Home VPN

Well, what about you wanting to access home network services from abroad? We can set this up by configuring a home VPN, so that whenever abroad, you can pretend to be within the home network!

Setup PiVPN

It all starts by installing PiVPN

curl -L https://install.pivpn.io | bash

Follow this tutorial to set up PiVPN. Make sure to choose “Wireguard” when in Installation mode. Select CloudFlare as your DNS provider (recommended). When in Public IP or DNS choose “DNS Entry” and write down your hostname (e.g. “lucas-example.2mydns.net”).

We recommend choosing a port other than the default one. Remember it though!

Enable remote access

Similarly, to what has been done with ssh service, now we have to configure the router accordingly so we VPN service can be accessed from the outside. In particular, we want to:

0.0.0.0:<VPN_NEW_PORT> -----> 192.168.1.X:<VPN_NEW_PORT>

Note: Use UDP protocol.

Create and share profile

Simply create a profile using

$ pivpn -a

and typing the name of the profile. The configuration files will be stored under /home/pi/configs. They are also stored (only accessible with root permissions) at /etc/wireguard/configs.

Prepare the devices you’d like to have access to the VPN by installing Wireguard app (available for Win/Mac/Linux/iOS/Android). Check App Store / Play Store or the equivalent.

To configure the connection with the phone, simply use the QR functionality

$ pivpn -qr <name-of-client>

If for a computer, we recommend accessing the file via ssh, and copying its content into Wireguard app.

To check available (created) client profiles type

$ pivpn -l

and active clients (currently connected to the VPN) use

$ pivpn -c

Note: Once the profiles have been imported to the devices that will access remotely to the network, you can remove the files from /home/pi/configs/*.conf

Some issues

It might not work, just try activating wireguard

  • Activate wireguard using wg-quick up /etc/wireguard/wg0.conf, as proposed here.

  • Activate ipv4 forwarding: sudo systctl -w net.ipv4.ip_forward=1, as proposed here. This command can be added to /etc/rc.local, so it is run everytime the system boots.

  • You may have to add static route in your router. This is explained in the aforementioned tutorial and sort of connects vpn subnet and home subnet, use 10.6.0.0/24 as destination IP and 192.168.1.101 (raspi ip) as Gateway.

Other links:

If additional problems, run PiVPN in debugging mode

$ pivpn -d

Last updated