Option 1:WireGuard VPN Recommended)

Setting up a VPN on a Linode server is a great way to enhance privacy, bypass geo-restrictions, or secure your internet traffic. Below are step-by-step instructions for deploying a VPN on Linode using popular solutions like WireGuard (fast and modern) or OpenVPN (widely supported). WireGuard is lightweight, secure, and faster than OpenVPN.

Step 1: Create a Linode Server

  1. Log in to your Linode account.
  2. Deploy a new Linode (Ubuntu 22.04 or Debian 11 recommended).
  3. Assign a strong root password and enable SSH access.

Step 2: Install WireGuard

SSH into your Linode and run:

sudo apt update && sudo apt upgrade -y
sudo apt install wireguard resolvconf -y

Step 3: Generate Keys

cd /etc/wireguard
umask 077
wg genkey | tee privatekey | wg pubkey > publickey

Step 4: Configure WireGuard

Create /etc/wireguard/wg0.conf:

[Interface]
PrivateKey = <Your_Private_Key>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <Client_Public_Key>
AllowedIPs = 10.0.0.2/32

Replace <Your_Private_Key> and <Client_Public_Key> with actual keys.

Step 5: Enable IP Forwarding

Edit /etc/sysctl.conf:

net.ipv4.ip_forward=1

Apply changes:

sysctl -p

Step 6: Start WireGuard

sudo systemctl enable --now wg-quick@wg0
sudo systemctl status wg-quick@wg0

Step 7: Configure Firewall (UFW)

sudo ufw allow 51820/udp
sudo ufw enable

Step 8: Client Setup

Generate client keys and configure a client file (e.g., client.conf):

[Interface]
PrivateKey = <Client_Private_Key>
Address = 10.0.0.2/24
DNS = 8.8.8.8
[Peer]
PublicKey = <Server_Public_Key>
Endpoint = <Your_Linode_IP>:51820
AllowedIPs = 0.0.0.0/0

Option 2: OpenVPN

For a more traditional VPN setup.

Step 1: Install OpenVPN

sudo apt update && sudo apt install openvpn easy-rsa -y

Step 2: Set Up PKI

make-cadir ~/openvpn-ca
cd ~/openvpn-ca
nano vars  # Edit configurations
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh
openvpn --genkey --secret keys/ta.key

Step 3: Generate Client Certificates

./build-key client1

Step 4: Configure OpenVPN

Copy sample config:

cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gunzip /etc/openvpn/server.conf.gz

Edit /etc/openvpn/server.conf:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Step 5: Start OpenVPN

sudo systemctl enable --now openvpn@server
sudo systemctl status openvpn@server

Step 6: Configure Firewall

sudo ufw allow 1194/udp
sudo ufw enable

Step 7: Client Configuration

Create a .ovpn file for clients with:

client
dev tun
proto udp
remote <Your_Linode_IP> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3

Final Steps

  • Test connectivity from a client device.
  • For better security, consider:
    • Changing the default SSH port.
    • Using fail2ban (sudo apt install fail2ban).
    • Enabling automatic updates (sudo apt install unattended-upgrades).

Which VPN to Choose?

  • WireGuard: Faster, simpler, better for mobile devices.
  • OpenVPN: More mature, works on older systems.

Let me know if you need help troubleshooting! 🚀

Option 1:WireGuard VPN Recommended)

扫码下载轻舟VPN

扫码下载轻舟VPN

137-6924-5183
扫码下载轻舟VPN

扫码下载轻舟VPN