Skip to content

Linux VPN Servers

Jump to bottom
Mattscreative edited this page Dec 5, 2025 · 2 revisions

Linux VPN Servers Guide

Complete beginner-friendly guide to VPN servers on Linux, covering Arch Linux, CachyOS, and other distributions including OpenVPN, WireGuard, and VPN server configuration.

Table of Contents

  1. OpenVPN Setup
  2. WireGuard Setup
  3. VPN Configuration
  4. Troubleshooting

OpenVPN Setup

Install OpenVPN

Install OpenVPN:

# Arch/CachyOS
sudo pacman -S openvpn easyrsa

# Debian/Ubuntu
sudo apt install openvpn easy-rsa

# Fedora
sudo dnf install openvpn easy-rsa

Configure OpenVPN Server

Edit config:

# Edit config
sudo vim /etc/openvpn/server/server.conf

Basic settings:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"

Enable Service

Start OpenVPN:

# Enable service
sudo systemctl enable openvpn-server@server

# Start service
sudo systemctl start openvpn-server@server

# Check status
systemctl status openvpn-server@server

WireGuard Setup

Install WireGuard

Install WireGuard:

# Arch/CachyOS
sudo pacman -S wireguard-tools

# Debian/Ubuntu
sudo apt install wireguard

# Fedora
sudo dnf install wireguard-tools

Configure WireGuard Server

Create config:

# Create config
sudo vim /etc/wireguard/wg0.conf

Example server config:

[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820

# Enable IP forwarding
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Generate Keys

WireGuard keys:

# Generate private key
wg genkey | tee privatekey | wg pubkey > publickey

# Or generate server key
wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key

Enable Service

Start WireGuard:

# Enable service
sudo systemctl enable wg-quick@wg0

# Start service
sudo systemctl start wg-quick@wg0

# Check status
systemctl status wg-quick@wg0

VPN Configuration

IP Forwarding

Enable IP forwarding:

# Enable temporarily
sudo sysctl -w net.ipv4.ip_forward=1

# Make permanent
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.d/99-ipforward.conf

# Apply
sudo sysctl -p /etc/sysctl.d/99-ipforward.conf

Firewall Rules

Configure firewall:

# For WireGuard (if using iptables)
sudo iptables -A FORWARD -i wg0 -j ACCEPT
sudo iptables -A FORWARD -o wg0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Troubleshooting

VPN Not Connecting

Check status:

# Check WireGuard
sudo wg show

# Check OpenVPN
sudo systemctl status openvpn-server@server

# Check logs
journalctl -u wg-quick@wg0
journalctl -u openvpn-server@server

Connection Issues

Diagnose:

# Check interface
ip link show wg0

# Check routing
ip route show

# Test connectivity
ping -c 4 10.0.0.1

Summary

This guide covered VPN servers for Arch Linux, CachyOS, and other distributions, including OpenVPN, WireGuard, and configuration.

Next Steps

This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.

Clone this wiki locally