melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b6f33bcddf'
${ noResults }
Obsidian/05.02 Networks/Server VPN.md

4.0 KiB
Raw Blame History Escape

Alias Tag Date DocType Hierarchy location Performance Characteristics Disk
VPN
Server
Privacy
Security
Web
2021-10-11 Server NonRoot
CPU RAM Bandwidth Speed
1Core 1GB 1T
OS Domiciliation IPv4 Hostname Host SubDomain
Ubuntu 20.04 FR 5.135.0.192 vpn.mfxm.fr HostNamaste vpn
Capa Type UsedSpace TimeStamp
30GB RAID-10 17% 2021-10-11

Parent:: mfxm Website Scope

^Top

name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData

^button-ServerVPNEdit

name Save
type command
action Save current file
id Save

^button-ServerVPNSave

Server VPN

title: Summary
collapse: open
VPN server sitting in France for accessing French media as if at home.


style: number

Server parameters

#^Top 

title: Dashboard access
[Login - HostNamaste](https://www.hostnamaste.com/clients/login)
[Control Panel](https://manage.hostnamaste.com/login.php)



title: Address
The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** .

Services

#^Top 

title: Service description
The VPN server will host a single VPN service and dependencies bare metal.

Installed server dependencies

#^Top

Security
Program name Type Description
fail2ban Daemon Blocks suspicious attempts to login
unattended-upgrades Program Enables automatic updates of installed programs and OS
logwatch Daemon Monitors activity on server and sends activity logs

fail2ban

Classic installation with a dedicated configuration:

~~~bash
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~

With the following parameters:

~~~
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~

Postfix

#^Top Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / Nextcloud or others. Such a Configuring Postfix is required for every server to work correctly.

UFW

Firewall management, see Configuring UFW for more details.

Dedicated Server parameters

#^Top

Service Used value
Port: SSH 2227
Port: WG 61242

VPN Service

#^Top 

title: wireguard installer
[GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers](https://github.com/angristan/wireguard-install)

File repository
title: Client Config files
~~~
/home/melchiorbv/wg0-client-(clientname).conf
~~~

title: Server Config file
~~~
/etc/wireguard/wg0.conf
~~~

VPN client parametrisation

#^Top

title: In `~` for `melchiorbv`
~~~bash
./wireguard-install.sh
~~~

VPN parameters
title: WireGuard config
~~~
IPv4 or IPv6 public address: 5.135.0.192
Public interface: eth0
WireGuard interface name: wg0
Server's WireGuard IPv4: 10.66.66.1
Server's WireGuard IPv6: fd42:42:42::1
Server's WireGuard port [1-65535]: 61242
First DNS resolver to use for the clients: 94.140.14.14
Second DNS resolver to use for the clients (optional): 94.140.15.15
~~~

Pricing

#^Top

VPN Server One-off cost Recurring subscription p.a.

**Server hosting**

| | *$25* ^VPNServerCost

Tasks & Further steps

  • Server VPN: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14
  • Server VPN: Backup server 🔁 every 6 months on the 1st Tuesday 2021-10-13

#^Top