You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
300 lines
5.4 KiB
300 lines
5.4 KiB
---
|
|
|
|
Alias: ["VPN"]
|
|
Tag: ["Server", "Privacy", "Security", "Web"]
|
|
Date: 2021-10-11
|
|
DocType: "Server"
|
|
Hierarchy: "NonRoot"
|
|
location:
|
|
Performance:
|
|
CPU: 1Core
|
|
RAM: 1GB
|
|
Bandwidth: 1T
|
|
Speed:
|
|
Characteristics:
|
|
OS: Ubuntu 20.04
|
|
Domiciliation: FR
|
|
IPv4: 5.135.0.192
|
|
Hostname: vpn.mfxm.fr
|
|
Host: HostNamaste
|
|
SubDomain: vpn
|
|
Disk:
|
|
Capa: 30GB
|
|
Type: RAID-10
|
|
UsedSpace: 22%
|
|
TimeStamp: 2021-11-13
|
|
CollapseMetaTable: yea
|
|
|
|
---
|
|
|
|
Parent:: [[mfxm Website Scope|mfxm.fr]], [[Privacy & Security]]
|
|
|
|
---
|
|
|
|
^Top
|
|
|
|
 
|
|
|
|
```button
|
|
name Edit Server parameters
|
|
type command
|
|
action MetaEdit: Run MetaEdit
|
|
id EditMetaData
|
|
```
|
|
^button-ServerVPNEdit
|
|
|
|
```button
|
|
name Save
|
|
type command
|
|
action Save current file
|
|
id Save
|
|
```
|
|
^button-ServerVPNSave
|
|
|
|
 
|
|
|
|
# Server VPN
|
|
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Summary
|
|
collapse: open
|
|
VPN server sitting in France for accessing French media as if at home.
|
|
```
|
|
|
|
 
|
|
|
|
```toc
|
|
style: number
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Server parameters
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
```ad-quote
|
|
title: Dashboard access
|
|
[Login - HostNamaste](https://www.hostnamaste.com/clients/login)
|
|
[Control Panel](https://manage.hostnamaste.com/login.php)
|
|
|
|
```
|
|
|
|
 
|
|
|
|
```ad-quote
|
|
title: Address
|
|
The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** .
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Services
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Service description
|
|
The VPN server will host a single VPN service and dependencies bare metal.
|
|
```
|
|
|
|
 
|
|
|
|
#### Installed server dependencies
|
|
[[#^Top|TOP]]
|
|
##### Security
|
|
|
|
| Program name | Type | Description |
|
|
| ----------------------- | ------- | ------------------------------------------------------ |
|
|
| **[[Configuring Fail2ban|fail2ban]]** | Daemon | Blocks suspicious attempts to login |
|
|
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS |
|
|
| **logwatch** | Daemon | Monitors activity on server and sends activity logs |
|
|
|
|
 
|
|
|
|
[[Configuring Telegram bots|Telegram bots]] are also being implemented to receive logs from logwatch & [[Configuring Monit|monit]].
|
|
|
|
 
|
|
|
|
##### fail2ban
|
|
[[#^Top|TOP]]
|
|
Classic [[Configuring Fail2ban|fail2ban]] installation with a dedicated configuration:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo nano /etc/fail2ban/jail.d/sshd.local
|
|
~~~
|
|
```
|
|
|
|
With the following parameters:
|
|
|
|
```ad-code
|
|
~~~yaml
|
|
[sshd]
|
|
enabled = true
|
|
port=2227
|
|
maxretry = 10
|
|
bantime = 1m
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
Please refer to the [[Configuring Fail2ban|conf guide]] for a detailed description.
|
|
|
|
 
|
|
|
|
##### Postfix
|
|
[[#^Top|TOP]]
|
|
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
|
|
|
|
 
|
|
|
|
##### UFW
|
|
|
|
Firewall management, see [[Configuring UFW|here]] for more details.
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
#### Dedicated Server parameters
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
| Service | Used value
|
|
|---------|:---------:
|
|
  |  
|
|
**Port: SSH** | 2227
|
|
**Port: WG** | 61242
|
|
**Port: WG GUI** | 10086
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
#### VPN Service
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
```ad-info
|
|
title: wireguard installer
|
|
[GitHub - angristan/wireguard-install: WireGuard VPN installer for Linux servers](https://github.com/angristan/wireguard-install)
|
|
```
|
|
|
|
 
|
|
|
|
##### File repository
|
|
|
|
```ad-path
|
|
title: Client Config files
|
|
/home/melchiorbv/wg0-client-(clientname).conf
|
|
```
|
|
|
|
```ad-path
|
|
title: Server Config file
|
|
/etc/wireguard/wg0.conf
|
|
```
|
|
|
|
 
|
|
|
|
##### VPN client parametrisation
|
|
[[#^Top|TOP]]
|
|
```ad-command
|
|
title: In `~` for `melchiorbv`
|
|
~~~bash
|
|
./wireguard-install.sh
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
##### VPN parameters
|
|
|
|
```ad-code
|
|
title: WireGuard config
|
|
~~~bash
|
|
IPv4 or IPv6 public address: 5.135.0.192
|
|
Public interface: eth0
|
|
WireGuard interface name: wg0
|
|
Server's WireGuard IPv4: 10.66.66.1
|
|
Server's WireGuard IPv6: fd42:42:42::1
|
|
Server's WireGuard port [1-65535]: 61242
|
|
First DNS resolver to use for the clients: 94.140.14.14
|
|
Second DNS resolver to use for the clients (optional): 94.140.15.15
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
#### User Interface
|
|
[[#^Top|TOP]]
|
|
|
|
```ad-address
|
|
title: Open WG's GUI
|
|
http://5.135.0.192:10086
|
|
```
|
|
|
|
 
|
|
|
|
```ad-info
|
|
Everything is rather self-explanatory.
|
|
[Dev Github with help](https://github.com/donaldzou/WGDashboard)
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Pricing
|
|
[[#^Top|TOP]]
|
|
 
|
|
|
|
<mark class="green">VPN Server</mark> | One-off cost | Recurring subscription p.a.
|
|
--------|---------------|:----------------------:
|
|
<p style="color:cyan">**Server hosting**</p> |   | *$25*
|
|
^VPNServerCost
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Tasks & Further steps
|
|
|
|
 
|
|
|
|
- [ ] [[Server VPN]]: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday ⏳ 2022-10-04 📅 2022-10-04
|
|
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ⏳ 2022-04-12 📅 2022-04-12 ✅ 2022-04-11
|
|
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14 ✅ 2022-01-08
|
|
- [x] [[Server VPN]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13
|
|
|
|
- [ ] :shield: [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard %%done_del%% 🔁 every 3 months 📅 2022-09-18
|
|
- [x] :shield: [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard 🔁 every 3 months 📅 2022-06-18 ✅ 2022-06-20
|
|
- [x] [[Selfhosting]], [[Server VPN|VPN]]: Check VPN state & dashboard 🔁 every 3 months 📅 2022-03-18 ✅ 2022-03-18
|
|
|
|
[[#^Top|TOP]]
|
|
|
|
 
|
|
  |