Install and configure a VPN Server for connecting to your home network and network devices, with the ability to surf the internet remotely from your home internet connection in under 15 minutes!
This guide will work with Raspbian OS, Debian and Ubuntu. Checkout the PiVPN project site here.
In a previous article, we installed and configured Pi-Hole as a DNS Sinkhole and DNS server found here.
We will be using Pi-Hole as our DNS server in this guide.
Installation is a simple one line command running the official installation script.
curl -L https://install.pivpn.io | bash
Input your password.
You will need a static IP address installed, check our Pi-Hole guide for setting up a static IP Address on a Raspberry Pi. Select OK to continue.
Choose the local user using the space bar, in my case the user is steve because I have disabled the pi user. Yours will probably say pi.
The next screen allows you to choose between WireGuard, or OpenVPN. We will be selecting WireGuard.
The next screen allows you to modify the default port, I highly suggest that you change this to a different value since this is a common port and is frequently attacked. In my case I am changing this to a higher port 6969, select Ok.
The next screen has detected our Pi-Hole installation, select yes to use it as the DNS server for the VPN.
The next screen is prompting for a Public IP address, or a DNS Entry using a Public IP Address, you should select Use this Public IP, I will discuss how to create a DNS Entry for your home public IP address in a future article.
Select OK on the next TWO screens.
The following screen will describe how to create client profiles, select OK, and when the following screen prompts for a reboot, select Yes to reboot, and then Ok.
Allowing Port 6969 Into Your Network
You need to add a port forwarding rule on your router/firewall to allow the VPN traffic to come through, since each router and firewall is different, we will not be covering that here. Refer to your firewall/router documentation for further information.
Adding VPN Users
Adding VPN users is fairly straightforward, simply run the pivpn add command and follow the prompts.
pivpn add [sudo] password for steve: ::: Create a client ovpn profile, optional nopass ::: ::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password <arg>]|[nopass] [-d|--days <number>] [-b|--bitwarden] [-i|--iOS] [-o|--ovpn] [-h|--help] ::: ::: Commands: ::: [none] Interactive mode ::: nopass Create a client without a password ::: -n,--name Name for the Client (default: "ix") ::: -p,--password Password for the Client (no default) ::: -d,--days Expire the certificate after specified number of days (default: 1080) ::: -b,--bitwarden Create and save a client through Bitwarden ::: -i,--iOS Generate a certificate that leverages iOS keychain ::: -o,--ovpn Regenerate a .ovpn config file for an existing client ::: -h,--help Show this help dialog Enter a Name for the Client:
After the client profiles are created, they are stored in the /home/$USER/ovpns directory.
I recommend using the OpenVPN Connect client, it supports Windows, macOS, Linux, Android and iOS.
You can copy the .ovpn file from the Pi to your mobile device via usb, SSH, FTP, or email it to yourself ( I do not recommend emailing it to yourself as this is a huge security concern). Follow this guide on how to get files to and from your Raspberry Pi.
You can now control any network device on your network, control your smart lights, and surf the internet using your home internet connection.