--- Alias: ["VPN"] Tag: ["Server", "Privacy", "Security", "Web"] Date: 2021-10-11 DocType: "Server" Hierarchy: "NonRoot" location: Performance: CPU: 1Core RAM: 1GB Bandwidth: 1T Speed: Characteristics: OS: Ubuntu 20.04 Domiciliation: FR IPv4: 5.135.0.192 Hostname: vpn.mfxm.fr Host: HostNamaste SubDomain: vpn Disk: Capa: 30GB Type: RAID-10 UsedSpace: 17% TimeStamp: 2021-10-11 --- Parent:: [[mfxm Website Scope|mfxm.fr]] ---   ```button name Edit Server parameters type command action MetaEdit: Run MetaEdit id EditMetaData ``` ^button-ServerVPNEdit ```button name Save type command action Save current file id Save ``` ^button-ServerVPNSave   # Server VPN   ```ad-abstract title: Summary collapse: open VPN server sitting in France for accessing French media as if at home. ```   ```toc style: number ```   ---   ### Server parameters   ```ad-quote title: Dashboard access [Login - HostNamaste](https://www.hostnamaste.com/clients/login) [Control Panel](https://manage.hostnamaste.com/login.php) ```   ```ad-quote title: Address The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** . ```   ---   ### Services   ```ad-abstract title: Service description The VPN server will host a single VPN service and dependencies bare metal. ```   #### Installed server dependencies ##### Security | Program name | Type | Description |----------------|------|------------- | **fail2ban** | Daemon | Blocks suspicious attempts to login | **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS | **logwatch** | Daemon | Monitors activity on server and sends activity logs   ##### fail2ban Classic installation with a dedicated configuration: ```ad-command ~~~ sudo nano /etc/fail2ban/jail.d/sshd.local ~~~ ``` With the following parameters: ```ad-code ~~~ [sshd] enabled = true port=2227 maxretry = 10 bantime = 1m ~~~ ```   ##### Postfix Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.   ##### UFW Firewall management, see [[Configuring UFW|here]] for more details.   ---   #### Dedicated Server parameters   | Service | Used value |---------|:---------:   |   **Port: SSH** | 2227 **Port: WG** | 61242   ---   #### VPN Service   ```ad-info title: wireguard installer [GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers](https://github.com/angristan/wireguard-install) ```   ##### File repository ```ad-path title: Client Config files ~~~ /home/melchiorbv/wg0-client-(clientname).conf ~~~ ``` ```ad-path title: Server Config file ~~~ /etc/wireguard/wg0.conf ~~~ ```   ##### VPN client parametrisation ```ad-command title: In `~` for `melchiorbv` ~~~ ./wireguard-install.sh ~~~ ```   ##### VPN parameters ```ad-code title: WireGuard config ~~~ IPv4 or IPv6 public address: 5.135.0.192 Public interface: eth0 WireGuard interface name: wg0 Server's WireGuard IPv4: 10.66.66.1 Server's WireGuard IPv6: fd42:42:42::1 Server's WireGuard port [1-65535]: 61242 First DNS resolver to use for the clients: 94.140.14.14 Second DNS resolver to use for the clients (optional): 94.140.15.15 ~~~ ```   ---   ### Pricing   VPN Server | One-off cost | Recurring subscription p.a. --------|---------------|:----------------------:

**Server hosting**

|   | *$25* ^VPNServerCost   ---   ### Tasks & Further steps   - [ ] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14 - [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13