So I came across an interesting read at scalescale.com regarding building a small CDN network using DigitalOcean, and I wanted to take a look at it to see how we can expand upon it even further.

To check out the article:
http://www.scalescale.com/rolling-your-own-cdn-build-a-3-continent-cdn-for-25-in-1-hour/#

Of course, one of the first things I wanted to check out was the inclusion of 1&1 CloudServers. DigitalOcean gives us the wider range of datacenters and (currently) the inclusion of IPv6 so that any servers (currently only DO, 1&1 is still in process of rolling out) can be provided for, but for now we’re going to remove that as a need so that we can fully rate all servers on the same plane without having AAAA records going to 1 datacenter and the A record going to another.

Here’s the setup we’re going to look at:

Nameserver:
1&1 US CloudServer: NGCS M $9.99

Servers:

North America
1&1 CloudServer | Kansas | NGCS S $4.99
DO Droplet | SanFran. | Droplet $5.00
DO Droplet | NewYork | Droplet $5.00
DO Droplet | Toronto | Droplet $5.00

EU
1&1 CloudServer | London | NGCS S $4.99
DO Droplet | Amsterdam | $5.00
1&1 CloudServer | Frankfurt | NGCS S $4.99
1&1 CloudServer | Spain | NGCS S $4.99
DO Droplet | Bangalore | $5.00

VPN/Datacenter Connections

1&1 CloudServer | Kansas | NGCS S $4.99

GlusterFS/Galera (DB) – Clustering the Filesystem and DB

1&1 CloudServer | Kansas | NGCS S $4.99
DO Droplet | NewYork | Droplet $5.00

So here’s the plan as it’s working out in my head (still working on the implementation):

Nameservers:

The nameserver is setup just like its shown in the ScaleScale article. I choose to use 1&1 due to the fact that we can have load balancing for free on the NS, which allows for expansion later if we want failover protection.

Servers:

• The servers in this test will be configured with a simple LAMP stack.
• Each 1&1 server is connected to the VPN server via Private Network.
  • This allows so that any infrastructure traffic stays off of the public network, and doesn’t clog the pipeline
  • VPN connection is then established to provide the IPs

[To Be Continued – LastUpdated 2/20/2017]

I case recently was brought to me to investigate using Windows Server 2012 and setting up a native VPN using the features that 1and1.com provides. 1&1’s CloudServers and CloudVPS provide you with a single NIC for connection to the internet and a Hardware Firewall. The CloudServers can have a second nic added, but only for usage with 1&1’s own Private Networking feature to connect multiple VMs together, so it can’t be used in this instance. Fortunately, this is a topic that’s been written about numerously, and the guide here unashamedly will follow most of it. The cavets though, not written in the original guide is that this VPN is to be used to so that the VPN server sends all of the VPN client’s data out to the internet, effectively giving the clients the same IP as the server. The original guide instead only speaks about setting up a simple VPN which creates a LAN for those connected. The original article comes from a great site that features wonderful guides on System Administration and it’s suitably named TheSysAdmins.

You can click through to follow along, or check out the guide above. The differences are my addition of the NAT and my use of Computer Management for setting the Dialin Access whereas they use Active Directory. I’ll have a retype of my exact steps shortly.

Updated the steps without AD and with NAT:

1. Head to Server Manager, click on Manager, Add Roles and Features
2. Role-based or feature-based installation
3. Make sure the server you want to install the RRAS role is selected
4. Select Remote Access and select “Routing” to install NAT functionality
5. View items and click add features
6. Next as you do not need to add any features
7. Tick DirectAccess and VPN (RAS)
8. This shows the Role services which are requested and then added
9. When the feature installation is complete click close
10. Select Remote Access in Service manager
11. Right click the Server with the Remote Access role install and choose Remote Access Management
12. Select Run the Getting Started Wizard
13. Select Deploy VPN Only, the familiar RRAS console will appear
14. Right click the server and choose configure and enable routing and remote access
15. If you select “Remote Access” give the following error “Less than two network interfaces were detected on this machine. For standard VPN server configuration at least two network interfaces need to be installed
16. Select Custom Configuration to get around this, then select VPN Access and NAT, follow it through to the end
17. Right click Routing and remote access and select properties
18. Browse to the IPv4 tab and assign a static pool of IPs for the remote clients
19. Click OK and go to the “IPv4” in the Treeview and expand it.
20. Go to the NAT node and right click on the white-space to select “New Interface”
21. Select the External interface and click OK. The properties will show and you will select the option for Public Access and NAT.
22. Exit that and redo step 20 to select “Private” interface instead and add it.
23. Now exit out and go to your Start menu and search for “Computer Management”
24. In the treeview click/expand on “Local Users and Groups”
25. Find your users you want to give access to and right click on the user and select Properties.
26. Go to “Dialin Access” and choose “Allow Access”.

• Now you’re server is ready, it’s just time to allow access in the CloudPanel’s Firewall
• Add TCP 1723 for the PPTP connection and GRE protocol for the data connection.

This is in Server Manager, click Remote Access, right click on your server, and choose Remote Access Management

{"slidestoshow":3,"slidestoscroll":1,"dots":"true","arrows":"true","autoplay":"true","autoplay_interval":3000,"speed":300,"loop":"true"}