Question

Step 3 (NOTE): What IPs are to be placed here - "san @IP_address --san IP_address"?

Connected Tutorial
This question is a follow-up to this tutorial:

Hi,

I have an Ubuntu Server 20.04 for Minecraft (no GUI). I connect to it via PowerShell and my Linux laptop with the server’s private IP. I would like a little extra security by spoofing or hiding the IP address of my server. I am a bit nervous to test this out as I am brand new to Linux.

A VPN service recommended this tutorial for what I am trying to accomplish.

I get stumped on step 3, particularly the “Note” (–dn “CN=IP address” --san @IP_address --san IP_address ).

First, I run this:

pki --gen --type rsa --size 4096 --outform pem > ~/pki/private/server-key.pem

Then, I run this but change one line:

pki --pub --in ~/pki/private/server-key.pem --type rsa
| pki --issue --lifetime 1825
–cacert ~/pki/cacerts/ca-cert.pem
–cakey ~/pki/private/ca-key.pem
–dn “CN=server_domain_or_IP” --san server_domain_or_IP
–flag serverAuth --flag ikeIntermediate --outform pem
> ~/pki/certs/server-cert.pem

The line I will replace is “–dn[…]”. Since I am using an IP instead of DNS, I would need to place my device’s private IP here - “CN=IP address” - but I am not sure what the other two san ones are for? Are they random IPs or is it just my device’s IP two more times?

My other questions:

  1. Will I be able to use this VPN and find my server on Minecraft Java?
  2. Will it slow down the connection?
  3. I set the UFW rate limit rule to open the 25565/TCP port.
  4. Will I be able to connect to my server from one of my approved (publickey) devices?

Thanks and regards, Josh

Subscribe
Share

After doing more research and rereading the instructions I am pretty confident that those three fields (CN, SAN@, and SAN) all are the same. It should be my server’s IP. Let me know if I am wrong or not but I am going to go through it.

I did read via wiki.strongswan.org that you can forward a port so that answers questions 4 and 3 (which is all goofed up). 4 is a yes, and 3 was supposed to be about the ability to open that 25565 port, and it can. Number one also is redundant to 3.

I also read that IKEv2 VPN is a very stable and fast connection.

I guess it just leaves the whole IP/san confusion.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!