Self host a VPN.

Use a raspberry pi to self host a VPN from your home network.


Introduction

There are many reasons you may want to use a VPN. There are some common use cases below:

  • Connect to non internet-facing devices(such as a personal server) on your home network over the internet (therefore anywhere in the world).
  • Stop spooky public wifi’s tracking you or trying to MITM you when out and about.
  • Access content from a different area of the world which may be blocked or banned in the country you are in.
  • Monitor your own network traffic from devices connected to your VPN.

VPN misconceptions

A common mistake is to think that using a VPN makes you anonymous. This could not be further from the truth.

A VPN may hide your IP address, yes, but the VPN operator knows your IP address and also the site’s which you are visiting.

Websites do not rely only on your IP address in order to track you. Browser fingerprinting is used which will most likely be unique to your browser and a VPN will not help here.

It could possibly be even worse for your privacy if you also have a DNS leak.

So in effect, using a VPN for anonymity is like switching your ISP for anonymity, its simply not going to work. If you want anonymity, then use Tor on safest mode.


Installing the VPN

We will be creating a wireguard VPN as wireguard has a tiny SLOC compared to OpenVPN, allowing for better code auditing and security. As well it is much faster and uses less resources than OpenVPN.

First

Boot up your raspberry pi and SSH into it.

Secondly

Install piVPN with the below commands.

  • curl -L https://install.piVPN.io | bash.
  • Select ok x 2.
  • Select no to DHCP reservation.
  • Then yes to using the current IP address.
  • ok.
  • ok.
  • Select your current user then ok.
  • Then select wireguard and ensure it is the only one selected, don’t select OpenVPN (use the space bar to do this).
  • no to needing to modify the default settings.
  • When asked for the port select 1194 then enter ok.
  • Then select the DNS provider which you wish to use and select ok.
  • Select Use this public IP then ok.
  • ok.
  • ok.
  • Then select yes to enabling unattended security patches then ok.
  • ok
  • Then select yes to rebooting then ok.

Adding a VPN user

A user can be added with the below command.

sudo piVPN add`

Once you have created your user you will need to send the users device the .conf file which is the details they need in order to connect to the VPN.

Wireguard will automatically read these from the .conf when importing.

The .conf will be at ~/user_name_here.conf.

Import the .conf into your wireguard client and now you have a working wireguard VPN connected to your home network!

Ben Armstead
Ben Armstead
Computer Science Undergraduate (Lancaster University)

I enjoy free software programming and learning about Linux.