You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4.7 KiB
4.7 KiB
Alias | Tag | Date | DocType | Hierarchy | location | Performance | Characteristics | Disk | CollapseMetaTable | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
2021-10-11 | Server | NonRoot |
|
|
|
yea |
Parent:: mfxm Website Scope, Privacy & Security
^Top
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
^button-ServerVPNEdit
name Save
type command
action Save current file
id Save
^button-ServerVPNSave
Server VPN
title: Summary
collapse: open
VPN server sitting in France for accessing French media as if at home.
style: number
Server parameters
title: Dashboard access
[Login - HostNamaste](https://www.hostnamaste.com/clients/login)
[Control Panel](https://manage.hostnamaste.com/login.php)
title: Address
The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** .
Services
title: Service description
The VPN server will host a single VPN service and dependencies bare metal.
Installed server dependencies
Security
Program name | Type | Description |
---|---|---|
**[[Configuring Fail2ban | fail2ban]]** | Daemon |
unattended-upgrades | Program | Enables automatic updates of installed programs and OS |
logwatch | Daemon | Monitors activity on server and sends activity logs |
Configuring Telegram bots are also being implemented to receive logs from logwatch & Configuring Monit.
fail2ban
Classic installation with a dedicated configuration:
~~~bash
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~
With the following parameters:
~~~ini
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~
Postfix
#^Top Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / Nextcloud or others. Such a Configuring Postfix is required for every server to work correctly.
UFW
Firewall management, see Configuring UFW for more details.
Dedicated Server parameters
Service | Used value |
---|---|
Port: SSH | 2227 |
Port: WG | 61242 |
Port: WG GUI | 10086 |
VPN Service
title: wireguard installer
[GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers](https://github.com/angristan/wireguard-install)
File repository
title: Client Config files
/home/melchiorbv/wg0-client-(clientname).conf
title: Server Config file
/etc/wireguard/wg0.conf
VPN client parametrisation
title: In `~` for `melchiorbv`
~~~bash
./wireguard-install.sh
~~~
VPN parameters
title: WireGuard config
~~~bash
IPv4 or IPv6 public address: 5.135.0.192
Public interface: eth0
WireGuard interface name: wg0
Server's WireGuard IPv4: 10.66.66.1
Server's WireGuard IPv6: fd42:42:42::1
Server's WireGuard port [1-65535]: 61242
First DNS resolver to use for the clients: 94.140.14.14
Second DNS resolver to use for the clients (optional): 94.140.15.15
~~~
User Interface
title: Open WG's GUI
http://5.135.0.192:10086
Everything is rather self-explanatory.
[Dev Github with help](https://github.com/donaldzou/WGDashboard)
Pricing
VPN Server | One-off cost | Recurring subscription p.a. |
---|
**Server hosting**
| | *$25* ^VPNServerCost
Tasks & Further steps
- Server VPN: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2022-04-05
- Server VPN: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14 ✅ 2022-01-08
- Server VPN: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13