Step 3 (NOTE): What IPs are to be placed here - "san @IP_address --san IP_address"?

Connected Tutorial
This question is a follow-up to this tutorial:


I have an Ubuntu Server 20.04 for Minecraft (no GUI). I connect to it via PowerShell and my Linux laptop with the server’s private IP. I would like a little extra security by spoofing or hiding the IP address of my server. I am a bit nervous to test this out as I am brand new to Linux.

A VPN service recommended this tutorial for what I am trying to accomplish.

I get stumped on step 3, particularly the “Note” (–dn “CN=IP address” --san @IP_address --san IP_address ).

First, I run this:

pki --gen --type rsa --size 4096 --outform pem > ~/pki/private/server-key.pem

Then, I run this but change one line:

pki --pub --in ~/pki/private/server-key.pem --type rsa
| pki --issue --lifetime 1825
–cacert ~/pki/cacerts/ca-cert.pem
–cakey ~/pki/private/ca-key.pem
–dn “CN=server_domain_or_IP” --san server_domain_or_IP
–flag serverAuth --flag ikeIntermediate --outform pem
> ~/pki/certs/server-cert.pem

The line I will replace is “–dn[…]”. Since I am using an IP instead of DNS, I would need to place my device’s private IP here - “CN=IP address” - but I am not sure what the other two san ones are for? Are they random IPs or is it just my device’s IP two more times?

My other questions:

  1. Will I be able to use this VPN and find my server on Minecraft Java?
  2. Will it slow down the connection?
  3. I set the UFW rate limit rule to open the 25565/TCP port.
  4. Will I be able to connect to my server from one of my approved (publickey) devices?

Thanks and regards, Josh

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer