Option 1:OpenVPN Server Ubuntu/Debian)
Setting up a Linux VPN server allows you to securely access your private network or bypass restrictions. Here’s a guide to setting up a VPN server using OpenVPN (recommended for ease and security) or WireGuard (faster and simpler).
Install OpenVPN & Easy-RSA
sudo apt update sudo apt install openvpn easy-rsa
Set Up PKI (Public Key Infrastructure)
make-cadir ~/openvpn-ca cd ~/openvpn-ca
Edit vars to customize:
nano vars
(Set KEY_COUNTRY, KEY_PROVINCE, etc.)
Generate certificates:
source vars ./clean-all ./build-ca # Generate CA ./build-key-server server # Server certificate ./build-dh # Diffie-Hellman key ./build-key client1 # Client certificate
Configure OpenVPN
Copy sample config:
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
Edit /etc/openvpn/server.conf:
sudo nano /etc/openvpn/server.conf
Key settings:
proto udp(ortcp)port 1194dev tunca /home/youruser/openvpn-ca/keys/ca.crtcert /home/youruser/openvpn-ca/keys/server.crtkey /home/youruser/openvpn-ca/keys/server.keydh /home/youruser/openvpn-ca/keys/dh2048.pemserver 10.8.0.0 255.255.255.0push "redirect-gateway def1 bypass-dhcp"(for full traffic routing)push "dhcp-option DNS 8.8.8.8"(Google DNS)
Enable IP Forwarding
Edit /etc/sysctl.conf:
net.ipv4.ip_forward=1
Apply:
sudo sysctl -p
Start OpenVPN
sudo systemctl start openvpn@server sudo systemctl enable openvpn@server
Firewall Rules (UFW)
sudo ufw allow 1194/udp sudo ufw allow OpenSSH sudo ufw enable
Create Client Config
Example client.ovpn:
client
dev tun
proto udp
remote YOUR_SERVER_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
<ca>
[Paste ca.crt]
</ca>
<cert>
[Paste client1.crt]
</cert>
<key>
[Paste client1.key]
</key>
Option 2: WireGuard (Faster & Modern)
Install WireGuard
sudo apt update sudo apt install wireguard resolvconf
Generate Keys
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
Configure Server (/etc/wireguard/wg0.conf)
sudo nano /etc/wireguard/wg0.conf
Example:
[Interface] PrivateKey = <SERVER_PRIVATE_KEY> Address = 10.0.0.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = <CLIENT_PUBLIC_KEY> AllowedIPs = 10.0.0.2/32
Enable IP Forwarding
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf sudo sysctl -p
Start WireGuard
sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0
Firewall Rules
sudo ufw allow 51820/udp
Client Configuration
Example (client.conf):
[Interface] PrivateKey = <CLIENT_PRIVATE_KEY> Address = 10.0.0.2/24 DNS = 8.8.8.8 [Peer] PublicKey = <SERVER_PUBLIC_KEY> Endpoint = SERVER_IP:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25
Final Steps
- Test Connectivity:
- OpenVPN:
sudo systemctl status openvpn@server - WireGuard:
sudo wg show
- OpenVPN:
- Forward Ports: If behind NAT, forward 1194 (OpenVPN) or 51820 (WireGuard).
- Client Setup: Import
.ovpn(OpenVPN) or.conf(WireGuard) into client apps.
Would you like help with client setup or troubleshooting?

@版权声明
转载原创文章请注明转载自飞鸟VPN加速器- 高速稳定免费VPN加速器 | 飞鸟加速器-全球十大VPN梯子,网站地址:https://web.feiniao-wap.com.cn/