Setting up a VPN on a Linode server is a great way to enhance privacy, bypass geo-restrictions, or secure your internet traffic. Below are step-by-step instructions for deploying a VPN on Linode using popular solutions like WireGuard (fast and modern) or OpenVPN (widely supported). WireGuard is lightweight, secure, and faster than OpenVPN.
Step 1: Create a Linode Server
- Log in to your Linode account.
- Deploy a new Linode (Ubuntu 22.04 or Debian 11 recommended).
- Assign a strong root password and enable SSH access.
Step 2: Install WireGuard
SSH into your Linode and run:
sudo apt update && sudo apt upgrade -y sudo apt install wireguard resolvconf -y
Step 3: Generate Keys
cd /etc/wireguard umask 077 wg genkey | tee privatekey | wg pubkey > publickey
Step 4: Configure WireGuard
Create /etc/wireguard/wg0.conf:
[Interface] PrivateKey = <Your_Private_Key> Address = 10.0.0.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = <Client_Public_Key> AllowedIPs = 10.0.0.2/32
Replace <Your_Private_Key> and <Client_Public_Key> with actual keys.
Step 5: Enable IP Forwarding
Edit /etc/sysctl.conf:
net.ipv4.ip_forward=1
Apply changes:
sysctl -p
Step 6: Start WireGuard
sudo systemctl enable --now wg-quick@wg0 sudo systemctl status wg-quick@wg0
Step 7: Configure Firewall (UFW)
sudo ufw allow 51820/udp sudo ufw enable
Step 8: Client Setup
Generate client keys and configure a client file (e.g., client.conf):
[Interface] PrivateKey = <Client_Private_Key> Address = 10.0.0.2/24 DNS = 8.8.8.8 [Peer] PublicKey = <Server_Public_Key> Endpoint = <Your_Linode_IP>:51820 AllowedIPs = 0.0.0.0/0
Option 2: OpenVPN
For a more traditional VPN setup.
Step 1: Install OpenVPN
sudo apt update && sudo apt install openvpn easy-rsa -y
Step 2: Set Up PKI
make-cadir ~/openvpn-ca cd ~/openvpn-ca nano vars # Edit configurations source vars ./clean-all ./build-ca ./build-key-server server ./build-dh openvpn --genkey --secret keys/ta.key
Step 3: Generate Client Certificates
./build-key client1
Step 4: Configure OpenVPN
Copy sample config:
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ gunzip /etc/openvpn/server.conf.gz
Edit /etc/openvpn/server.conf:
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" keepalive 10 120 tls-auth ta.key 0 cipher AES-256-CBC user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3
Step 5: Start OpenVPN
sudo systemctl enable --now openvpn@server sudo systemctl status openvpn@server
Step 6: Configure Firewall
sudo ufw allow 1194/udp sudo ufw enable
Step 7: Client Configuration
Create a .ovpn file for clients with:
client dev tun proto udp remote <Your_Linode_IP> 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key remote-cert-tls server tls-auth ta.key 1 cipher AES-256-CBC verb 3
Final Steps
- Test connectivity from a client device.
- For better security, consider:
- Changing the default SSH port.
- Using fail2ban (
sudo apt install fail2ban). - Enabling automatic updates (
sudo apt install unattended-upgrades).
Which VPN to Choose?
- WireGuard: Faster, simpler, better for mobile devices.
- OpenVPN: More mature, works on older systems.
Let me know if you need help troubleshooting! 🚀









