Setting up a full home VPN server on a Raspberry Pi using PiVPN with WireGuard, including port forwarding and free dynamic DNS, is a great way to secure your home network. Here’s a step-by-step guide:
1. Prerequisites
Raspberry Pi (Raspberry Pi 4 is recommended for better performance but this works fine on a raspberry pi zero W)
- MicroSD Card (8GB or larger)
- Power Supply for Raspberry Pi
- Ethernet Cable (for a stable connection during setup)
- Router Access (for port forwarding configuration)
- Dynamic DNS Service (such as No-IP or DuckDNS)
2. Set Up Raspberry Pi
Install Raspberry Pi OS:
This site gives the next steps in detail https://pimylifeup.com/raspberry-pi-os-install/
Download the Raspberry Pi Imager from the official site.
Install Raspberry Pi OS (Lite version is sufficient).
Follow the instructions to flash the OS to your MicroSD card when asked for custom setup make sure SSH is enabled and the wifi credentials are set correctly if Pi zero W.
Initial Setup:
Insert the MicroSD card into the Raspberry Pi and power it on.
Connect the Raspberry Pi to your router via Ethernet.
Access your Raspberry Pi via SSH (find the IP address using your router’s interface or a network scanning tool like angry IP scanner).
3. Install PiVPN
PiMyLifeUp has easy to understand instructions: https://pimylifeup.com/raspberry-pi-wireguard/
Update the system:
in terminal window on raspberry pi
sudo apt update
sudo apt upgrade -y
Install PiVPN:
in terminal window on raspberry pi
curl -L https://install.pivpn.io | in terminal window on raspberry pi
Follow the PiVPN setup wizard:
Choose WireGuard as the VPN protocol.
Allow the installer to automatically configure the firewall (UFW).
Select the default WireGuard port (51820) or choose your own.
Choose a static IP address for your Pi on your local network.
4. Set Up Port Forwarding
Access your router’s admin interface.
Find the port forwarding section.
Forward the WireGuard port (51820 by default) to your Raspberry Pi’s local IP address.
Also forward for example 1022 to port 22 of Raspberry Pi’s local IP address. That way you can access your pi remotely. MAKE SURE THAT YOU HAVE SET A STRONG PASSWORD ON THE PI!
Some resources:
https://www.noip.com/support/knowledgebase/general-port-forwarding-guide
https://www.wikihow.com/Set-Up-Port-Forwarding-on-a-Router
5. Set Up Dynamic DNS
Register for a free dynamic DNS service:
No-IP: Create an account and set up a hostname.
DuckDNS: Create an account and set up a subdomain.
Update the Raspberry Pi with your Dynamic DNS service:
For more info on NOIP and Portforwarding https://pimylifeup.com/raspberry-pi-port-forwarding/
For No-IP, install the No-IP client:
in terminal window on raspberry pi
sudo apt install make gcc
cd /usr/local/src/
sudo wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
sudo tar xf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
sudo make
sudo make install
sudo /usr/local/bin/noip2 -C
sudo /usr/local/bin/noip2
For DuckDNS, create a cron job:
More easy info here https://pimylifeup.com/raspberry-pi-duck-dns/
in terminal window on raspberry pi
sudo apt install cron
crontab -e
Add the following line to the crontab (replace <your_domain> and <your_token> with your actual values):
in terminal window on raspberry pi
*/5 * * * * curl -k “https://www.duckdns.org/update/<your_domain>/<your_token>”
6. Configure WireGuard Clients
Create a client profile on your Raspberry Pi:
in terminal window on raspberry pi
pivpn add
Follow the prompts to generate a new client configuration.
Transfer the configuration file to your client device:
You can use scp, email, or a USB drive.
Install the WireGuard app on your client device:
Different solutions exit for different devices, the best way is just to use google or on the app store for your device:
WireGuard for Windows
WireGuard for macOS
WireGuard for Android
WireGuard for iOS
Import the configuration file into the WireGuard app.
7. Test Your VPN
Activate the VPN on your client device using the WireGuard app.
Verify your IP address by visiting a site like whatismyip.com to ensure it matches your home network’s IP.
Conclusion
You now have a fully functional home VPN server running on your Raspberry Pi using PiVPN with WireGuard, along with port forwarding and a dynamic DNS setup. This setup allows you to securely connect to your home network from anywhere.