New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You could setup some kind of a reverse proxy/constant on VPN on your router. Other than that, nope.
Get a server in a place that can offer you DDoS protection. Don't run a server on residential.
`My router is to slow for a VPN. On the same server is a also a option right? Can you recommend a VPN provider?
Well, get a server at OVH and setup a VPN server on it, and make sure it's 24/7 connected to your server. Also, port forward the ports used on your "home" server.
Although I would not host anything on 30Mbps upload, I assume you're on DLS/VDSL?
Yes i have VDSl and the maximum speed that i can have .
I dont host important things like email on my home server, but i want to prepare my self for the doom scenario.
Need i High-end hardware for a VPN server or is the basic VPS of €2.99 great?
Well, how much bandwidth do you think you're going to use? Also, what are you hosting? Is it open for public or is it just available to yourself?
You are probably better off getting a small server and host the things you want on there. What if you have a power outage, or what if your ISP is having a cable cut etc.
If you want to max out 100Mbps you should get a server with a bit more than 200Mbps (overhead) because a VPN will double the bandwidth used on the server's end.
Wouldn't it be just easier to buy a server wherever you need to buy it instead of buying server just to tunnel stuff ? It doesn't make much sense
Well a i5 and 16gb ram and 3tb is not cheap to rent. > @joodle said:
i use it the most time for a linux server with owncloud for myself and some friend. The most of bandwidth goes to the server so i need 200Mbps.
@ewrek yeah, but heaving 200Mbps bandwidth on 30Mbps connection is kinda physically impossible too.
I have 100 Mbps down and if that connection goes to a vps with a vpn is it 100Mbps+100Mbps when i upload a file to my home server.
30 up, so when you download from it you'll have some time to brew a tea ;-)
Upload is Download for the server
When someone is uploading a file to your server, they can max out 100Mbps if their upload is or exceeds 100Mbps
If someone is downloading a file from your server, they can max out a maximum speed of 30Mbps which makes it ~60Mbps (plus some overhead) on your VPN server.
Is your residential ISP okey with you hosting stuff on it?
And i5 with 16GB of RAM is 22 euros at ovh. Probably less then what you pay for this connection.
I guess he's living in The Netherlands and his ISP is KPN (correct me if i'm wrong @ewrek)
They're okay with this, dutch providers don't really care what their customers are using their network for.
€22 a month is to much for me as a student, so i work with what i have. (i dont pay for electric and Ethernet)
Yes and yes, are you spying me ? (unplugs his webcam)
Was just a guess because of the 110/30 internet speed haha. Only provider that's currently providing that is KPN. Also, VDSL is something KPN uses a lot :P
The most important question is do you have a static IP?
Everything becomes alot more difficult if the IP is dynamic.
Are you sure it makes sense to host it at home? Keep in mind the power costs in particular, which aren't exactly low in the Netherlands.
IF you run a VPN to your actual dedi or VPS for DDoS filtering, it doesn't. Most VPN systems don't care if a client has a changing IP.
OpenVPN server on VPS, OpenVPN client on your dedi at home. VPS port forwards from public interface to static OpenVPN client IP. ie. xx.xx.xx.xx:80 -> 10.8.0.x:80. Local server is setup to listen on VPN IP (10.8.0.x).
But if an attack leaks your home internet will go down, so there's that.
CloudFlare? Back-end IP will be hidden and you can enable "UAM" for extra protection, even though that's easily bypassed but still better than nothing.
You can use their API to update your IP every time it changes if it's dynamic.
And I'm pretty sure the ISP will at some point notice the leaks and prevent them at the OP's expense for the good of other Clients.
You'd probably kill the VPN connection before anything too bad happens though, can also rate limit the connection on the tun device to the max your line can handle, so worst case you're pulling your standard port speed. Depends on the attack type though I guess.
Either way, I wouldn't host anything DDoS-worthy from a residential connection, tunnel or not.. that stuff sticks with providers who have DDoS protection and quality networking gear to handle this stuff.
It is a static IP
CloudFlare looks great but is the free version too basic or good?
For now a VPS with a VPN Server looks the best option. OVH offers for €2.99 a 100Mbps line and https://www.ovh.nl/vps/vps-ssd.xml Is this the best option?
Yeah the free plan is decent.
Typically your residential ISP will be the one to mitigate any DDOS attack. I would recommend you to contact them to inquire about why they haven't mitigated any DDOS attack, but then that may lead them to inquire as to why you are getting attacked, which would then lead to you revealing you're hosting a server at home when this is in violation of their TOS, maybe?
Unless your have a business ISP to your home, then yes, DDOS protection would be required. DDOS protection isn't cheap when it comes to an inline service. You'll likely be better off and cheaper hosting the server at a datacenter that offers DDOS protection.
No it doesn't, there's tons of Dynamic DNS type things like no-ip or dyndns ... There's also Cloudflare and it's nifty API that you can easily make a bash script for..
Here's one I prepared earlier, checks gets the IP from icanhazip.com, sends you a push bullet notification that it's changed (if you need it) and updates Cloudflare's DNS entry on that domain, you can single out A records on the API too.
This was made last year and may not work with the current API, I haven't used it in a while..
Well, that's more complicated than just an IP. More possible failures too.
Anyway I was primarily referring to issues if you want to do anything more complete than a HTTP reverse proxy (i.e a TCP or UDP RP, Tunnel, or BGP + Tunnel).
This, and Cloudflare is HTTP(s) only.
If it's for file hosting & owncloud, you can get cheap storage vps from providers that advertise here. And also of course, cheap dedis from OVH/Hetzner. Plop some reverse proxy/gre tunnel from a low end provider if DDOS is a real thing and voila - cheap ghetto ddos protected file/media server 24/7