# Home VPN

Well, what about you wanting to access home network services from abroad? We can set this up by configuring a home VPN, so that whenever abroad, you can pretend to be within the home network!

**Setup PiVPN**

It all starts by installing PiVPN

```bash
curl -L https://install.pivpn.io | bash
```

**Follow this** [**tutorial**](https://www.wundertech.net/setup-wireguard-on-a-raspberry-pi-vpn-setup-tutorial/) **to set up PiVPN**. Make sure to choose “Wireguard” when in *Installation mode*. Select CloudFlare as your DNS provider (recommended). When in *Public IP or DNS* choose “DNS Entry” and write down your hostname (e.g. “lucas-example.2mydns.net”).

We recommend choosing a port other than the default one. Remember it though!

**Enable remote access**

Similarly, to what has been done with ssh service, now we have to configure the router accordingly so we VPN service can be accessed from the outside. In particular, we want to:

```
0.0.0.0:<VPN_NEW_PORT> -----> 192.168.1.X:<VPN_NEW_PORT>
```

**Note:** Use UDP protocol.

**Create and share profile**

Simply create a profile using

```
$ pivpn -a
```

and typing the name of the profile. The configuration files will be stored under /home/pi/configs. They are also stored (only accessible with root permissions) at /etc/wireguard/configs.

Prepare the devices you’d like to have access to the VPN by **installing Wireguard app** (available for Win/Mac/Linux/iOS/Android). Check App Store / Play Store or the equivalent.

To configure the connection with the phone, simply use the QR functionality

```
$ pivpn -qr <name-of-client>
```

If for a computer, we recommend accessing the file via ssh, and copying its content into Wireguard app.

To check available (created) client profiles type&#x20;

```
$ pivpn -l
```

and active clients (currently connected to the VPN) use

```
$ pivpn -c
```

**Note:** Once the profiles have been imported to the devices that will access remotely to the network, you can remove the files from /home/pi/configs/\*.conf

**Some issues**

It might not work, just try activating wireguard

* Activate wireguard using `wg-quick up /etc/wireguard/wg0.conf`, as proposed [here](https://askubuntu.com/questions/1216526/cannot-setup-wireguard-vpn).
* Activate ipv4 forwarding: `sudo systctl -w net.ipv4.ip_forward=1`, as proposed [here](https://pimylifeup.com/raspberry-pi-wireguard/). This command can be added to /etc/rc.local, so it is run everytime the system boots.
* You may have to add static route in your router. This is explained in the aforementioned tutorial and sort of connects vpn subnet and home subnet, use 10.6.0.0/24 as destination IP and 192.168.1.101 (raspi ip) as Gateway.

Other links:

* <https://github.com/pivpn/pivpn/issues/920>
* <https://pimylifeup.com/raspberry-pi-wireguard/> (wireguard)
* &#x20;<https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi> (openvpn)

If additional problems, run PiVPN in debugging mode

```
$ pivpn -d
```