mish/vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b117efc604f5a126c085a22d69dadc511e390ef4
vpn/QUICKSTART.md

208 lines
3.8 KiB
Markdown
Raw Normal View History

Init
2026-02-02 20:11:05 +03:00
# Quick Start Guide
Get your VPN network up and running in 30 minutes.
## What You'll Get
A VPN network where:
- `.ru` and `.рф` domains go directly to the internet (fast, no proxy)
- All other domains route through Germany (bypass blocks)
- Easy client management via command-line scripts
- Support for multiple users (up to 253 devices)
## Prerequisites
- 2 VDS servers (already have: RU + DE)
- SSH access with root privileges
- 30 minutes of time
## Deployment Steps
### Step 1: Setup DE VDS (5 min)
```bash
# From your computer
scp scripts/setup-de-vds.sh root@194.31.173.178:/root/
# SSH into DE VDS
ssh root@194.31.173.178
# Run setup
chmod +x /root/setup-de-vds.sh
/root/setup-de-vds.sh
# Copy the public key that appears (save it for step 3)
```
### Step 2: Setup RU VDS (5 min)
```bash
# From your computer
scp scripts/setup-ru-vds.sh root@176.124.216.197:/root/
# SSH into RU VDS
ssh root@176.124.216.197
# Run setup
chmod +x /root/setup-ru-vds.sh
/root/setup-ru-vds.sh
# Copy both public keys that appear (save for step 3)
```
### Step 3: Exchange Keys (3 min)
**On DE VDS:**
```bash
nano /etc/wireguard/wg0.conf
# Replace __RU_DE_TUNNEL_PUBLIC_KEY__ with RU's "DE tunnel key"
# Save and exit (Ctrl+X, Y, Enter)
```
**On RU VDS:**
```bash
nano /etc/wireguard/wg1.conf
# Replace __DE_SERVER_PUBLIC_KEY__ with DE's public key
# Save and exit (Ctrl+X, Y, Enter)
```
### Step 4: Start Services (2 min)
**On DE VDS:**
```bash
systemctl start nftables
systemctl start wg-quick@wg0
```
**On RU VDS:**
```bash
systemctl start dnsmasq
systemctl start wg-quick@wg1
systemctl start wg-quick@wg0
```
### Step 5: Verify Tunnel (2 min)
**On RU VDS:**
```bash
ping -c 4 10.20.0.2
wg show wg1
# Should see successful ping and recent handshake
```
### Step 6: Add First Client (5 min)
**Copy client scripts to RU VDS:**
```bash
# From your computer
scp scripts/*.sh root@176.124.216.197:/root/
```
**On RU VDS:**
```bash
chmod +x /root/*.sh
/root/add-client.sh phone
# Scan the QR code with WireGuard app or copy the config
```
### Step 7: Test (5 min)
**On your client device:**
1. Install WireGuard app
2. Scan QR code or import config
3. Connect to VPN
**Test it works:**
```bash
# Should show DE VDS IP (194.31.173.178)
curl ifconfig.me
# Should resolve through VPN DNS
nslookup google.com
```
**Test routing:**
- Visit google.com → routed through Germany
- Visit yandex.ru → routed directly (faster)
## Done!
Your VPN is now operational.
## Common Commands
```bash
# List all clients
/root/list-clients.sh
# Add new client
/root/add-client.sh laptop
# Disable client temporarily
/root/disable-client.sh phone
# Re-enable client
/root/enable-client.sh phone
# Remove client permanently
/root/remove-client.sh phone
# Check VPN status
wg show
# View logs
journalctl -u wg-quick@wg0 -f
```
## Need Help?
- Full implementation details: [IMPLEMENTATION.md](IMPLEMENTATION.md)
- Deployment guide: [DEPLOYMENT.md](DEPLOYMENT.md)
- Architecture overview: [README.md](README.md)
## Troubleshooting
**Tunnel not connecting?**
```bash
# Check WireGuard status
wg show
systemctl status wg-quick@wg0
# Check if ports are open
ss -ulnp | grep 51820 # RU VDS
ss -ulnp | grep 51821 # DE VDS
```
**DNS not working?**
```bash
# Check dnsmasq
systemctl status dnsmasq
journalctl -u dnsmasq -n 50
```
**Routing not working?**
```bash
# Check ipset after visiting .ru sites
ipset list direct
# Check routing table
ip route show table proxy
ip rule show
```
## Security Notes
- Keep WireGuard keys secure (never share them)
- Change SSH port from default 22
- Use SSH keys instead of passwords
- Remove unused clients promptly
- Monitor logs regularly
## Next Steps
- Add more clients as needed
- Set up automatic security updates
- Configure backups for `/etc/wireguard/`
- Monitor server resources
- Consider setting up monitoring/alerting
Reference in New Issue Copy Permalink