翻墙软件

飞鸟加速器官网持续优化全球网络节点布局,不断升级服务器资源与智能调度系统,为用户提供更加稳定、高效的网络服务。

1.OpenVPN Easy Setup)

dfc3544223 2026-07-01 翻墙软件 8 0

Setting up a VPN on an Ubuntu Server allows you to securely access your local network or browse the internet privately. Below are instructions for two popular VPN solutions: OpenVPN is a widely used, secure VPN solution.

Install OpenVPN

  1. Update your system:

    sudo apt update && sudo apt upgrade -y
  2. Install OpenVPN & Easy-RSA (for certificates):

    sudo apt install openvpn easy-rsa -y
  3. Set up the PKI (Public Key Infrastructure):

    make-cadir ~/openvpn-ca
    cd ~/openvpn-ca
  4. Configure the CA:

    • Edit vars:
      nano vars
    • Update the following (replace with your info):
      export KEY_COUNTRY="US"
      export KEY_PROVINCE="CA"
      export KEY_CITY="SanFrancisco"
      export KEY_ORG="YourOrg"
      export KEY_EMAIL="admin@example.com"
      export KEY_OU="MyOrgUnit"
      export KEY_NAME="server"
    • Source the vars:
      source vars
  5. Build Certificates:

    • Clean any old certs and generate new ones:
      ./clean-all
      ./build-ca
      ./build-key-server server
      ./build-dh
    • Generate HMAC key:
      openvpn --genkey --secret keys/ta.key
  6. Configure OpenVPN Server:

    • Copy sample config:
      gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
    • Edit /etc/openvpn/server.conf:
      sudo nano /etc/openvpn/server.conf
    • Modify key paths (uncomment/set these):
      ca /etc/openvpn/ca.crt
      cert /etc/openvpn/server.crt
      key /etc/openvpn/server.key
      dh /etc/openvpn/dh.pem
      tls-auth /etc/openvpn/ta.key 0
    • Enable user nobody and group nogroup for security.
  7. Start OpenVPN:

    sudo systemctl enable --now openvpn@server
  8. Enable IP Forwarding (for routing):

    • Edit /etc/sysctl.conf:
      sudo nano /etc/sysctl.conf
    • Uncomment:
      net.ipv4.ip_forward=1
    • Apply changes:
      sudo sysctl -p
  9. Configure Firewall (UFW):

    sudo ufw allow 1194/udp
    sudo ufw allow OpenSSH
    sudo ufw enable
  10. Generate Client Configs:

    • Use easy-rsa to create client certs:
      cd ~/openvpn-ca
      source vars
      ./build-key client1
    • Create .ovpn files for clients.

WireGuard (Faster & Modern)

WireGuard is a lightweight and high-performance VPN.

Install WireGuard

  1. Install WireGuard:

    sudo apt update && sudo apt install wireguard -y
  2. Generate Keys:

    umask 077
    wg genkey | tee privatekey | wg pubkey > publickey
  3. Configure Server (/etc/wireguard/wg0.conf):

    sudo nano /etc/wireguard/wg0.conf

    Example config:

    [Interface]
    PrivateKey = <SERVER_PRIVATE_KEY>
    Address = 10.0.0.1/24
    ListenPort = 51820
    PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
    [Peer]
    PublicKey = <CLIENT_PUBLIC_KEY>
    AllowedIPs = 10.0.0.2/32
  4. Enable IP Forwarding:

    sudo nano /etc/sysctl.conf

    Uncomment:

    net.ipv4.ip_forward=1

    Apply:

    sudo sysctl -p
  5. Start WireGuard:

    sudo wg-quick up wg0
    sudo systemctl enable --now wg-quick@wg0
  6. Configure Firewall (UFW):

    sudo ufw allow 51820/udp
    sudo ufw allow OpenSSH
    sudo ufw enable
  7. Client Setup:

    • Install WireGuard on the client.

    • Create a config (client.conf):

      [Interface]
      PrivateKey = <CLIENT_PRIVATE_KEY>
      Address = 10.0.0.2/24
      DNS = 8.8.8.8
      [Peer]
      PublicKey = <SERVER_PUBLIC_KEY>
      Endpoint = <SERVER_IP>:51820
      AllowedIPs = 0.0.0.0/0
      PersistentKeepalive = 25

Which VPN to Choose?

  • OpenVPN: More traditional, supports TCP/UDP, good for compatibility.
  • WireGuard: Faster, simpler, better for mobile & low-latency use.

Would you like help with client setup or troubleshooting? 🚀

1.OpenVPN Easy Setup)

猜你喜欢

136-7528-4917 扫描微信 935566554 935566554@qq.com