What I did to set up some backup VPN's (in case my main device device fails)

Want to try it yourself, check out: https://pivpn.io/

 

Strategy:

• Using containers with ubuntu installed, using pivpn installer (previously used on raspberry pi).
• Create config files for devices
• Test connection

 

Action plan:

• Creating and naming containers.
  To provision the backup VPN's to cover the possible failure of my main VPN device I am using Proxmox to host containers. This is a cluster of 2 hosts which will each contain a backupvpn.
  While creating the containers I try to keep a naming scheme, last octet of the ip followed by the name. Example: 25.BackupVPN. This way I can quickly find it in the webui and know what ip address I can use to connect to it with ssh if necessary. The settings can stay pretty basic, thin provisioned 8GB storage, 2GB ram, 2 vCPU.

• Prep + install and setup
  To prepare each container, ran an update and upgrade before installing.
  Sudo apt update
  Sudo apt upgrade -y
  Before running the script I had to install curl.
  Sudo apt install curl -y
  Installing with a bash script, downloaded from the internet.
  curl -L https://install.pivpn.io | bash
  The installer opens and requests to configure some settings. Configure to your liking, personally I adjusted the DNS to cloudflare, changed the port (write this port down), also changed the IP/DNS name of the server to a no-ip solution (duckdns). Let the installer finish and you should be able to configure a first profile.
  
  

• Creating profiles
  This one is pretty easy, look up the clear documentation and you'll find some easy commands.
  To create a new config profile you can use the following command: pivpn -a. This will prompt you for the name of the config.
  Cat this file in /home/user/configs/newprofile.conf and copy the contents in a file on your pc (save this in .zip or .conf to be able to import in wireguard client). For a phone you can also use the nice qr-command to create a scannable QR-code with your phone while adding a tunnel in your wireguard app: pivpn -qr.
  
  

• Before we can test our vpn we still have to prepare the router. Here we should configure port forwarding. Mostly found in advanced settings, could be under NAT settings/virtual servers, add port forwarding. Packages are sent over UDP, so you can set this as protocol. The internal ip is the ip of your vpn server (my example: 10.0.0.25). The internal port if default would be 51820 (or the one you set while running the installer). You could set the external port as the same, unless you want to adjust the config file per device. I used the same port for internal and external, but a different one from the default.
  
  
• And activate!
  Activate the tunnel in your wireguard client and test it by surfing the web.

 

If you encounter any problems, or got any questions, let me know!