3.8 KiB
3.8 KiB
Quick Start Guide
Get your VPN network up and running in 30 minutes.
What You'll Get
A VPN network where:
.ruand.рфdomains go directly to the internet (fast, no proxy)- All other domains route through Germany (bypass blocks)
- Easy client management via command-line scripts
- Support for multiple users (up to 253 devices)
Prerequisites
- 2 VDS servers (already have: RU + DE)
- SSH access with root privileges
- 30 minutes of time
Deployment Steps
Step 1: Setup DE VDS (5 min)
# From your computer
scp scripts/setup-de-vds.sh root@194.31.173.178:/root/
# SSH into DE VDS
ssh root@194.31.173.178
# Run setup
chmod +x /root/setup-de-vds.sh
/root/setup-de-vds.sh
# Copy the public key that appears (save it for step 3)
Step 2: Setup RU VDS (5 min)
# From your computer
scp scripts/setup-ru-vds.sh root@176.124.216.197:/root/
# SSH into RU VDS
ssh root@176.124.216.197
# Run setup
chmod +x /root/setup-ru-vds.sh
/root/setup-ru-vds.sh
# Copy both public keys that appear (save for step 3)
Step 3: Exchange Keys (3 min)
On DE VDS:
nano /etc/wireguard/wg0.conf
# Replace __RU_DE_TUNNEL_PUBLIC_KEY__ with RU's "DE tunnel key"
# Save and exit (Ctrl+X, Y, Enter)
On RU VDS:
nano /etc/wireguard/wg1.conf
# Replace __DE_SERVER_PUBLIC_KEY__ with DE's public key
# Save and exit (Ctrl+X, Y, Enter)
Step 4: Start Services (2 min)
On DE VDS:
systemctl start nftables
systemctl start wg-quick@wg0
On RU VDS:
systemctl start dnsmasq
systemctl start wg-quick@wg1
systemctl start wg-quick@wg0
Step 5: Verify Tunnel (2 min)
On RU VDS:
ping -c 4 10.20.0.2
wg show wg1
# Should see successful ping and recent handshake
Step 6: Add First Client (5 min)
Copy client scripts to RU VDS:
# From your computer
scp scripts/*.sh root@176.124.216.197:/root/
On RU VDS:
chmod +x /root/*.sh
/root/add-client.sh phone
# Scan the QR code with WireGuard app or copy the config
Step 7: Test (5 min)
On your client device:
- Install WireGuard app
- Scan QR code or import config
- Connect to VPN
Test it works:
# Should show DE VDS IP (194.31.173.178)
curl ifconfig.me
# Should resolve through VPN DNS
nslookup google.com
Test routing:
- Visit google.com → routed through Germany
- Visit yandex.ru → routed directly (faster)
Done!
Your VPN is now operational.
Common Commands
# List all clients
/root/list-clients.sh
# Add new client
/root/add-client.sh laptop
# Disable client temporarily
/root/disable-client.sh phone
# Re-enable client
/root/enable-client.sh phone
# Remove client permanently
/root/remove-client.sh phone
# Check VPN status
wg show
# View logs
journalctl -u wg-quick@wg0 -f
Need Help?
- Full implementation details: IMPLEMENTATION.md
- Deployment guide: DEPLOYMENT.md
- Architecture overview: README.md
Troubleshooting
Tunnel not connecting?
# Check WireGuard status
wg show
systemctl status wg-quick@wg0
# Check if ports are open
ss -ulnp | grep 51820 # RU VDS
ss -ulnp | grep 51821 # DE VDS
DNS not working?
# Check dnsmasq
systemctl status dnsmasq
journalctl -u dnsmasq -n 50
Routing not working?
# Check ipset after visiting .ru sites
ipset list direct
# Check routing table
ip route show table proxy
ip rule show
Security Notes
- Keep WireGuard keys secure (never share them)
- Change SSH port from default 22
- Use SSH keys instead of passwords
- Remove unused clients promptly
- Monitor logs regularly
Next Steps
- Add more clients as needed
- Set up automatic security updates
- Configure backups for
/etc/wireguard/ - Monitor server resources
- Consider setting up monitoring/alerting