Step 3 (NOTE): What IPs are to be placed here - "san @IP_address --san IP_address"?

Connected Tutorial
This question is a follow-up to this tutorial:


I have an Ubuntu Server 20.04 for Minecraft (no GUI). I connect to it via PowerShell and my Linux laptop with the server’s private IP. I would like a little extra security by spoofing or hiding the IP address of my server. I am a bit nervous to test this out as I am brand new to Linux.

A VPN service recommended this tutorial for what I am trying to accomplish.

I get stumped on step 3, particularly the “Note” (–dn “CN=IP address” --san @IP_address --san IP_address ).

First, I run this:

pki --gen --type rsa --size 4096 --outform pem > ~/pki/private/server-key.pem

Then, I run this but change one line:

pki --pub --in ~/pki/private/server-key.pem --type rsa
| pki --issue --lifetime 1825
–cacert ~/pki/cacerts/ca-cert.pem
–cakey ~/pki/private/ca-key.pem
–dn “CN=server_domain_or_IP” --san server_domain_or_IP
–flag serverAuth --flag ikeIntermediate --outform pem
> ~/pki/certs/server-cert.pem

The line I will replace is “–dn[…]”. Since I am using an IP instead of DNS, I would need to place my device’s private IP here - “CN=IP address” - but I am not sure what the other two san ones are for? Are they random IPs or is it just my device’s IP two more times?

My other questions:

  1. Will I be able to use this VPN and find my server on Minecraft Java?
  2. Will it slow down the connection?
  3. I set the UFW rate limit rule to open the 25565/TCP port.
  4. Will I be able to connect to my server from one of my approved (publickey) devices?

Thanks and regards, Josh

Show comments

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer