# Home VPN Well, what about you wanting to access home network services from abroad? We can set this up by configuring a home VPN, so that whenever abroad, you can pretend to be within the home network! **Setup PiVPN** It all starts by installing PiVPN ```bash curl -L https://install.pivpn.io | bash ``` **Follow this** [**tutorial**](https://www.wundertech.net/setup-wireguard-on-a-raspberry-pi-vpn-setup-tutorial/) **to set up PiVPN**. Make sure to choose “Wireguard” when in *Installation mode*. Select CloudFlare as your DNS provider (recommended). When in *Public IP or DNS* choose “DNS Entry” and write down your hostname (e.g. “lucas-example.2mydns.net”). We recommend choosing a port other than the default one. Remember it though! **Enable remote access** Similarly, to what has been done with ssh service, now we have to configure the router accordingly so we VPN service can be accessed from the outside. In particular, we want to: ``` 0.0.0.0: -----> 192.168.1.X: ``` **Note:** Use UDP protocol. **Create and share profile** Simply create a profile using ``` $ pivpn -a ``` and typing the name of the profile. The configuration files will be stored under /home/pi/configs. They are also stored (only accessible with root permissions) at /etc/wireguard/configs. Prepare the devices you’d like to have access to the VPN by **installing Wireguard app** (available for Win/Mac/Linux/iOS/Android). Check App Store / Play Store or the equivalent. To configure the connection with the phone, simply use the QR functionality ``` $ pivpn -qr ``` If for a computer, we recommend accessing the file via ssh, and copying its content into Wireguard app. To check available (created) client profiles type ``` $ pivpn -l ``` and active clients (currently connected to the VPN) use ``` $ pivpn -c ``` **Note:** Once the profiles have been imported to the devices that will access remotely to the network, you can remove the files from /home/pi/configs/\*.conf **Some issues** It might not work, just try activating wireguard * Activate wireguard using `wg-quick up /etc/wireguard/wg0.conf`, as proposed [here](https://askubuntu.com/questions/1216526/cannot-setup-wireguard-vpn). * Activate ipv4 forwarding: `sudo systctl -w net.ipv4.ip_forward=1`, as proposed [here](https://pimylifeup.com/raspberry-pi-wireguard/). This command can be added to /etc/rc.local, so it is run everytime the system boots. * You may have to add static route in your router. This is explained in the aforementioned tutorial and sort of connects vpn subnet and home subnet, use 10.6.0.0/24 as destination IP and 192.168.1.101 (raspi ip) as Gateway. Other links: * * (wireguard) * (openvpn) If additional problems, run PiVPN in debugging mode ``` $ pivpn -d ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.lcsrg.me/home-setup/remote-access/vpn.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.