Option 1:OpenVPN Server Ubuntu/Debian)

Setting up a Linux VPN server allows you to securely access your private network or bypass restrictions. Here’s a guide to setting up a VPN server using OpenVPN (recommended for ease and security) or WireGuard (faster and simpler).

Install OpenVPN & Easy-RSA

sudo apt update
sudo apt install openvpn easy-rsa

Set Up PKI (Public Key Infrastructure)

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

Edit vars to customize:

nano vars

(Set KEY_COUNTRY, KEY_PROVINCE, etc.)

Generate certificates:

source vars
./clean-all
./build-ca          # Generate CA
./build-key-server server  # Server certificate
./build-dh          # Diffie-Hellman key
./build-key client1 # Client certificate

Configure OpenVPN

Copy sample config:

gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf

Edit /etc/openvpn/server.conf:

sudo nano /etc/openvpn/server.conf

Key settings:

  • proto udp (or tcp)
  • port 1194
  • dev tun
  • ca /home/youruser/openvpn-ca/keys/ca.crt
  • cert /home/youruser/openvpn-ca/keys/server.crt
  • key /home/youruser/openvpn-ca/keys/server.key
  • dh /home/youruser/openvpn-ca/keys/dh2048.pem
  • server 10.8.0.0 255.255.255.0
  • push "redirect-gateway def1 bypass-dhcp" (for full traffic routing)
  • push "dhcp-option DNS 8.8.8.8" (Google DNS)

Enable IP Forwarding

Edit /etc/sysctl.conf:

net.ipv4.ip_forward=1

Apply:

sudo sysctl -p

Start OpenVPN

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Firewall Rules (UFW)

sudo ufw allow 1194/udp
sudo ufw allow OpenSSH
sudo ufw enable

Create Client Config

Example client.ovpn:

client
dev tun
proto udp
remote YOUR_SERVER_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
<ca>
[Paste ca.crt]
</ca>
<cert>
[Paste client1.crt]
</cert>
<key>
[Paste client1.key]
</key>

Option 2: WireGuard (Faster & Modern)

Install WireGuard

sudo apt update
sudo apt install wireguard resolvconf

Generate Keys

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

Configure Server (/etc/wireguard/wg0.conf)

sudo nano /etc/wireguard/wg0.conf

Example:

[Interface]
PrivateKey = <SERVER_PRIVATE_KEY>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <CLIENT_PUBLIC_KEY>
AllowedIPs = 10.0.0.2/32

Enable IP Forwarding

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Start WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Firewall Rules

sudo ufw allow 51820/udp

Client Configuration

Example (client.conf):

[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
Address = 10.0.0.2/24
DNS = 8.8.8.8
[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
Endpoint = SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Final Steps

  • Test Connectivity:
    • OpenVPN: sudo systemctl status openvpn@server
    • WireGuard: sudo wg show
  • Forward Ports: If behind NAT, forward 1194 (OpenVPN) or 51820 (WireGuard).
  • Client Setup: Import .ovpn (OpenVPN) or .conf (WireGuard) into client apps.

Would you like help with client setup or troubleshooting?

Option 1:OpenVPN Server Ubuntu/Debian)

@版权声明

转载原创文章请注明转载自飞鸟VPN加速器- 高速稳定免费VPN加速器 | 飞鸟加速器-全球十大VPN梯子,网站地址:https://feiniao-wap.com.cn/