Skip to main content

VPN Deployment | Part 1

l7CCGbgadndpc62P-foss-da-vpn.png

About

This is one of the most important part of this FOSS Digital Agency series.

A VPN with a dedicated IP can be your key to greater infrastructure security and protection. In this deployment, we will unlock the potential of secure computing for your business or personal use.

Why VPN?

Reason, why we need our own VPN is to protect SSH ports 22 on our servers and other applications, that are not meant for public access. This is the easiest solution for complete protection on any ports.

Video Walkthrough

Deployment

Overview

WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.

This is an open-source software stack. Please consider sponsoring Wirehole project or via you can buy a coffe for developer. For more information about Wirehole check project on Github.

Basic Server Security

Please follow this guide to set-up Basic Server Security.

Create firewall rules as shown in the video walkthrough and open port 51820/udp!

Docker Engine Installation

Make sure to install latest Docker Engine packages. For more information, please see official docker website.

  1. Set up the repository:
sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
  1. Add Docker’s official GPG key:
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  1. Use the following command to set up the repository:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  1. Install Docker services
sudo apt-get update && sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
  1. Test hello-world image:
sudo docker run hello-world
  1. Add user to Docker group:
sudo usermod -aG docker username

Replace user username with username, you have chosen.

Wirehole Download & Installation

We need to download Wirehole repo from Github.

  1. Clone repository:
git clone https://github.com/IAmStoxe/wirehole.git && cd wirehole

Make sure to change value from latest to 1.16.0 in unbound, otherwise you will run into issues. More info in video walkthrough.

sm3OoLMERr7tT67r-termius-bjejgkynof.png

  1. Change values in docker-compose.yml:

Change Timezone (TZ) and peers value (PEERS) for how many peers to generate for you (clients).

  1. Navigate to unbound directory:
cd unbound
  1. Edit Unboud config:
nano unbound.conf

At the bottom of the file, uncomment by removing # in the forward-zone settings.

  1. Save and Exit.
  2. Move back do wirehole dir:
cd ..
  1. Install wirehole:
docker compose up -d

Download Tunnels for Wireguard

After your deployment, SFTP into your VPN server and download configurations files. Watch video for more details.

Conclusion

Now you have fully fledged VPN clients with advanced DoT (DNS over TLS) and access to self-hosted DNS level adblocker Pi-Hole.

Navigate to your Pi-Hole admin interface at http://10.2.0.100/admin/.

About Webnestify

Imagine a world where you can focus on your business and less time maintaining your cloud infrastrucure. With Webnestify cloud based solutions, we provide customized solutions for all types of companies to meet their needs; no matter how big or small they may be!

Read our reviews on Trustpilot!

Subscribe to our YouTube channel!

If you need to setup your own Docker instances or need help with security, visit our Docker deployment service.

Back to top