Set Up Your Own Wireguard VPN Server with 2FA in 5 Minutes!
Vložit
- čas přidán 31. 05. 2024
- The playbook github.com/notthebee/ansible-...
LowEndStock lowendstock.com
DuckDNS duckdns.org
Follow me:
Mastodon mastodon.technology/web/@nott...
GitHub github.com/notthebee
Twitch twitch.com/notthebeee
TikTok / notthebeee
Support the channel:
Patreon / wolfgangschannel
PayPal (one time donation) www.paypal.com/donate/?hosted...
Music:
Mansij - Life With Myself
Kitrano - Slow Evening
Liquidy - Afternoon
Videos are edited with Davinci Resolve Studio. I use Affinity Photo for thumbnails and Ableton Live for audio editing.
Video gear:
Camera geni.us/K8OOyKV (Amazon)
Main lens geni.us/jnnElY4 (Amazon)
Microphone geni.us/tgiSqL (Amazon)
Key light geni.us/Gi1zE2 (Amazon)
Softbox geni.us/F86pM (Amazon)
Secondary light geni.us/aciv (Amazon)
Other stuff that I use:
Monitor geni.us/KUzcmcP (Amazon)
Standing desk www.amazon.de/-/en/Infinitely...
Monitor arm geni.us/5RXu (Amazon)
Laptop stand geni.us/X5vx9Af (Amazon)
Keyboard www.amazon.de/HHKB-PD-KB401W-...
Mouse geni.us/KB7h (Amazon)
Audio interface geni.us/sdhWsC (Amazon)
As an Amazon Associate, I earn from qualifying purchases
Timestamps
00:00 Introduction
01:29 Choosing and buying a VPS
04:21 Logging in and running the playbook
08:05 Setting up two-factor authentication
09:18 Connecting to the VPN on mobile and desktop
10:51 Outro - Věda a technologie
My man has a different haircut every video
He's slowly turning into neck beard/sysadmin
>shaves his neck beard
>gets called a neckbeard anyway
sadge
@@WolfgangsChannel How to change upstream dns server
Wolfgang, I love your setup! I have used many of your ideas :)
Any chance you can go over your strategies towards home automation and your strategies for keeping them secure/isolated?
I've always wanted to do smart home stuff but am concerned about upstream vendors and how they dictate everything.
Would love to see you make a video on this topic as you usually make these things accessible and easy to understand.
Thank you! Useful, direct content and led to a very engaging lab. It was especially neat to experience Ansible like this! I appreciate the time and effort you put into setting this up for the community.
Wolfgang, thank very much for his very usefull installscript. You have done great work that saves people a lot of time. Keep streaming.
VERY nice video. You have gained a new patreon.
I have had some issues with the new functionalities: Optional DNS-over-HTTPS and hosts-based ad-blocking (Adguard, Unbound and DNSCrypt-Proxy)
But I disabled them on the playbook and everything worked...
It is also worth to mention that there is a GUI for wireguard in linux that came in handy for a noob like me.
Now I would love to know a bit more what else can I do with the server!
Thanks for the DuckDNS recommendation!
I've been using a Raspberry Pi Zero W as my IPSec VPN Server that I use to connect to my home network outside and I've been looking at free dns (and indeed, ddns) services to host the Raspberry pi so I don't have to remember the IP address all the time
This will really help me with my servers, especially my website as I'm trying to make a web server and host my portfolio website on it
Where is the 2FA part? You can log into the VPN without a second authenticator 😲
Chișinău is the capital of Moldova and that is the flag of Moldova, but it's the same color as the Romanian flag so it's easy to confuse them 😉. The difference is that Moldovan flag has the cote of arms (eagle behind a shield) and the Romanian flag does not.
Great video, keep em coming. 👍
Works great now :) thank you for your help and another awesome video Wolfgang :)
Advertisement aside, Oracle Cloud Infrastructure gets you an always-free VPS (or up to 4 ARM-based servers) in many locations around the world with 10 TB limit for outbound traffic. It has some hiccups in ports configuration, but still manageable to manually spin up a VPN in 10 minutes.
Do their terms of service allow torrenting “completely legal .iso”? lol. I’ve had my eye on oracle but it’s useless for my needs if I can’t torrent.
I've heard they took away free VPSes from russian accounts though... but I might be wrong
What is the Catch?
@@AriannaEuryaleMusic they want some payment info even for the free tier because "you could (!) update"
The VPS regularly disappears from the webui as well. Great specs and great that it's free but I would never ever pay for it if I need something I can rely on.
Best video on the topic. huge thumbs up. ive followed 5 other guides and the vpn never worked. this one did, so thanks :)
Bro thanks for this, I love it, I installed WireGuard manually but it’s not the same with all the 2FA and the web UI. Thanks a lot!
man how did your channel grow so fast and i didnt even notice.
I mean holy cow you almost have 200k subs and in my head you still had more like 20k subscribers (damn i am stuck in 2019). Congratulations anyway!!!
Hello there. What do you think about Outline as an alternative? As far as I get it does have a UI manager to set up the server.
PS I know the technology is somewhat different but is there a practical difference with WireGuard / OpenVPN for the end user?
Love the content, Wolfgang! Especially the gag on Russia while choosing the VPS is hilarious considering your roots :D
Thanks for making this! I have PIA right now but definitely looking forward to doing this project as well
That's what I wanted to see! You're the man. You're tshirt is 10/10.
and by the way,....du hast mein höchsten Respekt für all deine Expertise und Können in so vielen Bereichen. Absoluter Wahnsinn und nur das Beste für dich. Bitte weiter so und vielen Dank.
When you came out with the original VPN video, I started doing the same thing. Working alone, I miss looking at someone else's code and seeing what cool stuff they're doing with Ansible.
WOW Thanks a lot!!! This project is really the best I have found. Everything is automated what I really love. Second (beside that I have a VPN now) is that I now have finally Fail2Ban and after one day there are already more than 100 IPs banned from trying to login my VPS. Really great solution. Thanks again for your script!!!
Dude, this is the only video that works. Thanks for posting!
I spent a good amount of time yesterday banging my head on the wall trying to replicate this setup trying to avoid your solution with ansible, but I believe now I have seen the error of my ways. This truly took 5 minutes to set up, seems bulletproof, and does everything I want it to (for now 😅). Thanks for the amazing work
What was your Ansible alternative?
@@user-sb9us9ts4o setting up each piece on its own
Thanks a lot mate, really searching for something like this
I haven't found a single tutorial so far that said they'll paste the commands they use in the description and actually do it. This one included.
Hello thanks a lot for the tutorial!!
Just wondering if there's a way to set up additional layer on top of your playbook for adblocking functionality like wirehole?
Looking good and great video, thank you!
Hello Wolfgang,
I'm using a Mac and when I tried to obtain the ssh key with the command, it shows "connection refused"
what steps should I take fix it?
Does the break or impact the installation of additional containers? I tried to install portainer using known working cmds (including adding port 9000) and for the life of me I can't access the webpage outside of the localhost via domain name and direct IP addr. I've tried multiple things and nothing will work. This is a racknerd VPS install with a registered domain. I finally got WG working after installing Debian 11. Kept getting errors using other distros. Thanks!
Can you access your devices across the vpn network? Like your nextcloud at home on your phone through the vpn without needing ssl?
Or would I need something like netbird for that kind of functionality?
love this setup but before I started i added : Secure shared memory - fstab , Disable Open DNS Recursion - Bind9 DNS, Prevent IP Spoofing, Intrusion Detection, Check for RootKits, SELinux - Apparmor : I hope you keep this project up to date graet work
Extremely high quality guide here!
Hi Wolfgang. Is there any other way than using a VPN to combat DoS/DDoS attacks? (That is really all I need it for)
How do you edit VPN seeting after install? Recently I am unable ot repost on X, but if i use other VPN's repost works fine? Sometimes I am unable to access Netflix using my VPN? Is there a wash to fix or hide that it is a VPN? Or what are paid VPN doing differently that they work and mine will not?
Well done Bud! Any advice on installing behind an Nginx Reverse Proxy manager pls? My SSL's faling, and i do have the fqdn pointing at the vpn server ip on port 80...?
Thanks for the guide, very helpful and it definitely got me going. As a matter of fact, I have it up and running for my small business employees to connect to the machines at work, which is great. What I changed is to have Authelia use the LDAP backend instead of the file backend in your OG repo against my LDAP server at work, and it worked fine. But as far as I can tell, Authelia just authorizes a user in regards to wg-easy; once a user logs in, wg-easy shows the same list of configs, which is shared between whoever might log in. For a small business, this is not the end of the world, but it would be really useful to somehow have users see only the configs they "own". Is it possible with the current solutions or should I look elsewhere? wg-easy is simple and looks great to me, but I am afraid that it might be too simplistic in its architecture for what I am trying to achieve. Anyway, great video, thank you very much, it taught me a couple of things, which I am always very appreciative for.
That's amazing! I haven't looked into separate WebUI instances for separate users, and I think you're right in this regard, wg-easy is a bit too simple to handle that. There might be other Wireguard WebUIs that have this feature though. Would be as simple as forking my playbook and replacing a few things
@@WolfgangsChannel Mhm, yeah, I will definitely look into it, thanks. I also thought about forking wg-easy and having it filter configs based on some criteria, ideally the logged in user. Also, append the logged in user name to the config name. That would be a quick fix. Do you know it if can somehow access the user Authelia logged in? A fork would be kind of necessary anyway in order to introduce some link in the UI for “log out” which could simply delete the Authelia cookie. On another note, working with these playbooks is handy, I can definitely see their appeal; sometimes you just need a good example to get you going on something, and your tutorial is just that. Not only does it provide a quick way to get a VPN going, but it also makes for a good Ansible template. Thanks again.
@@WolfgangsChannel Bump. Patching wg-easy is doable. The roadblock is at how to get Authelia to pass a header containing the logged in user name to the backend application, so that it can differentiate and only show configs belonging to that user...
@@WolfgangsChannel Managed to pull it off. It's rather simple actually. The changes are as follows:
1. In file `ansible-easy-vpn/roles/bunkerweb/templates/env.j2`, add `{{ wireguard_host }}_REVERSE_PROXY_HEADERS=Remote-User $user` on the last line.
2. `docker exec -it wg-easy apk add nano`.
3. `docker exec -it wg-easy nano lib/Server.js`
4. `Ctrl + W`, type `return WireGuard.getClients(`, `Enter`. Replace the line with `return WireGuard.getClients(req.header("Remote-User"));`.
5. `Ctrl + W`, type `return WireGuard.createClient(`, `Enter`. 2 lines above (where function starts), add `req.body.name = req.header("Remote-User") + "_" + req.body.name;`.
6. `Ctrl + W`, type `return WireGuard.updateClientName(`, `Enter`. 3 lines above (where function starts), add `req.body.name = req.header("Remote-User") + "_" + req.body.name;`.
7. `Ctrl+X`, `y`, `Enter` to exit nano.
8. `docker exec -it wg-easy nano lib/WireGuard.js`
9. `Ctrl + W`, type `async getClients(remote_user) {`. In this method, replace lines 2 and 4 with this, respectively:
* `const clients = Object.entries(config.clients).filter(([clientId, client]) => client.name.startsWith(remote_user + "_")).map(([clientId, client]) => ({`
* `name: client.name.substring((remote_user + "_").length, client.name.length),`
10. `docker exec -it wg-easy nano www/index.html`
11. `Ctrl+W`, type `New`, `Enter`. After 2 lines, where the `div` closes, add this:
Log out
12. `cd ansible-easy-vpn/`
13. `ansible-playbook run.yml`, enter valut password.
14. `reboot`
This patch has the effect that the headers sent by Authelia always contain the `Remote-User` field populated with the LDAP uid of the currently logged in user. On the wg-easy side, what I did was to prefix config files with "username_", and then filter the returned configs to only include those belonging to the currently logged in user. Finally, steps 10-11 add a "Log out" button to the "wg-easy" web page, so users can easily log out. Remember to replace `example.com` with your actual domain. Good luck, and thanks again for this great tutorial and starting point, I can deploy this now with confidence. Thank you.
I didn’t open a new window to copy the private key to your host machine, I guess the problem is here, could you help me with this please? How to fix this please?
Do you happen to know how can I fix the Deceiptive site ahead warning on authelia login page?
Hi Wolfgang, ich befinde mich aktuell auf dem Graphen vom Dunning-Kruger-Effekt an der Stelle, an der die harte Realität zugeschlagen hat und ich mich langsam aufbaue.
Deswegen wollte ich fragen, ob man das auch mit einem normalen Raspberry Pi Homeserver anstellen kann? Eigentlich eine offensichtliche Antwort, aber ich wollte gerade bei solchen Dingen keine Risiken eingehen.
I do like this security setup as a baseground,
¿Is there any flaw on DMZ all my home-router traffic through a NUC using this playbook?
I was able to setup a VPN following the tutorial and would like to implement it also as a VPN for my home-LAN, but not sure about the security implications of this idea..
Do you know if it’s possible to just send the dns traffic through the vpn?
So to use the vpn only as DNS Blocker with adguard.
If we have a server with Debian11 operating system. We can use wirguard?
Because there was no place to specify KVM at all
Thank you so much for this tutorial! Pretty much every single VPN in Russia is blocked by the government (even paid ones), so creating your own is the only option left.
Ansible did not run on Ubuntu-20-04 but Debian 11 Bullseye worked well! Nice Job. I used RackNerd.
Hey, total noob here.
Just wondering what passphrase do you need to put in at 7:50? Literally everything I've tried returns either the same "enter passphrase" prompt or goes straight to "enter hostname@IP password".
I'm using windows PS and ubuntu 20.04.
False alarm!
You put in the password from 6:10 in the video. Apparently, the password I wrote down was different from the one I copy and pasted somehow. Great script man!
Great tutorial Wolfgang. Quick question -> how do I expose the Adguard Docker instance to the host? As in how do i use the host as my DNS server assuming I'm running a VM within my home network?
Here's what I did: open ports 80, 443, and 51820 in router settings for the IP of the machine hosting the VPN. My router has my DNS server as the preferred DNS. Don't use the QR in the wireguard page, always use the config file when adding devices. Open it with notepad and change the DNS to the IP of your DNS server. Everything seems to be working for me.
Folowed your tutorial toa T. Works great, but now as of late I can not access Netflix or CZcams from this VPN. I can access them from another VPN like ProtonVPN. This leads me to believe it is firewall or some other setting that need to be changed? How do I go about changing those on the VPN or finding what needs to be changed?
Can i run the shell script that you showed in the video on a laptop and use the laptop to host my VPN Server?
might be a stupid question but how do i relog onto my server in terminal after having closed it. When i do ssh root@(my ip) i get "permission denied(publickey)"
I also lost access to the server.
did you manage to solve the problem?
if you configured /etc/ssh/sshd_config to not allow root login, then you should have created another user aside from root. If you have, then you should be able to run `ssh yourUsername@yourIP`
Nice tutorial but I have a question about the limitations we can put on user usage , for example I want to limit a user usage to 10gb and if he reached that , the config file we get him should stop working, how can we do it
The 2FA doesn't work anymore dude. Instead of a link I receive a code which doesn't work.
Hello. I've got one question: When I run the script, I can setup some preconfigured DNS Servers. I picked Cloudflare, because I leave all default. Is Cloudflare in this Setup encrypted with DoT or DoH? Or will the DNS Traffic go in plain text to cloudflare?
Did you enable Adguard?
outstanding wolf thx to u and all your buds
do you use a mist filter? I like the bloom cinematic effect. Can you tell me what color space u use, what gamma, and if u use luts, what lut do u use, I really like your color grading.
Thank you! I don't use a Mist filter in this particular video, because the one I have (1/8) is still too strong for CZcams videos to my taste.
I shoot in S-Log3, but with Rec.709 Gamma instead of S-Gamut. I also don't normally use LUTs and prefer just grading it intuitively
@@WolfgangsChannel Thank you for info :)
Great video! I enjoy your content.
Keep going!
Just out of curiosity: would it be possible to also automate the server deployment (for example with Linode)?
Then you could completely automate the process …
Im actually working on a StackScript for Linode
In theory, you could get rid of the bootstrap script altogether and use a private git repo to host a fork of my repo, but with all of your data already prefilled. In that case it should be as simple as ansible-pull git://blablabla
@@WolfgangsChannel Thank you for the input. I’ll look forward to that Stack Script :)
@@WolfgangsChannel Did you get to finish the script for Linode? If so I'd like to take advantage of it. Thanks.
hallo wolfgang, bei der installation lief alles gut bis auf den punkt show_2fa bekomme nichts angezeigt?!
After installing the script, I can't connect via SSH to the server.
During the installation process, when asked if there is an SSH key, I pressed "n". How do I get SSH access?
Great instructions. Thank you very much! (Almost) everything worked right away. However: After entering the 2FA there is no forwarding to the Wireguard GUI. Do you have any tips on how I can proceed? Best regards.
Thanks for your explanation. i reached to the playbook setup then my internet disconnect and i exit out of the server. Can you plz give me the command for playbook to start from cuz i searched on google and all explain how to setup for playbook and i get confused and i don't want to miss things up. Thanks
what am i supposed to do in the 2fa part, i tried navigating manually to the page but i doesn't work
I would love to get a part 2 on setting up whmcs for automating sales for using the vpn.
I have an Issue deploying this in Ubuntu 20.04, the problem is that when everythig is finished (and show no errors) I can't get in into the URL of destination. I run an NMAP and saw the port 443 and 80 closed. Any thougts?
Club Penguin was an unexpected pleasure to watch
Thank you for the perfect guide - I was easy able to set it up with the same provider. Unfortunately one hope to get a hurdle free access to US Netflix didn't work out as the domain range seems already to be blocked by Netflix - could you check this with your setup?
very lovely and useful set up !
hey, after running through the installer, I can't connect to my vps anymore. I've reset the vps a bunch of times and it always disconnects at this stage and the password or credentials don't work
What should you enter when it says enter phasphrase for key?
This is the best one Wolfgang.
My wireguard web client says "There is an update available!...Updated to Node.js v18". How do I processed.
Hi Wolfgang, Awesome video! I just ran your instructions and everything proceeded smoothly! Wireguard client connects as well but unfortunately I cannot browse anything. Since the internet is heavily restricted in my location, I believe the government has somehow managed to block wireguard connections. Do you have any suggestions? Does changing port helps with that? if so how could it be done? Thanks again, Amazing walk-through!
Windows client log says : "2023-02-14 02:49:41.566: [TUN] [Primary] Handshake for peer 1 (192.3.105.175:51820) did not complete after 5 seconds, retrying (try 2)"
Thank you so much for making this video! Im new to the linux side of the house and this script worked for deb10/11 but failed on 12.4 bookworm with a repo/release error for me. Currently trying to fix!
7:57 I think my system didn't reboot and I'm still logged into my VPS. Is it ok?
Does your playbook script disable browser logging?
I was able to follow until 8:21 where I receive an internal server error 500, is there a reason why?
Nice video. Unrelated to content, but can you share the font that you're using in your terminal? It's great!
would you recommend this setup for someone being behind the Great Firewall China, respectively the current still active and certainly ongoing blocking activities? Any hint and experience is very appreciated. Thank you for your great video and work. smart guy.
Unfortunately, I don't have any experience with circumventing the GFW. As far as I know, they rely heavily on DPI (deep packet inspection) to censor common VPN protocols, and this might include Wireguard. At the same time, some users have told me that they're succesfully using this project from China
@@WolfgangsChannel thks bro, here in China the Great Cat and Mouse Game is fully on. Connectivity is prime, all other wishes for protection or privacy are the luxury of the past. Tor is too slow for daily operation, but certainly an Alamo instance.
Excellent tutorial. Ran into an issue when running the playbook on step "Update and upgrade apt packages". The VPS I purchased was short on memory. Increased the Swap file size on Ubuntu to get past it. Hope this helps someone
Hi Wolfy, maybe you can answer this question. What is the advantage of using a VPN if the VPN company may get served a warrant and have no choice but to comply to give all the IP and logs that went through their VPN to authorities ?
Well thats why you choose a company with a no logs policy. They will keep records about payment, but that only indicated youre their customer, not that you actually used the VPN service at the time of [insert legal event]. Make sure you read through their transparency reports and audits.
Hello Wolfgang, I just came across you channel! EXCELLENT videos ... :-) Thank you very much for taking time to share your expert knowledge! I did learn a lot and reflect some of my ideas. I was investigating how it is possible to set up a docker stack on a VPS which run's WireGuard, AdGuard and Unbound. There is some examples around to have guidance. I was wondering what your opinion of this setup is, as you did not include the AdGuard/Unbound in your playbook. Thank you for you time and thoughts!
Thanks for the suggestion, I will add Adguard/Unbound in a future version of the script
@@WolfgangsChannel Thank you very much for you prompt reply! I am happy that you consider this set up as a suggestion to be implemented in a future version of you playbook! Happy weekend!
Is it possible to bind a torrent application in a docker container to the VPS?
Tried all in accordance with tutorial (even picked up the same VPS provider) but WireGuard works a bit janky for me (drops the connection every 2-3 hours while server stays live). Slow connection (10-15 minutes before it establishes stable connection)on the phone when switching from cellular to my work/home Wi-Fi network and the last, why some websites stopped working (androidpolice or AliExpress) or slow to load? Any advice?
Try adding PersistentKeepalive = 25 to your client config in the [Peer] section
Great video! Will try this out during the weekend. Suggetion: similar ansible playbook for deploying vaultwarden?
Vaultwarden doesn't necessarily need Authelia since it has 2FA built in, but I guess it could be useful for SAML/SSO
Hello, I setup my VPN using the steps in the video, but my phone had to be reset and I lost my 2FA, how do I login to wireguard now?
After inputting the Domain name using duckdns the script hangs, it gives no error and doesn't ask for anything else. It sits this way for over an hour doing nothing. I've tried using both Debian and Ubuntu.
When installing this on my raspberry pi 3b with raspbian 32 lite he gives an error about cryptograph installation. I added the PATH and manual installed rust. But he keeps giving this error. Any idea how to solve this?
Update: it is (kinda) working when using 64 bit of Raspbian OS Lite. After adding domain he gives an error that certbot is not found. After installing certbot it all seems ok. Just to let other people know
maybe outside of the scope of this video, but im trying to run the playbook on a self hosted ct on proxmox and it just keeps failing. ubuntu and debian are both failing at different stages, i can post what the failures are if its at all relevant. basically just wondernig if this will work for a self hosted setup or if i would need to make some changes, or just stick to a vps. thanks for making this for people like me though.
I want to use wireguard VPN with each peer have their static public ipv4.
I want to take a dedicated server with 256 IP so all the 254 IP can be given to each client. Is it possible with wireguard?
Thanks
In case someone else hits this problem.
Just ran the script on a Ubuntu 23.10 linode vm and it hung on the docker installation. Couldn't find docker-ce. I rolled my vm back to 23.04 and everything worked well. I tried manually installing docker before running the script and still had problems.
Wolfgang, I finished the complete setup but after I put in the 2fa part, it stays on that screen and won't redirect me like it's supposed to. Is there something I'm doing wrong? You recently updated the github and not all of the steps lined up
Just navigate to wg.domain.com manually
@@WolfgangsChannel what am i supposed to do in the 2fa part, i tried navigating manually to the page but i doesn't work
for me it is stuck in login page saying one time password "authenticated" but it is not redirecting me to the panel
Hi Wolfgang, your solution amazing and very easy to install. BTW do you have any ideas how to connect wireguard VPN to ldap server?
Hey Wolfgang I like your new hair. Reminds me of my beloved Big Jim figure back in the day. How do the chicks react? They must go wild.
I legit still use the Raspberry Pi VPN guide. I’m even connected to it watching this video.
I can't properly remove it as after deleting file it prompts me that direnv is not installed. Please help thanks.
Is there anyway to keep it from disabling root login? I use my vps for other things besides wireguard.
Is there any option to configure the VPN as layer 2 instead of Layer 3
Thank you for the amazing content Wolfgang!
I am not familiar with setting up a VPN at all and I found this video to be perfect for people like me.
Unfortunately though, after establishing the connection with my Macbook, when I try to browse literally any website, it keeps loading then I get the error: "ERR_CONNECTION_TIMED_OUT" on Chrome.
I have tried everything: from disabling by Firewall temporarily on Mac to setting up the VPN on my iPhone and trying from there, but no luck, always the same result.
I feel I'm so close to get it done, but don't understand what I'm missing and searching on Google didn't help.
Can you please point me in the right direction?
Hey! What VPS did you use to set it up?
@@WolfgangsChannel thank you for the reply! I used a VPS provided by keliweb, since they offer very reliable VPS solutions in Italy and also have their data center located in Italy as well. The reason why I chose to go with them is because I wanted to setup the VPN so that my geolocation can always point to Italy, so it seemed like the best option to go with.
Is there any firewall on the VPS side?
@@WolfgangsChannel Yes! From the VPS dashboard on their website I can access the firewall setting and set global firewall rules (which I currently have set as follows: Input Policy = accept | Output Policy = accept) and single firewall rules (which I believe are like the port forwarding rules - currently there are none set).
Hey, thanks for a great tutorial! I'd really appreciate to see more about bunkerweb, you didn't mention it in this video, but it's in your playbook.
I did mention Bunkerweb in the video
It shows this error when introducing the second one at the end
fatal:[localhost]:failed msg; path /root/.bashrc does not exist rc;257
Hello everyone! after trying to install this vpn on an AWS ubuntu had an issue after entering the domain name. what should i do to fix this? Running certbot in dry-run mode to test the validity of the domain...
sudo: certbot: command not found
sudo: certbot: command not found
Awesome stuff! thank you!
Thanks a lot. Its working as it supposed to. I have one question. Is it possible to use this metod to create tunnel to my home network? Run Ubuntu server on some PC inside my network (or VM) did the same but without a remote VM and use it to remote connecto to my LAN?
Yep. Just make sure to forward the ports 443, 80 and 51820 on your router to the VM
@@WolfgangsChannel Thanks for tips. Works like a charm.
To anyone who wants to try it i had to also forwarded port 22 during the installation and all port forward was TCP excluding 51820 where i had to use UDP.