[Chugalug] Setting up a VPN: Question about server resources

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] Setting up a VPN: Question about server resources

Lisa Harrison Ridley
I’m looking to set up a VPN on either Linode or Digital Ocean.  I would rate my knowledge level on VPNs as basic.

Question about resources (assume that bandwidth is not an issue):  What is more important, CPU cycles or RAM?  (I would think RAM, but as I mentioned I’m a novice with regard to VPN configuration and operation).

Thanks!


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Jonathan Calloway
A lot of the answers you need depend on how many users.  If it’s just you with a couple of devices, that’s one thing. . . . you, plus your possy, plus a small start-up a friend of yours started, plus all of the folks in this small business that your roommate from college started. .. that’s another thing!

<JC>


On Feb 1, 2018, at 9:01 PM, Lisa Harrison Ridley <[hidden email]> wrote:

I’m looking to set up a VPN on either Linode or Digital Ocean.  I would rate my knowledge level on VPNs as basic.

Question about resources (assume that bandwidth is not an issue):  What is more important, CPU cycles or RAM?  (I would think RAM, but as I mentioned I’m a novice with regard to VPN configuration and operation).

Thanks!

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPS: Question about server resources

Lisa Harrison Ridley
In reply to this post by Lisa Harrison Ridley
Sorry that should be VPS, not VPN (tired, been talking too many acronyms today).

On Feb 1, 2018, 9:01 PM -0500, Lisa Harrison Ridley <[hidden email]>, wrote:
I’m looking to set up a VPN on either Linode or Digital Ocean.  I would rate my knowledge level on VPNs as basic.

Question about resources (assume that bandwidth is not an issue):  What is more important, CPU cycles or RAM?  (I would think RAM, but as I mentioned I’m a novice with regard to VPN configuration and operation).

Thanks!


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Lisa Harrison Ridley
In reply to this post by Jonathan Calloway
It’s just me

On Feb 1, 2018, 9:05 PM -0500, Jonathan Calloway <[hidden email]>, wrote:
A lot of the answers you need depend on how many users.  If it’s just you with a couple of devices, that’s one thing. . . . you, plus your possy, plus a small start-up a friend of yours started, plus all of the folks in this small business that your roommate from college started. .. that’s another thing!

<JC>


On Feb 1, 2018, at 9:01 PM, Lisa Harrison Ridley <[hidden email]> wrote:

I’m looking to set up a VPN on either Linode or Digital Ocean.  I would rate my knowledge level on VPNs as basic.

Question about resources (assume that bandwidth is not an issue):  What is more important, CPU cycles or RAM?  (I would think RAM, but as I mentioned I’m a novice with regard to VPN configuration and operation).

Thanks!

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Lisa Harrison Ridley
Let me clarify….

* It is just for me.
* I need to be able to whitelist an IP address for server access with a couple of clients
* I work from home and have a dynamic IP address that doesn’t change often but it does occasionally change
* I like the freedom to work from various locations — cabins in the mountains, beach condo, etc.

On Feb 1, 2018, 9:07 PM -0500, Lisa Harrison Ridley <[hidden email]>, wrote:
It’s just me

On Feb 1, 2018, 9:05 PM -0500, Jonathan Calloway <[hidden email]>, wrote:
A lot of the answers you need depend on how many users.  If it’s just you with a couple of devices, that’s one thing. . . . you, plus your possy, plus a small start-up a friend of yours started, plus all of the folks in this small business that your roommate from college started. .. that’s another thing!

<JC>


On Feb 1, 2018, at 9:01 PM, Lisa Harrison Ridley <[hidden email]> wrote:

I’m looking to set up a VPN on either Linode or Digital Ocean.  I would rate my knowledge level on VPNs as basic.

Question about resources (assume that bandwidth is not an issue):  What is more important, CPU cycles or RAM?  (I would think RAM, but as I mentioned I’m a novice with regard to VPN configuration and operation).

Thanks!

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Dave Brockman
On 2/1/2018 9:08 PM, Lisa Harrison Ridley wrote:
> Let me clarify….
>
> * It is just for me.
> * I need to be able to whitelist an IP address for server access with a
> couple of clients
> * I work from home and have a dynamic IP address that doesn’t change
> often but it does occasionally change
> * I like the freedom to work from various locations — cabins in the
> mountains, beach condo, etc.

What are you going to do with the VPS, aside from ssh into it from
various locations around the world, and use it as a jump box to access
other resources (also via SSH?)?  If that's it, you won't really use
enough of either CPU or RAM to matter.  Spin up a debian-minimal on at
least 512MB of RAM and you should be golden.  You can get something
suitable at Ramnode for a year for about 3 months of the lowest Linode
tier, btw.

Regards,

dtb


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

JustinMcAfee
You also could just purchase a DYNDNS (dynamic Dns) and set up the server on a VM. DYN has a nice service (ddclient) that runs in the background of Debian derived servers every n seconds and updates the dns records. I use it for my vpn and it works great. Then I have a series of VPS' on a free ESXI 6.5 license.

​Justin McAfee, cipher6
PGP Public Key: https://flowcrypt.com/pub/justinamcafee
**********************************************************************
* To any NSA and FBI agents reading my email: please consider *
* whether defending the US Constitution against all enemies,       *
* foreign or domestic, requires you to follow Snowden's example. *
**********************************************************************

Sent with ProtonMail Secure Email.


-------- Original Message --------
 On February 1, 2018 8:31 PM, Dave Brockman <[hidden email]> wrote:

>On 2/1/2018 9:08 PM, Lisa Harrison Ridley wrote:
>>Let me clarify….
>> - It is just for me.
>>
>> - I need to be able to whitelist an IP address for server access with a
>> couple of clients
>>
>> - I work from home and have a dynamic IP address that doesn’t change
>> often but it does occasionally change
>>
>> - I like the freedom to work from various locations — cabins in the
>> mountains, beach condo, etc.
>>
>>
> What are you going to do with the VPS, aside from ssh into it from
> various locations around the world, and use it as a jump box to access
> other resources (also via SSH?)?  If that's it, you won't really use
> enough of either CPU or RAM to matter.  Spin up a debian-minimal on at
> least 512MB of RAM and you should be golden.  You can get something
> suitable at Ramnode for a year for about 3 months of the lowest Linode
> tier, btw.
>
> Regards,
>
> dtb
>
>
>Chugalug mailing list
>[hidden email]
>http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Dave Brockman
On 2/3/2018 9:43 AM, JustinMcAfee wrote:
> You also could just purchase a DYNDNS (dynamic Dns) and set up the server on a VM. DYN has a nice service (ddclient) that runs in the background of Debian derived servers every n seconds and updates the dns records. I use it for my vpn and it works great. Then I have a series of VPS' on a free ESXI 6.5 license.

Dyn doesn't give Lisa an IP address the customer can put into their
firewall to allow Lisa to connect from.  I believe that was her purpose.

Regards,

dtb



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Stephen Kraus
I know with PfSense you can setup a script that updates firewall entries when DynDNS updates.

On Sat, Feb 3, 2018 at 11:42 AM, Dave Brockman <[hidden email]> wrote:
On 2/3/2018 9:43 AM, JustinMcAfee wrote:
> You also could just purchase a DYNDNS (dynamic Dns) and set up the server on a VM. DYN has a nice service (ddclient) that runs in the background of Debian derived servers every n seconds and updates the dns records. I use it for my vpn and it works great. Then I have a series of VPS' on a free ESXI 6.5 license.

Dyn doesn't give Lisa an IP address the customer can put into their
firewall to allow Lisa to connect from.  I believe that was her purpose.

Regards,

dtb



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Dave Brockman
On 2/3/2018 11:45 AM, Stephen Kraus wrote:
> I know with PfSense you can setup a script that updates firewall entries
> when DynDNS updates.

pf and iptables can both be dynamically managed with scripts.  I suspect
neither of those things helps Lisa's situation.

Regards,

dtb



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Setting up a VPN: Question about server resources

Billy
1) There’s always port knocking:


2) Or, do what I did and setup OpenVPN using two way ssl and a packet secret:

OpenVPN will silently drop non-signed packets, and if it’s signed with the key, then your client must also present a valid client certificate signed by the server’s CA.

Once connected, you can connect to the server as if on your local LAN.

3) Additionally, could just setup the ssh server to only allow RSA/DSA authentication, then disable password logins, and enable login for one specific user -yourself.

--b

On Feb 3, 2018, at 12:04 PM, Dave Brockman <[hidden email]> wrote:

On 2/3/2018 11:45 AM, Stephen Kraus wrote:
I know with PfSense you can setup a script that updates firewall entries
when DynDNS updates.

pf and iptables can both be dynamically managed with scripts.  I suspect
neither of those things helps Lisa's situation.

Regards,

dtb


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug