Install a Self-Hosted VPN with PiVPN on a Raspberry Pi
The Raspberry Pi is a very useful and versatile computer you can use to host and run a variety of services from your own home. An example of this is Pi-hole which allows you to implement network-wide ad-blocking for all your devices.
However, when you’re away from your network (for example on a mobile device or laptop) you won’t get the benefits of this ad-blocking. You also won’t be able to connect to other services running on your network.
PiVPN can help with this by allowing you to quickly setup a self-hosted VPN (Virtual Private Network) server, which will allow you to connect to your network from anywhere. As a result, your internet traffic will be protected while you are travelling, and you will be able to connect to your home network services as if you were at home.
The setup of PiVPN is quick to complete, as the PiVPN install script handles the complexity of setting up a WireGuard VPN for you.
Prerequisites
For this post I am going to assume that you have a functional Raspberry Pi installation and have done the following:
- Noted your public IP address or public DNS name
- Set your Raspberry Pi to use a static IP address
Install PiVPN
The first step is to run the PiVPN install script. This will ask you a few questions as you progress through the install process and configure WireGuard VPN for you automatically. It is a good idea to review the script before your start the process to ensure you are happy with the steps that will be taken.
You can start the PiVPN install script by running the following command.
curl -L https://install.pivpn.io | bash
You will then be presented with the welcome screen and information about the process with a warning that you will need a static IP address to be configured.
Select a User for the PiVPN Configuration
The first question the PiVPN install script will ask is where the PiVPN configuration files should be stored. Select the user most appropriate for you (in my case I went with the system user) and then select the OK button.
Setting up the VPN Server
Out of the box, PiVPN provides support for both WireGuard and OpenVPN servers. If you’ve like to compare the two you can find more information about both on the WireGuard website and the OpenVPN website. I selected WireGuard, however both will work. After you have made your selection of VPN server, you can select the OK button.
Next, you will next the prompted to select a port for the VPN. You can leave the default value or you can change this to one which is available. Select the OK button when you’re ready.
If the PiVPN installer detects a Pi-hole installation, you will be ask if you would like to use this for DNS for the VPN. Feel free to answer this as best for your situation, in my case I wanted the ad-blocking benefits of Pi-hole.
At the next step, you will be asked to provide the public endpoint you will be connecting to. This can either be your public IP address, or a public DNS name which is configured to point to your IP address. Complete the details as applicable for you and then continue with the installation. When you are prompted continue with the server key generation.
Enabling Unattended Upgrades
Since your server will have an open port to the internet, I’d recommend that you enable automatic updates. However, feel free to select whichever option is best for your use case.
After unattended upgrades has been enabled, you will be recommended to reboot your Raspberry Pi. To do this, just select the Yes button and wait for the reboot to be completed.
Adding your VPN client
The next step is to add a client to use your VPN server. This can be done through PiVPN as well! PiVPN will take care of the client configuration and key generation for you by using the helper commands. You can add a VPN client by running the following command.
pivpn add -n <name>
Remember to replace <name>
with a friendly name for the device you are adding. In my case, it was my phone so I executed
pivpn add -n phone
After that has finished, we now need to add the configuration to the client. An easy way to do this is by generating a QR code which you can then scan from the WireGuard app. You can do this with the following command.
pivpn –qr
You can now type a number appropriate for the device you are added and hit enter to see a QR code you can scan.
Forward the Port on your Router
The last step is to forward the VPN server port specified earlier to the private IP address of your Raspberry Pi. This will make your VPN server accessible to connect to from outside of your network.
The exact steps to achieve this can vary depending on your home router. If you do a search for the manufacturer and model of your router, you should be able to find instructions.
Summary
You should now be able to connect to your VPN and have all the benefits of this while travelling.
If you are not able to connect, or the connection doesn’t work after you have connected you can check the status of connected clients with the following command in PiVPN.
pivpn clients
This will tell you when the client was last connected, and the number of bytes sent and received. If bytes are not being sent or received, double check that your port forwarding rule in your router is correct.
There is also a good page in the PiVPN documentation about troubleshooting PiVPN connection issues.