Sam Westby

How to Install PiVPN on a Raspberry Pi

Browse the internet privately or access your home files from anywhere with this Raspberry Pi Tutorial.

Samuel Westby

October 5th, 2022

raspberry pi

What is a VPN?

A VPN acts as an encrypted middleman for your internet traffic. Rather than going directy from your computer to the internet service provider to the desired website, you instead go computer to the ISP to the VPN, back to the ISP, and then to the desired website. This allows you to access files remotely or disguise and secure your internet traffic.

Supplies

Raspberry Pi
Micro SD Card
Power Source
Computer (Optional)

Step 1 - Set up your Pi

If you haven't set up your Raspberry Pi yet, you can follow my tutorial for that here.

Step 2 - Install PiVPN

Open a terminal to your Pi. You can do this with SSH or directly on your Pi as a desktop. First, let's update your pi with the following code:

sudo apt update
sudo apt upgrade

Run the following command to download PiVPN

curl -L https://install.pivpn.io | bash

Step 3 - DHCP Reservation

Continue through the prompts until you see DHCP Reservation. screenshot of the dhcp reservation screen This step varies for everyone depending on your router. So if you're not sure how to do the following two things, I suggest Google.

Log in to your router

Google - "how to log in to a ____ router" (insert your router make)

Set a static IP address for your Raspberry Pi.

Google - "how to set a static IP on a ____ router" (insert your router make)

After you've done these two parts, return to your terminal and select Yes - Keep using DHCP reservation.

Step 4 - Installation Mode

Continue through the prompts until you're asked for WireGuard vs. OpenVPN. screenshot of the installation mode options

I won't go into the intricate differences between the two. OpenVPN is older and has more users, but WireGuard is newer and a much faster and smoother experience. I use WireGuard.

Step 5 - Select the port

You can leave the default port, but changing it would add extra security. If WireGuard gets hacked, the hacker will look for anything on port 51820. This is because port 51820 is the default port for WireGuard, so the hackers would have access to anything on that port. If you change your port, you can use any numbers between 49152-65535

Step 6 - DNS provider

Next, choose your DNS provider. Quad9, the default, is a free and open source provider. I have used them and have no complaints.

Step 7

I used my router's Public IP - the alternative is to assign a domain name to your VPN.
I recommend unattended upgrades. This way you will get all the latest security patches and updates.
Reboot
Return to your pi's terminal. I ssh'd back in.

Step 8 - Adding profiles

Type the command: pivpn add
It will ask for a name. I'm adding my phone so I call it: phone
Download the WireGuard app on you phone [app store] [play store]
In your Raspberry Pi terminal run: pivpn -qr to generate a QR code.
Click "Add a tunnel" then "Create from QR code"

example of button to add tunnel to wireguard

Scan the QR on your computer with your phone.

Step 9 - Enable IPv4 and IPv6 forwarding

In you Pi, type:

sudo nano /etc/sysctl.conf

This will open a file. Uncomment the following lines:

net.ipv4.ip_forward=1
    net.ipv6.conf.all.forwarding=1

Press Ctrl+S to save and Ctrl+X

Step 10 - Port forwarding on your router

Next we need to let our router know what we're doing. This process is specific to your router so please Google - "port forwarding for my ______ router" Create a custom service. I call mine VPN. Then you will have options for TCP or UDP protocols. Use the UDP protocol.

Step 11 - enjoy

Open the WireGuard app on your phone and turn on you VPN. You are now tunneling through your Raspberry Pi! If you have any questions feel free to leave a comment on the YouTube video I linked above. I try to read every comment.