HomeAboutMailing ListList Chatter /0/0 3.84.186.122

Setting up a VPN: Question about server resources

2018-03-05 by: Lisa Harrison Ridley
From: Lisa Harrison Ridley 
------------------------------------------------------
I=E2=80=99m looking to set up a VPN on either Linode or Digital Ocean. =C2=
=A0I would rate my knowledge level on VPNs as basic.

Question about resources (assume that bandwidth is not an issue): =C2=A0W=
hat is more important, CPU cycles or RAM=3F =C2=A0(I would think RAM, but=
 as I mentioned I=E2=80=99m a novice with regard to VPN configuration and=
 operation).

Thanks=21

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg
bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn
aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Jonathan Calloway ------------------------------------------------------ A lot of the answers you need depend on how many users. If it=E2=80=99s = just you with a couple of devices, that=E2=80=99s one thing. . . . you, = plus your possy, plus a small start-up a friend of yours started, plus = all of the folks in this small business that your roommate from college = started. .. that=E2=80=99s another thing! wrote: I would rate my knowledge level on VPNs as basic. What is more important, CPU cycles or RAM? (I would think RAM, but as I = mentioned I=E2=80=99m a novice with regard to VPN configuration and = operation).

=============================================================== From: Lisa Harrison Ridley ------------------------------------------------------ It=E2=80=99s just me =99s just you with a couple of devices, that=E2=80=99s one thing. . . . y= ou, plus your possy, plus a small start-up a friend of yours started, plu= s all of the folks in this small business that your roommate from college= started. .. that=E2=80=99s another thing=21 . =C2=A0I would rate my knowledge level on VPNs as basic. =A0What is more important, CPU cycles or RAM=3F =C2=A0(I would think RAM,= but as I mentioned I=E2=80=99m a novice with regard to VPN configuration= and operation). =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Lisa Harrison Ridley ------------------------------------------------------ Let me clarify=E2=80=A6. * It is just for me. * I need to be able to whitelist an IP address for server access with a c= ouple of clients * I work from home and have a dynamic IP address that doesn=E2=80=99t cha= nge often but it does occasionally change * I like the freedom to work from various locations =E2=80=94 cabins in t= he mountains, beach condo, etc. =80=99s just you with a couple of devices, that=E2=80=99s one thing. . . = . you, plus your possy, plus a small start-up a friend of yours started, = plus all of the folks in this small business that your roommate from coll= ege started. .. that=E2=80=99s another thing=21 an. =C2=A0I would rate my knowledge level on VPNs as basic. =A0What is more important, CPU cycles or RAM=3F =C2=A0(I would think RAM,= but as I mentioned I=E2=80=99m a novice with regard to VPN configuration= and operation). =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Dave Brockman ------------------------------------------------------ hange the What are you going to do with the VPS, aside from ssh into it from various locations around the world, and use it as a jump box to access other resources (also via SSH?)? If that's it, you won't really use enough of either CPU or RAM to matter. Spin up a debian-minimal on at least 512MB of RAM and you should be golden. You can get something suitable at Ramnode for a year for about 3 months of the lowest Linode tier, btw. Regards, dtb X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: JustinMcAfee ------------------------------------------------------ You also could just purchase a DYNDNS (dynamic Dns) and set up the server on a VM. DYN has a nice service (ddclient) that runs in the background of Debian derived servers every n seconds and updates the dns records. I use it for my vpn and it works great. Then I have a series of VPS' on a free ESXI 6.5 license. ​Justin McAfee, cipher6 PGP Public Key: https://flowcrypt.com/pub/justinamcafee ********************************************************************** * To any NSA and FBI agents reading my email: please consider * * whether defending the US Constitution against all enemies,       * * foreign or domestic, requires you to follow Snowden's example. * ********************************************************************** Sent with ProtonMail Secure Email. ​ -------- Original Message -------- On February 1, 2018 8:31 PM, Dave Brockman wrote:

=============================================================== From: Dave Brockman ------------------------------------------------------ er on a VM. DYN has a nice service (ddclient) that runs in the background= of Debian derived servers every n seconds and updates the dns records. I= use it for my vpn and it works great. Then I have a series of VPS' on a = free ESXI 6.5 license.=20 Dyn doesn't give Lisa an IP address the customer can put into their firewall to allow Lisa to connect from. I believe that was her purpose. Regards, dtb X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Stephen Kraus ------------------------------------------------------ I know with PfSense you can setup a script that updates firewall entries when DynDNS updates.

=============================================================== From: Dave Brockman ------------------------------------------------------ s pf and iptables can both be dynamically managed with scripts. I suspect neither of those things helps Lisa's situation. Regards, dtb X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Billy ------------------------------------------------------ 1) There=E2=80=99s always port knocking: https://en.m.wikipedia.org/wiki/Port_knocking 2) Or, do what I did and setup OpenVPN using two way ssl and a packet secret= : OpenVPN will silently drop non-signed packets, and if it=E2=80=99s signed wi= th the key, then your client must also present a valid client certificate si= gned by the server=E2=80=99s CA. Once connected, you can connect to the server as if on your local LAN. 3) Additionally, could just setup the ssh server to only allow RSA/DSA authe= ntication, then disable password logins, and enable login for one specific u= ser -yourself. --b