You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

263 lines
4.0 KiB

---
Alias: ["VPN"]
Tag: ["Server", "Privacy", "Security", "Web"]
Date: 2021-10-11
DocType: "Server"
Hierarchy: "NonRoot"
location:
Performance:
CPU: 1Core
RAM: 1GB
Bandwidth: 1T
Speed:
Characteristics:
OS: Ubuntu 20.04
Domiciliation: FR
IPv4: 5.135.0.192
Hostname: vpn.mfxm.fr
Host: HostNamaste
SubDomain: vpn
Disk:
Capa: 30GB
Type: RAID-10
UsedSpace: 22%
TimeStamp: 2021-11-13
---
Parent:: [[mfxm Website Scope|mfxm.fr]]
---
^Top
 
```button
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
```
^button-ServerVPNEdit
```button
name Save
type command
action Save current file
id Save
```
^button-ServerVPNSave
 
# Server VPN
 
```ad-abstract
title: Summary
collapse: open
VPN server sitting in France for accessing French media as if at home.
```
 
```toc
style: number
```
 
---
 
### Server parameters
[[#^Top|TOP]]
 
```ad-quote
title: Dashboard access
[Login - HostNamaste](https://www.hostnamaste.com/clients/login)
[Control Panel](https://manage.hostnamaste.com/login.php)
```
 
```ad-quote
title: Address
The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** .
```
 
---
 
### Services
[[#^Top|TOP]]
 
```ad-abstract
title: Service description
The VPN server will host a single VPN service and dependencies bare metal.
```
 
#### Installed server dependencies
[[#^Top|TOP]]
##### Security
| Program name | Type | Description
|----------------|------|-------------
| **fail2ban** | Daemon | Blocks suspicious attempts to login
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS
| **logwatch** | Daemon | Monitors activity on server and sends activity logs
 
##### fail2ban
Classic installation with a dedicated configuration:
```ad-command
~~~bash
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~
```
With the following parameters:
```ad-code
~~~yaml
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~
```
 
##### Postfix
[[#^Top|TOP]]
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
 
##### UFW
Firewall management, see [[Configuring UFW|here]] for more details.
 
---
 
#### Dedicated Server parameters
[[#^Top|TOP]]
 
| Service | Used value
|---------|:---------:
  |  
**Port: SSH** | 2227
**Port: WG** | 61242
 
---
 
#### VPN Service
[[#^Top|TOP]]
 
```ad-info
title: wireguard installer
[GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers](https://github.com/angristan/wireguard-install)
```
 
##### File repository
```ad-path
title: Client Config files
/home/melchiorbv/wg0-client-(clientname).conf
```
```ad-path
title: Server Config file
/etc/wireguard/wg0.conf
```
 
##### VPN client parametrisation
[[#^Top|TOP]]
```ad-command
title: In `~` for `melchiorbv`
~~~bash
./wireguard-install.sh
~~~
```
 
##### VPN parameters
```ad-code
title: WireGuard config
~~~bash
IPv4 or IPv6 public address: 5.135.0.192
Public interface: eth0
WireGuard interface name: wg0
Server's WireGuard IPv4: 10.66.66.1
Server's WireGuard IPv6: fd42:42:42::1
Server's WireGuard port [1-65535]: 61242
First DNS resolver to use for the clients: 94.140.14.14
Second DNS resolver to use for the clients (optional): 94.140.15.15
~~~
```
 
---
 
### Pricing
[[#^Top|TOP]]
 
<mark class="green">VPN Server</mark> | One-off cost | Recurring subscription p.a.
--------|---------------|:----------------------:
<p style="color:cyan">**Server hosting**</p> | &emsp; | *$25*
^VPNServerCost
&emsp;
---
&emsp;
### Tasks & Further steps
&emsp;
- [ ] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13
[[#^Top|TOP]]
&emsp;
&emsp;