Installing PiVPN with WireGuard
A VPN allows you to connect to local devices on your home network from external networks, while keeping your devices hidden from the internet. PiVPN developers were inspired by PiHole to create an easy to setup step-by-step installation of WireGuard and OpenVPN server on your Pi. To set up PiVPN with WireGuard on the same Pi as the PiHole —
- Set up port forwarding on your router for a port that will be used for the VPN connection. The default WireGuard port is 51820, but for higher security, it’s recommended to forward a non-standard port.
- Connect to your Pi using
ssh firstname.lastname@example.org.Then the following command will take you through a step-by-step installation of PiVPN—
curl -L https://install.pivpn.io | bash
During the setup, select the WireGuard option on the “Installation Mode” page.
- Set up the WireGuard port to the port number that was forwarded on your router.
- If you would like to use PiHole DNS for your VPN traffic, PiVPN automatically detects the PiHole installation and gives you the option to select PiHole DNS for your VPN traffic. Select the option if desired.
- After the server installation is complete, reboot the Pi.
- After the server is set up on your Pi, you’ll need to create VPN clients to use on devices that you would use to connect to the VPN server.
Connect to your Pi using
Then create a client using
pivpn addwhich will create a
- To use VPN on a Windows/Mac/Linux client, download the
.conffile using scp/sftp/Cyberduck. For example, on my Macbook, I used
scp email@example.com:configs/yourClientName.conf .You can then connect to the VPN server using the WireGuard GUI client for your Windows/Mac.
To use VPN on a mobile device, the process is even easier using QR codes. You can generate a QR code using
pivpn -qrfor the client, and add the client to the device on the WireGuard app using the QR code option in the app and the camera on your device.
- That’s it, you are done! Just connect to VPN from your client and you will be able to access your local devices, like your NAS, backup disk, PiHole web dashboard or the Pi using SSH, from any external network.
To test if everything is working as intended, connect a device to an external network like your mobile internet and connect to the VPN server. Then try to open a page available only on your home network like your router admin page (
192.168.1.254 for my AT&T router).
If you selected the option to use PiHole as the DNS, to test if VPN traffic is being routed through your PiHole, look for queries from your VPN connected devices on the PiHole web dashboard (generally shown as
clientname.pivpn), or go to a website like http://thepcspy.com/blockadblock .