--- Alias: ["VPN"] Tag: ["Server", "Privacy", "Security", "Web"] Date: 2021-10-11 DocType: "Server" Hierarchy: "NonRoot" location: Performance: CPU: 1Core RAM: 1GB Bandwidth: 1T Speed: Characteristics: OS: Ubuntu 20.04 Domiciliation: FR IPv4: 5.135.0.192 Hostname: vpn.mfxm.fr Host: HostNamaste SubDomain: vpn Disk: Capa: 30GB Type: RAID-10 UsedSpace: 22% TimeStamp: 2021-11-13 CollapseMetaTable: yea --- Parent:: [[mfxm Website Scope|mfxm.fr]], [[Privacy & Security]] --- ^Top ```button name Edit Server parameters type command action MetaEdit: Run MetaEdit id EditMetaData ``` ^button-ServerVPNEdit ```button name Save type command action Save current file id Save ``` ^button-ServerVPNSave # Server VPN ```ad-abstract title: Summary collapse: open VPN server sitting in France for accessing French media as if at home. ``` ```toc style: number ``` --- ### Server parameters [[#^Top|TOP]] ```ad-quote title: Dashboard access [Login - HostNamaste](https://www.hostnamaste.com/clients/login) [Control Panel](https://manage.hostnamaste.com/login.php) ``` ```ad-quote title: Address The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** . ``` --- ### Services [[#^Top|TOP]] ```ad-abstract title: Service description The VPN server will host a single VPN service and dependencies bare metal. ``` #### Installed server dependencies [[#^Top|TOP]] ##### Security | Program name | Type | Description | | ----------------------- | ------- | ------------------------------------------------------ | | **[[Configuring Fail2ban|fail2ban]]** | Daemon | Blocks suspicious attempts to login | | **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS | | **logwatch** | Daemon | Monitors activity on server and sends activity logs | [[Configuring Telegram bots|Telegram bots]] are also being implemented to receive logs from logwatch & [[Configuring Monit|monit]]. ##### fail2ban [[#^Top|TOP]] Classic [[Configuring Fail2ban|fail2ban]] installation with a dedicated configuration: ```ad-command ~~~bash sudo nano /etc/fail2ban/jail.d/sshd.local ~~~ ``` With the following parameters: ```ad-code ~~~yaml [sshd] enabled = true port=2227 maxretry = 10 bantime = 1m ~~~ ``` Please refer to the [[Configuring Fail2ban|conf guide]] for a detailed description. ##### Postfix [[#^Top|TOP]] Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly. ##### UFW Firewall management, see [[Configuring UFW|here]] for more details. --- #### Dedicated Server parameters [[#^Top|TOP]] | Service | Used value |---------|:---------: | **Port: SSH** | 2227 **Port: WG** | 61242 **Port: WG GUI** | 10086 --- #### VPN Service [[#^Top|TOP]] ```ad-info title: wireguard installer [GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers](https://github.com/angristan/wireguard-install) ``` ##### File repository ```ad-path title: Client Config files /home/melchiorbv/wg0-client-(clientname).conf ``` ```ad-path title: Server Config file /etc/wireguard/wg0.conf ``` ##### VPN client parametrisation [[#^Top|TOP]] ```ad-command title: In `~` for `melchiorbv` ~~~bash ./wireguard-install.sh ~~~ ``` ##### VPN parameters ```ad-code title: WireGuard config ~~~bash IPv4 or IPv6 public address: 5.135.0.192 Public interface: eth0 WireGuard interface name: wg0 Server's WireGuard IPv4: 10.66.66.1 Server's WireGuard IPv6: fd42:42:42::1 Server's WireGuard port [1-65535]: 61242 First DNS resolver to use for the clients: 94.140.14.14 Second DNS resolver to use for the clients (optional): 94.140.15.15 ~~~ ``` --- #### User Interface [[#^Top|TOP]] ```ad-address title: Open WG's GUI http://5.135.0.192:10086 ``` ```ad-info Everything is rather self-explanatory. [Dev Github with help](https://github.com/donaldzou/WGDashboard) ``` --- ### Pricing [[#^Top|TOP]] VPN Server | One-off cost | Recurring subscription p.a. --------|---------------|:----------------------:
**Server hosting**
| | *$25* ^VPNServerCost --- ### Tasks & Further steps - [ ] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2022-04-05 - [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14 ✅ 2022-01-08 - [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13 - [ ] [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard 🔁 every 3 months 📅 2022-06-18 - [x] [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard 🔁 every 3 months 📅 2022-03-18 ✅ 2022-03-18 [[#^Top|TOP]]