS Console Dialogue.md @@ -11,7 +11,7 @@ CollapseMetaTable: Yes --- -Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]] +Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]   diff --git a/Networks/mfxm Website Scope.md b/Networks/mfxm Website Scope.md index 8f33df21..f16f4f73 100644 --- a/Networks/mfxm Website Scope.md +++ b/Networks/mfxm Website Scope.md @@ -207,6 +207,25 @@ https://git.mfxm.fr/melchiorbv/Obsidian.git   +### VPN + +  + +```ad-address +title: sub-domain address +https://vpn.mfxm.fr +``` + +Server details to be found [[Server VPN|here]] + +Today, this server has no GUI and therefore is not accessible from the web. + +  + +--- + +  + ### Pricing | Cost source | One-off cost | Subscription (p.a.)