{"id":300,"date":"2024-07-19T13:18:50","date_gmt":"2024-07-19T12:18:50","guid":{"rendered":"https:\/\/blogs.wielenga.co.uk\/?p=300"},"modified":"2024-11-12T22:24:18","modified_gmt":"2024-11-12T22:24:18","slug":"creating-a-full-home-vpn-server-on-a-raspberry-pi-using-pivpn-with-wireguard-including-port-forwarding-and-free-dynamic-dns","status":"publish","type":"post","link":"https:\/\/blogs.wielenga.co.uk\/index.php\/2024\/07\/19\/creating-a-full-home-vpn-server-on-a-raspberry-pi-using-pivpn-with-wireguard-including-port-forwarding-and-free-dynamic-dns\/","title":{"rendered":"Full personal (home) VPN server on a Raspberry Pi (WireGuard, port forwarding and free dynamic DNS)"},"content":{"rendered":"<p>Setting up a full home VPN server on a Raspberry Pi using PiVPN with WireGuard, including port forwarding and free dynamic DNS, is a great way to secure your home network. Here&#8217;s a step-by-step guide:<\/p>\n<h3>1. Prerequisites<\/h3>\n<p>Raspberry Pi (Raspberry Pi 4 is recommended for better performance but this works fine on a raspberry pi zero W)<\/p>\n<ol>\n<li>MicroSD Card (8GB or larger)<\/li>\n<li>Power Supply for Raspberry Pi<\/li>\n<li>Ethernet Cable (for a stable connection during setup)<\/li>\n<li>Router Access (for port forwarding configuration)<\/li>\n<li>Dynamic DNS Service (such as No-IP or DuckDNS)<\/li>\n<\/ol>\n<h3>2. Set Up Raspberry Pi<\/h3>\n<p>Install Raspberry Pi OS:<\/p>\n<p>This site gives the next steps in detail <a href=\"https:\/\/pimylifeup.com\/raspberry-pi-os-install\/\" target=\"_blank\" rel=\"noopener\">https:\/\/pimylifeup.com\/raspberry-pi-os-install\/<\/a><\/p>\n<p>Download the Raspberry Pi Imager from the official site.<br \/>\nInstall Raspberry Pi OS (Lite version is sufficient).<br \/>\nFollow the instructions to flash the OS to your MicroSD card when asked for custom setup make sure SSH is enabled and the wifi credentials are set correctly if Pi zero W.<\/p>\n<p>Initial Setup:<\/p>\n<p>Insert the MicroSD card into the Raspberry Pi and power it on.<br \/>\nConnect the Raspberry Pi to your router via Ethernet.<br \/>\nAccess your Raspberry Pi via SSH (find the IP address using your router&#8217;s interface or a network scanning tool like angry IP scanner).<\/p>\n<h3>3. Install PiVPN<\/h3>\n<p>PiMyLifeUp\u00a0 has easy to understand instructions:\u00a0 <a href=\"https:\/\/pimylifeup.com\/raspberry-pi-wireguard\/\" target=\"_blank\" rel=\"noopener\">https:\/\/pimylifeup.com\/raspberry-pi-wireguard\/<\/a><\/p>\n<p>Update the system:<\/p>\n<p>in terminal window on raspberry pi<\/p>\n<p>sudo apt update<br \/>\nsudo apt upgrade -y<\/p>\n<p>Install PiVPN:<\/p>\n<p>in terminal window on raspberry pi<\/p>\n<p>curl -L https:\/\/install.pivpn.io | in terminal window on raspberry pi<\/p>\n<p>Follow the PiVPN setup wizard:<br \/>\nChoose WireGuard as the VPN protocol.<br \/>\nAllow the installer to automatically configure the firewall (UFW).<br \/>\nSelect the default WireGuard port (51820) or choose your own.<br \/>\nChoose a static IP address for your Pi on your local network.<\/p>\n<h3>4. Set Up Port Forwarding<\/h3>\n<p>Access your router&#8217;s admin interface.<br \/>\nFind the port forwarding section.<br \/>\nForward the WireGuard port (51820 by default) to your Raspberry Pi&#8217;s local IP address.<\/p>\n<p>Also forward for example 1022 to port 22 of Raspberry Pi&#8217;s local IP address. That way you can access your pi remotely. MAKE SURE THAT YOU HAVE SET A STRONG PASSWORD ON THE PI!<\/p>\n<p>Some resources:<\/p>\n<p><a href=\"https:\/\/www.noip.com\/support\/knowledgebase\/general-port-forwarding-guide\" target=\"_blank\" rel=\"noopener\">https:\/\/www.noip.com\/support\/knowledgebase\/general-port-forwarding-guide<\/a><\/p>\n<p><a href=\"https:\/\/www.wikihow.com\/Set-Up-Port-Forwarding-on-a-Router\" target=\"_blank\" rel=\"noopener\">https:\/\/www.wikihow.com\/Set-Up-Port-Forwarding-on-a-Router<\/a><\/p>\n<p><a href=\"https:\/\/community.ziggo.nl\/t5\/Tips-van-Ziggo\/Port-forwarding-op-het-SmartWifi-modem-voorheen-Connectbox\/ba-p\/653799\" target=\"_blank\" rel=\"noopener\">https:\/\/community.ziggo.nl\/t5\/Tips-van-Ziggo\/Port-forwarding-op-het-SmartWifi-modem-voorheen-Connectbox\/ba-p\/653799<\/a><\/p>\n<p>&nbsp;<\/p>\n<h3>5. Set Up Dynamic DNS<\/h3>\n<p>Register for a free dynamic DNS service:<br \/>\nNo-IP: Create an account and set up a hostname.<br \/>\nDuckDNS: Create an account and set up a subdomain.<\/p>\n<p>Update the Raspberry Pi with your Dynamic DNS service:<\/p>\n<p>For more info on NOIP and Portforwarding <a href=\"https:\/\/pimylifeup.com\/raspberry-pi-port-forwarding\/\">https:\/\/pimylifeup.com\/raspberry-pi-port-forwarding\/<\/a><\/p>\n<p>For No-IP, install the No-IP client:<\/p>\n<p>in terminal window on raspberry pi<\/p>\n<p>sudo apt install make gcc<br \/>\ncd \/usr\/local\/src\/<br \/>\nsudo wget https:\/\/www.no-ip.com\/client\/linux\/noip-duc-linux.tar.gz<br \/>\nsudo tar xf noip-duc-linux.tar.gz<br \/>\ncd noip-2.1.9-1\/<br \/>\nsudo make<br \/>\nsudo make install<br \/>\nsudo \/usr\/local\/bin\/noip2 -C<br \/>\nsudo \/usr\/local\/bin\/noip2<\/p>\n<p>For DuckDNS, create a cron job:<\/p>\n<p>More easy info here <a href=\"https:\/\/pimylifeup.com\/raspberry-pi-duck-dns\/\" target=\"_blank\" rel=\"noopener\">https:\/\/pimylifeup.com\/raspberry-pi-duck-dns\/<\/a><\/p>\n<p>in terminal window on raspberry pi<\/p>\n<p>sudo apt install cron<br \/>\ncrontab -e<\/p>\n<p>Add the following line to the crontab (replace &lt;your_domain&gt; and &lt;your_token&gt; with your actual values):<\/p>\n<p>in terminal window on raspberry pi<\/p>\n<p>*\/5 * * * * curl -k &#8220;https:\/\/www.duckdns.org\/update\/&lt;your_domain&gt;\/&lt;your_token&gt;&#8221;<\/p>\n<p>6. Configure WireGuard Clients<\/p>\n<p>Create a client profile on your Raspberry Pi:<\/p>\n<p>in terminal window on raspberry pi<\/p>\n<p>pivpn add<\/p>\n<p>Follow the prompts to generate a new client configuration.<\/p>\n<p>Transfer the configuration file to your client device:<br \/>\nYou can use scp, email, or a USB drive.<\/p>\n<p>Install the WireGuard app on your client device:<br \/>\nDifferent solutions exit for different devices, the best way is just to use google or on the app store for your device:<\/p>\n<p>WireGuard for Windows<\/p>\n<p>WireGuard for macOS<\/p>\n<p>WireGuard for Android<\/p>\n<p>WireGuard for iOS<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Import the configuration file into the WireGuard app.<\/p>\n<h3>7. Test Your VPN<\/h3>\n<p>Activate the VPN on your client device using the WireGuard app.<br \/>\nVerify your IP address by visiting a site like whatismyip.com to ensure it matches your home network&#8217;s IP.<\/p>\n<h3>Conclusion<\/h3>\n<p>You now have a fully functional home VPN server running on your Raspberry Pi using PiVPN with WireGuard, along with port forwarding and a dynamic DNS setup. This setup allows you to securely connect to your home network from anywhere.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Setting up a full home VPN server on a Raspberry Pi using PiVPN with WireGuard, including port forwarding and free dynamic DNS, is a great way to secure your home network. Here&#8217;s a step-by-step guide: 1. Prerequisites Raspberry Pi (Raspberry Pi 4 is recommended for better performance but this works fine on a raspberry pi&hellip; <br \/> <a class=\"button small blue\" href=\"https:\/\/blogs.wielenga.co.uk\/index.php\/2024\/07\/19\/creating-a-full-home-vpn-server-on-a-raspberry-pi-using-pivpn-with-wireguard-including-port-forwarding-and-free-dynamic-dns\/\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":345,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet-and-apps"],"_links":{"self":[{"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=300"}],"version-history":[{"count":8,"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/300\/revisions"}],"predecessor-version":[{"id":337,"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/300\/revisions\/337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/media\/345"}],"wp:attachment":[{"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.wielenga.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}