Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How do we create our own VPC?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How do we create our own VPC?

evnixevnix Member

I know popular cloud providers provide this thing called VPC where VMs can have their own internal addresses within the VPC.

is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

Comments

  • ITLabsITLabs Member
    edited October 2019

    Some of the LET providers offer private IPs, so you could build a "VPC-like" environment with 2 or more VMs:

    • BuyVM
    • HostDoc
    • LetBox
    • Leapswitch
    • etc

    And ofc Heinz!

    You'll have to play with network interfaces and firewall in order to properly isolate your private cloud.

    Thanked by 1leapswitch
  • SpryServers_TabSpryServers_Tab Member, Host Rep
    edited October 2019

    I refuse to call that VPC, as there are already acronym definitions for VPC, most noteably, vPC, and that just gets too confusing. What I would personally call it, is just isolated virtual internal network. Which is something we do offer, but it's a manual setup and you'd need to open a support ticket for it.

    Thanked by 2ITLabs Aluminat
  • It gets crazier if you have a single KVM running LXC containers and set up a NAT for those containers. That works regardless of provider.

  • leapswitchleapswitch Patron Provider, Veteran

    @ITLabs said:
    Some of the LET providers offer private IPs, so you could build a "VPC-like" environment with 2 or more VMs:

    • BuyVM
    • HostDoc
    • LetBox
    • Leapswitch
    • etc

    And ofc Heinz!

    You'll have to play with network interfaces and firewall in order to properly isolate your private cloud.

    We offer this on our CloudJiffy brand . All containers ( Virtuozzo 7 ) are connected via a private network and our Dashboard has a firewall GUI where you can tweak the settings as required.

    Thanked by 1ITLabs
  • jarjar Patron Provider, Top Host, Veteran
    edited October 2019

    evnix said: is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

    Yes. It's just a VPN. I use Pritunl for extremely easy configuration. They don't seem to advertise it but they have a headless client in their repos. I route only that private IP range through the VPN so all other traffic passes through normal paths. That's why I can access things like "logs.internal.mxroute.com" (I should make a private DNS server for it, but for now I just put the private IP on the public DNS) but no one else can unless they're on the VPN.

    Using this allows me to run distributed services over the internet that shouldn't be exposed to pubic interfaces. For example, my rspamd servers connect to a central elasticsearch and redis server, neither of which I want exposed on the internet, over private IPs.

    I can open up each "user" (server) here and see the private and public IP for each:

    https://sh.donnell.online/DzSyuFpu/Screen-Shot-2019-10-17-14-07-31.29.png

    Cool, right? :)

    Thanked by 1ITLabs
  • @jar said:

    evnix said: is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

    Yes. It's just a VPN. I use Pritunl for extremely easy configuration. They don't seem to advertise it but they have a headless client in their repos. I route only that private IP range through the VPN so all other traffic passes through normal paths. That's why I can access things like "logs.internal.mxroute.com" (I should make a private DNS server for it, but for now I just put the private IP on the public DNS) but no one else can unless they're on the VPN.

    Using this allows me to run distributed services over the internet that shouldn't be exposed to pubic interfaces. For example, my rspamd servers connect to a central elasticsearch and redis server, neither of which I want exposed on the internet, over private IPs.

    I can open up each "user" (server) here and see the private and public IP for each:

    https://sh.donnell.online/DzSyuFpu/Screen-Shot-2019-10-17-14-07-31.29.png

    Cool, right? :)

    That is cool indeed!
    would you then use iptables to block external traffic on certain ports and only allow traffic from within that VPN for that port (for example for your elasticsearch server) ?

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran
    edited October 2019

    evnix said: would you then use iptables to block external traffic on certain ports and only allow traffic from within that VPN for that port (for example for your elasticsearch server) ?

    So in my case let's say the internal address range is 192.168.10.0/24. I'm using Ubuntu 18 for my redis server, so I did this:

    ufw allow ssh
    ufw allow from 192.168.10.0/24
    ufw enable

    I just set redis to listen on 0.0.0.0, which is of course a "big mistake" but ufw is a reliable firewall front-end that I can expect to be present and operating on reboot. If I wanted to go a step further, I'd set redis to listen on the 192.168 address for that system (let's say 192.168.10.11 for this one).

  • Ah that's perfect!
    Thanks a lot @jar !

  • I use wireguard to create a VPC across several LET providers. It's ways faster than all other vpn tunnels.

    I deploy this on all my vps with ansible:
    https://github.com/githubixx/ansible-role-wireguard

    Thanked by 2ITLabs file
  • @jar said:

    evnix said: is there a way to do that with regular VPS' that we buy from providers in LowEndTalk?

    Yes. It's just a VPN. I use Pritunl for extremely easy configuration. They don't seem to advertise it but they have a headless client in their repos. I route only that private IP range through the VPN so all other traffic passes through normal paths. That's why I can access things like "logs.internal.mxroute.com" (I should make a private DNS server for it, but for now I just put the private IP on the public DNS) but no one else can unless they're on the VPN.

    Using this allows me to run distributed services over the internet that shouldn't be exposed to pubic interfaces. For example, my rspamd servers connect to a central elasticsearch and redis server, neither of which I want exposed on the internet, over private IPs.

    I can open up each "user" (server) here and see the private and public IP for each:

    https://sh.donnell.online/DzSyuFpu/Screen-Shot-2019-10-17-14-07-31.29.png

    Cool, right? :)

    I kinda use the same setup, but am instead using the 25.0.0.0/8 range cause I don't want my VPN to interfere with any other possible one. And 25's subnet is reserved to some governmental shit and used by Hamachi by logmein as well :tongue:

    Thanked by 1jar
  • @angelius said:
    I use wireguard to create a VPC across several LET providers. It's ways faster than all other vpn tunnels.

    I deploy this on all my vps with ansible:
    https://github.com/githubixx/ansible-role-wireguard

    I do the same and I've found it to work quite well. I also use it for Docker networking across all hosts. Specifically I use the Ubuntu fan approach (albeit not their implementation) with static routes. That is in Ansible I can programmatically assign a /24 for containers on each host out of the VPN IP, and then other hosts know the routing for that. A VPN host IP of 10.0.0.1 gets 10.0.1.0/24, 10.0.0.2 gets 10.0.2.0/24, so on. It removes the need for any data store of where IPs or blocks live and such, simplifying things.

  • You'll need Windows VirtualPC.

  • @Janevski It's better to go it with Linux than Windows. The only + I see for Windows server is that if something does not go as expected in documentation you can always contact MS and they will eventually fix it for you, but this can be achieved as well on Linux forums :)

    Thanked by 1Janevski
Sign In or Register to comment.