- Kimsufi networking after installing OS from ISO
- VPN Tutorials
- Automatically move Proxmox VM backups to the cloud with Rclone
Kimsufi networking after installing OS from ISO
After installing an OS from ISO on your new Kimsufi dedi using a guide like this, you might find that you can't SSH into your server after the installation succeeds and you reboot.
Kimsufi has a bit of an interesting NIC setup, their NICs are onboard so they are numbered as
eno[#] instead of
enp[#]s[#]f[#]. So, all you have to do is change your NIC name to eno1 in your network interfaces file..
Set up VPN to bypass censorship (Server)
(As of 2019, this technique does work to bypass the GFW in China - I tested it myself.)
This guide will show you how to set up a VPN server with V2Ray (Shadowsocks and VMess) , WireGuard, IPSec, and OpenVPN.
1. Initial Server Setup
Reference: this guide
Install Debian 9 / Ubuntu 18.04. Other distros might work but these instructions are only for recent apt based distros.
at the end of sysctl.conf and then do
- (Optional) Set network firewall to only allow ports 80,443,8443,22,51820,8080, if you are willing and able to.
2. Install & Setup Nginx
Install Nginx -
apt install nginx
/etc/nginx/sites-enabled/defaultto domain name of server
Install Certbot for Nginx -
apt install python-certbot-nginx
Get a certificate -
certbot --nginx. Make sure to select yes for redirect.
Optionally add autorenew to crontab -
@monthly certbot renew
Add reverse proxy snippet below to the first server block in default
Reload nginx -
nginx -s reload
3. Install & Setup V2Ray
bash <(curl -L -s https://install.direct/go.sh)
SAVE THE ID in
config.jsonbelow, replacing id with your ID
- Start v2ray -
systemctl start v2ray
3a. (Optional) Shadowsocks-obfs
⚠️ Currently not working
Build & install simple-obfs using the guide here
Run obfs-server in a screen like this:
obfs-server -s server_ip -p 443 --obfs tls -r 127.0.0.1:8443 --failover 127.0.0.1:443replacing server_ip with the server IP
Use the systemd unit file below to auto start it.
4. Install & Setup WireGuard
Just use Algo! Use the config.cfg below. You can select everything else yourself but you should do a local installation. When it asks for a public IP, USE A PUBLIC IP not a hostname!
Answer the questions in the installer as you would like. If you use Apple devices, you should answer yes to the questions about generating mobileconfig files.
If you have a network firewall: Make IPTables accept all input by doing
iptables -P INPUT ACCEPTbecause the network firewall will handle security. This should also be set in
5. Install & Setup OpenVPN
- Use Angristan's script!
- His script is very well documented, and you can just follow the instructions in the README.
- Copy (using a protocol such as scp) the .ovpn files to your client devices.
scp firstname.lastname@example.org:/root/*.ovpn /local/folder/on/computer
- To allow clients to access resources in your LAN, you can add
push "route your.lan.ip.range net.mask"to
/etc/openvpn/openvpn.confand then restart OpenVPN.
6. Access LAN Resources
- By default, for security reasons, two discrete subnets are not able to access each other. To allow VPN clients to access resources on the LAN of the VPN server, do some IPTables trickery:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -d 192.168.0.0/16 -j SNAT --to 192.168.0.106
10.8.0.0 is the subnet in which VPN clients are allocated IPs, where
192.168.0.0 is the LAN subnet, and where
192.168.0.106 is the LAN IP of the VPN server.
Once you have completed this guide, configure your clients by using this guide: Client Setup.
Set up VPN to bypass censorship (Client)
Setup of clients to connect via several different protocols to the server you set up here.
All of these commands should be run on the client, not the server.
Choose one of the clients here depending on your OS.
If you chose a GUI client, you can simply fill in the requested details from your server config file, or import a json file. Unfortunately, there are too many clients to provide accurate and timely support for each :(
To import a json file: Copy the correct client json from below to your config.json in your V2ray folder (either Shadowsocks or VMess), replacing the blank values with your server's information (hostnames, etc).
Set your system's proxy settings to the SOCKS proxy defined. By default, this should be
Alternatively, it is possible to use the Shadowsocks client to connect to the V2ray Shadowsocks interface (this allows the use of obfs). However, that is outside the scope of this guide.
2. WireGuard & IPSec (Algo)
The guys at Trail of Bits have already created a fantastic guide for this. Instead of typing it all out, here's a link.
.ovpnfiles from your home directory on your server to your client device, and import it to your OpenVPN client.
Automatically move Proxmox VM backups to the cloud with Rclone
Proxmox has an amazing backup system, that is missing just one thing - automatic move to the cloud. Not everybody has enough local storage to host a ton of backups ;)
We can take advantage of Proxmox's backup hooks to automate an upload to the cloud that occurs after each VM is backed up.
Simply copy this file to
/usr/local/bin and give it executable permissions with
Then, add this line to
/etc/vzdump.conf so that the hook file runs with every backup: