Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    How do we create our own VPC?
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    How do we create our own VPC?

    evnixevnix Member

    I know popular cloud providers provide this thing called VPC where VMs can have their own internal addresses within the VPC.

    is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

    I recommend iwstack cloud | MxRoute for Mail | LightTable for Coding | Noisli for Noise

    Comments

    • ITLabsITLabs Member
      edited October 16

      Some of the LET providers offer private IPs, so you could build a "VPC-like" environment with 2 or more VMs:

      • BuyVM
      • HostDoc
      • LetBox
      • Leapswitch
      • etc

      And ofc Heinz!

      You'll have to play with network interfaces and firewall in order to properly isolate your private cloud.

      Thanked by 1leapswitch
    • SpryServers_TabSpryServers_Tab Member, Provider
      edited October 16

      I refuse to call that VPC, as there are already acronym definitions for VPC, most noteably, vPC, and that just gets too confusing. What I would personally call it, is just isolated virtual internal network. Which is something we do offer, but it's a manual setup and you'd need to open a support ticket for it.

      Thanked by 2ITLabs Aluminat

      Tab Fitts | Founder/CEO - Spry Servers
      SSD Shared Hosting || VPS || SSD VPS || Dedicated Servers || Network Status || 1-844-799-HOST (4678)

    • dahartigandahartigan Member, Host Rep

      It gets crazier if you have a single KVM running LXC containers and set up a NAT for those containers. That works regardless of provider.

      HostDoc representative | Purveyor of high quality potassium | "A KVM VPS with 64 IPs? Must be Evolution Host."

    • leapswitchleapswitch Member, Provider

      @ITLabs said:
      Some of the LET providers offer private IPs, so you could build a "VPC-like" environment with 2 or more VMs:

      • BuyVM
      • HostDoc
      • LetBox
      • Leapswitch
      • etc

      And ofc Heinz!

      You'll have to play with network interfaces and firewall in order to properly isolate your private cloud.

      We offer this on our CloudJiffy brand . All containers ( Virtuozzo 7 ) are connected via a private network and our Dashboard has a firewall GUI where you can tweak the settings as required.

      Thanked by 1ITLabs

      Leapswitch Networks - Affordable Managed and UnManaged VPS
      Pune, India - Asheville, USA - Porto, Portugal - Kiev, Ukraine - Madrid, Spain - Frankfurt, Germany

    • jarjar Provider
      edited October 17

      evnix said: is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

      Yes. It's just a VPN. I use Pritunl for extremely easy configuration. They don't seem to advertise it but they have a headless client in their repos. I route only that private IP range through the VPN so all other traffic passes through normal paths. That's why I can access things like "logs.internal.mxroute.com" (I should make a private DNS server for it, but for now I just put the private IP on the public DNS) but no one else can unless they're on the VPN.

      Using this allows me to run distributed services over the internet that shouldn't be exposed to pubic interfaces. For example, my rspamd servers connect to a central elasticsearch and redis server, neither of which I want exposed on the internet, over private IPs.

      I can open up each "user" (server) here and see the private and public IP for each:

      https://sh.donnell.online/DzSyuFpu/Screen-Shot-2019-10-17-14-07-31.29.png

      Cool, right? :)

      Thanked by 1ITLabs
    • evnixevnix Member

      @jar said:

      evnix said: is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

      Yes. It's just a VPN. I use Pritunl for extremely easy configuration. They don't seem to advertise it but they have a headless client in their repos. I route only that private IP range through the VPN so all other traffic passes through normal paths. That's why I can access things like "logs.internal.mxroute.com" (I should make a private DNS server for it, but for now I just put the private IP on the public DNS) but no one else can unless they're on the VPN.

      Using this allows me to run distributed services over the internet that shouldn't be exposed to pubic interfaces. For example, my rspamd servers connect to a central elasticsearch and redis server, neither of which I want exposed on the internet, over private IPs.

      I can open up each "user" (server) here and see the private and public IP for each:

      https://sh.donnell.online/DzSyuFpu/Screen-Shot-2019-10-17-14-07-31.29.png

      Cool, right? :)

      That is cool indeed!
      would you then use iptables to block external traffic on certain ports and only allow traffic from within that VPN for that port (for example for your elasticsearch server) ?

      Thanked by 1jar

      I recommend iwstack cloud | MxRoute for Mail | LightTable for Coding | Noisli for Noise

    • jarjar Provider
      edited October 18

      evnix said: would you then use iptables to block external traffic on certain ports and only allow traffic from within that VPN for that port (for example for your elasticsearch server) ?

      So in my case let's say the internal address range is 192.168.10.0/24. I'm using Ubuntu 18 for my redis server, so I did this:

      ufw allow ssh
      ufw allow from 192.168.10.0/24
      ufw enable

      I just set redis to listen on 0.0.0.0, which is of course a "big mistake" but ufw is a reliable firewall front-end that I can expect to be present and operating on reboot. If I wanted to go a step further, I'd set redis to listen on the 192.168 address for that system (let's say 192.168.10.11 for this one).

    • evnixevnix Member

      Ah that's perfect!
      Thanks a lot @jar !

      I recommend iwstack cloud | MxRoute for Mail | LightTable for Coding | Noisli for Noise

    • I use wireguard to create a VPC across several LET providers. It's ways faster than all other vpn tunnels.

      I deploy this on all my vps with ansible:
      https://github.com/githubixx/ansible-role-wireguard

      Thanked by 2ITLabs file
    • @jar said:

      evnix said: is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

      Yes. It's just a VPN. I use Pritunl for extremely easy configuration. They don't seem to advertise it but they have a headless client in their repos. I route only that private IP range through the VPN so all other traffic passes through normal paths. That's why I can access things like "logs.internal.mxroute.com" (I should make a private DNS server for it, but for now I just put the private IP on the public DNS) but no one else can unless they're on the VPN.

      Using this allows me to run distributed services over the internet that shouldn't be exposed to pubic interfaces. For example, my rspamd servers connect to a central elasticsearch and redis server, neither of which I want exposed on the internet, over private IPs.

      I can open up each "user" (server) here and see the private and public IP for each:

      https://sh.donnell.online/DzSyuFpu/Screen-Shot-2019-10-17-14-07-31.29.png

      Cool, right? :)

      I kinda use the same setup, but am instead using the 25.0.0.0/8 range cause I don't want my VPN to interfere with any other possible one. And 25's subnet is reserved to some governmental shit and used by Hamachi by logmein as well :tongue:

      Thanked by 1jar
    • filefile Member

      @angelius said:
      I use wireguard to create a VPC across several LET providers. It's ways faster than all other vpn tunnels.

      I deploy this on all my vps with ansible:
      https://github.com/githubixx/ansible-role-wireguard

      I do the same and I've found it to work quite well. I also use it for Docker networking across all hosts. Specifically I use the Ubuntu fan approach (albeit not their implementation) with static routes. That is in Ansible I can programmatically assign a /24 for containers on each host out of the VPN IP, and then other hosts know the routing for that. A VPN host IP of 10.0.0.1 gets 10.0.1.0/24, 10.0.0.2 gets 10.0.2.0/24, so on. It removes the need for any data store of where IPs or blocks live and such, simplifying things.

      Core Asterisk Developer and Hater of Fax Machines

    • You'll need Windows VirtualPC.

      You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?

    • @Janevski It's better to go it with Linux than Windows. The only + I see for Windows server is that if something does not go as expected in documentation you can always contact MS and they will eventually fix it for you, but this can be achieved as well on Linux forums :)

      Thanked by 1Janevski
    Sign In or Register to comment.