Init

QUICKSTART.md

@@ -0,0 +1,207 @@
+# Quick Start Guide
+
+Get your VPN network up and running in 30 minutes.
+
+## What You'll Get
+
+A VPN network where:
+- `.ru` and `.рф` domains go directly to the internet (fast, no proxy)
+- All other domains route through Germany (bypass blocks)
+- Easy client management via command-line scripts
+- Support for multiple users (up to 253 devices)
+
+## Prerequisites
+
+- 2 VDS servers (already have: RU + DE)
+- SSH access with root privileges
+- 30 minutes of time
+
+## Deployment Steps
+
+### Step 1: Setup DE VDS (5 min)
+
+```bash
+# From your computer
+scp scripts/setup-de-vds.sh root@194.31.173.178:/root/
+
+# SSH into DE VDS
+ssh root@194.31.173.178
+
+# Run setup
+chmod +x /root/setup-de-vds.sh
+/root/setup-de-vds.sh
+
+# Copy the public key that appears (save it for step 3)
+```
+
+### Step 2: Setup RU VDS (5 min)
+
+```bash
+# From your computer
+scp scripts/setup-ru-vds.sh root@176.124.216.197:/root/
+
+# SSH into RU VDS
+ssh root@176.124.216.197
+
+# Run setup
+chmod +x /root/setup-ru-vds.sh
+/root/setup-ru-vds.sh
+
+# Copy both public keys that appear (save for step 3)
+```
+
+### Step 3: Exchange Keys (3 min)
+
+**On DE VDS:**
+```bash
+nano /etc/wireguard/wg0.conf
+# Replace __RU_DE_TUNNEL_PUBLIC_KEY__ with RU's "DE tunnel key"
+# Save and exit (Ctrl+X, Y, Enter)
+```
+
+**On RU VDS:**
+```bash
+nano /etc/wireguard/wg1.conf
+# Replace __DE_SERVER_PUBLIC_KEY__ with DE's public key
+# Save and exit (Ctrl+X, Y, Enter)
+```
+
+### Step 4: Start Services (2 min)
+
+**On DE VDS:**
+```bash
+systemctl start nftables
+systemctl start wg-quick@wg0
+```
+
+**On RU VDS:**
+```bash
+systemctl start dnsmasq
+systemctl start wg-quick@wg1
+systemctl start wg-quick@wg0
+```
+
+### Step 5: Verify Tunnel (2 min)
+
+**On RU VDS:**
+```bash
+ping -c 4 10.20.0.2
+wg show wg1
+# Should see successful ping and recent handshake
+```
+
+### Step 6: Add First Client (5 min)
+
+**Copy client scripts to RU VDS:**
+```bash
+# From your computer
+scp scripts/*.sh root@176.124.216.197:/root/
+```
+
+**On RU VDS:**
+```bash
+chmod +x /root/*.sh
+/root/add-client.sh phone
+# Scan the QR code with WireGuard app or copy the config
+```
+
+### Step 7: Test (5 min)
+
+**On your client device:**
+1. Install WireGuard app
+2. Scan QR code or import config
+3. Connect to VPN
+
+**Test it works:**
+```bash
+# Should show DE VDS IP (194.31.173.178)
+curl ifconfig.me
+
+# Should resolve through VPN DNS
+nslookup google.com
+```
+
+**Test routing:**
+- Visit google.com → routed through Germany
+- Visit yandex.ru → routed directly (faster)
+
+## Done!
+
+Your VPN is now operational.
+
+## Common Commands
+
+```bash
+# List all clients
+/root/list-clients.sh
+
+# Add new client
+/root/add-client.sh laptop
+
+# Disable client temporarily
+/root/disable-client.sh phone
+
+# Re-enable client
+/root/enable-client.sh phone
+
+# Remove client permanently
+/root/remove-client.sh phone
+
+# Check VPN status
+wg show
+
+# View logs
+journalctl -u wg-quick@wg0 -f
+```
+
+## Need Help?
+
+- Full implementation details: [IMPLEMENTATION.md](IMPLEMENTATION.md)
+- Deployment guide: [DEPLOYMENT.md](DEPLOYMENT.md)
+- Architecture overview: [README.md](README.md)
+
+## Troubleshooting
+
+**Tunnel not connecting?**
+```bash
+# Check WireGuard status
+wg show
+systemctl status wg-quick@wg0
+
+# Check if ports are open
+ss -ulnp | grep 51820  # RU VDS
+ss -ulnp | grep 51821  # DE VDS
+```
+
+**DNS not working?**
+```bash
+# Check dnsmasq
+systemctl status dnsmasq
+journalctl -u dnsmasq -n 50
+```
+
+**Routing not working?**
+```bash
+# Check ipset after visiting .ru sites
+ipset list direct
+
+# Check routing table
+ip route show table proxy
+ip rule show
+```
+
+## Security Notes
+
+- Keep WireGuard keys secure (never share them)
+- Change SSH port from default 22
+- Use SSH keys instead of passwords
+- Remove unused clients promptly
+- Monitor logs regularly
+
+## Next Steps
+
+- Add more clients as needed
+- Set up automatic security updates
+- Configure backups for `/etc/wireguard/`
+- Monitor server resources
+- Consider setting up monitoring/alerting