How to Set Up a VPN Using PiVPN and WireGuard

Creating a VPN server at home or on an ARM-based server can provide secure remote access to your network and enhance your online privacy. Using PiVPN with WireGuard, you can quickly configure a personal VPN on devices like a Raspberry Pi, an ARM-based server, or even a virtual private server (VPS). This guide will walk you through the process.

Prerequisites

• Device: A Raspberry Pi, ARM-based server, or VPS
• Operating System: Linux-based OS (Debian/Ubuntu-based recommended)
• Internet Access: Stable internet connection
• Router Access: Ability to set up port forwarding on your network (if configuring at home)

Step 1: Update System Packages

Before starting, make sure your server's software packages are up-to-date. Open a terminal and run:

sudo apt update && sudo apt upgrade -y

Step 2: Install PiVPN

PiVPN simplifies the process of setting up a VPN with WireGuard. Install PiVPN by running the following command:

curl -L https://install.pivpn.io | bash

Step 2.1: Follow the Installation Prompts

During the PiVPN installation, follow these prompts:

1. Choose Network Interface: Select the primary network interface for your server (e.g., eth0 for Ethernet or wlan0 for Wi-Fi).
2. Set a Static IP: For consistent access, select a static IP for the VPN server. If using a VPS, this should be configured automatically by your provider.
3. Select VPN Type: Choose WireGuard. WireGuard is fast, secure, and lightweight, making it ideal for ARM devices and low-power systems.

Step 3: Configure Port Forwarding (Home Setup Only)

To access your VPN remotely, you'll need to forward the VPN port on your router to the IP address of your VPN server:

1. Default Port: WireGuard uses UDP port 51820 by default.
2. Router Configuration: In your router settings, forward this port to your server’s static IP.

Note: Port forwarding isn’t required if you're using a VPS, as it’s already accessible from the internet.

Step 4: Generate a VPN Client Profile

Once PiVPN is installed, you can create client profiles to connect to your VPN.

1. Run the command to create a profile:

pivpn add

2. You’ll be prompted to name your client. Choose a descriptive name (e.g., my-device).
3. After creation, the .conf file for the client will be saved in the /home/pi/configs directory (or equivalent for your system).

Step 5: Transfer the Client Profile to Your Device

To connect a device (like your phone or computer) to the VPN, you’ll need the client configuration file. Transfer it securely using SCP or a secure file-sharing method.

scp /home/pi/configs/my-device.conf user@your-device:~/

Step 6: Install WireGuard on Your Client Device

1. Linux:

sudo apt install wireguard

2. Windows and macOS: Download and install the WireGuard app from WireGuard’s website.
3. Mobile (iOS/Android): Install the WireGuard app from the App Store or Google Play Store.

Step 7: Import the Configuration and Connect

1. Open the WireGuard application on your device.
2. Import the .conf file you transferred.
3. Connect to your VPN by toggling the connection in the app.
4. If you are installing WireGuard on your mobile devices, you can scan the configuration using QR code by running pivpn -qr command on your terminal.

Step 8: Verify Connection

To confirm that your VPN is working correctly, check your public IP address by visiting a site like WhatIsMyIPAddress. It should reflect the IP address of your VPN server.

Additional Tips

• Automate the VPN Connection: You can set up the WireGuard client to auto-connect when accessing specific networks.
• Security Best Practices: Regularly update your server and avoid using the default VPN port for added security.
• Server Reboots: Reboot your server after you successfully install PiVPN.

Closing Note

With PiVPN and WireGuard, setting up a VPN on a Raspberry Pi, ARM server, or VPS is simple and effective. This setup allows secure, private connections to your network from anywhere. Enjoy safe browsing and secure remote access!