CyberSaif
← All projects
/ project

PiVPN with WireGuard

Building a small, secure remote-access VPN with Raspberry Pi, WireGuard, and practical network controls.

  • Raspberry Pi
  • WireGuard
  • VPN
  • Networking
Guide

What is a VPN?

A VPN, or Virtual Private Network, is a technology that creates a secure and private connection over the public internet.

We use a VPN to connect safely to our school, organization, and home networks while online.

VPNs enhance privacy and security by encrypting data and masking the user’s IP address, ensuring that information stays protected.

PiVPN

PiVPN is a script for installing OpenVPN and WireGuard. It enables you to easily set up a secure virtual private network (VPN). Pi VPN automatically configures your server to function as a VPN server. While it is commonly used with Raspberry Pi, it can also be installed on any server running a Debian-based operating system.

Benefits

VPN allows you to set up a private and secure communication channel over unsafe public internet. It offers

  • Secure Browsing: Encrypts your data on the public WiFi.
  • Remote Access: Enables a secure connection to your home, office and organization’s internal network.
  • Easy Configuration: Pi VPN is super easy to set up.

Prerequisites

  • A dedicated Raspberry Pi with Raspberry Pi OS or Debian based distro.
  • A stable internet connection
  • An SD card
  • Basic Linux knowledge
  • Basic Networking knowledge

Raspberry Pi setup

  1. Install the Raspberry Pi imager from the website.

image1

  1. Select the Raspberry PI OS (Lite or Desktop) & SD card on the “choose devices”
  2. Click “next” & select “Edit Settings”

image2

  1. Switch to Services tab and enable SSH

image3

  1. On the General tab, you can configure the username and password, if you don’t then the default username is pi and password is raspberry.

  2. Click “Save”.

image4

  1. Click “Yes” & then “Write”.

    It will take some time.

  2. Once it finishes, plug your SD card into the Raspberry Pi & power it on.

  3. Then establish SSH connection by checking the IP address of the Pi into your home router.

  4. The SSH command will be ssh username@IP.

Network Configuration

We need to assign a static IP address to Raspberry Pi.

This can be done either separately, or we can configure it during the Pi VPN installation.

  1. Open the dhcpcd.conf file by entering “sudo nano /etc/dhcpcd.conf”

Installing PiVPN

  1. Run the PiVPN script by entering this command in the terminal “curl -L https://install.pivpn.io | bash”.
  2. The script can be viewed by visiting https://install.pivpn.io
  3. Click “Ok”.

image5

  1. If you haven’t configured your static IP before, it can be done here.
  2. Select “No” to configure a static IP address or “Yes” if you have already done in the previous step.

image6

  1. Choose the protocol you want to use. In this case, it is WireGuard.

image7

  1. Select the DNS provider for our VPN clients.

image8

  1. This is the important step, either select your public IP or your DNS as an option for your client to connect with the server.

image9

Note: If your Internet Service Provider (ISP) has given you a static public IP address, you can choose the first option. However, if you have a dynamic IP address, you will need to select the DNS option and set up Dynamic DNS.

  1. It is a good idea to enable unattended upgrade.

image10

  1. Click “Ok” to complete the installation & reboot the device.

Note: You must configure port forwarding on your home router to allow incoming connection for port 51820, and forward them to the Raspberry Pi

Setting Up VPN Clients

After rebooting, you should be able to run pivpn commands. Enter pivpn --help to see the available commands.

image11

Adding a Client

Use pivpn -a to add a new client.

image12

Connecting to the VPN

  1. Download the WireGuard app on your phone or device.
  2. Run pivpn -qr command to generate a QR code for client you have created.

image13

  1. On your phone click on “Add a tunnel” and “Create from QR code.
Phone1 Phone2

Verifying the Connection

To verify whether a client from the public internet can connect to our VPN server, I have enabled the Apache server on the Raspberry Pi.

This server can only be accessed by devices within the 192.168.1.0/24 subnet. Let’s check if the mobile client can access the webpage.

Raspberry Pi IP address:192.168.1.73

I successfully loaded the Apache page hosted on the Raspberry Pi, confirming that our VPN is functioning correctly.

Phone3

Client Details

Alternatively, we can use the pivpn -c command to see whether we successfully connected with the client.

Example

Conclusion

Self-hosted VPNs like Pi VPN allow us to connect to our home or organization’s internal network. They are great for embedded system projects and for securely accessing internal resources of a school or organization over the public internet.

Reference