Today we’re going to talk about how to turn your Raspberry Pi into a VPN server. Since you are reading this, you probably already know that you can do all sorts of cool stuff with a Raspberry Pi. But why turn a Pi into a VPN? For that matter, what the heck is a VPN exactly?
We’ll cover those topics here, along with a quick intro to the VPN protocols you can choose from, and instructions for getting your Raspberry Pi VPN server built.
What is a VPN?
In case you are coming from the “doing cool things with tiny computers” world instead of the “internet privacy and security” world, here’s a 1-minute intro to VPNs. A VPN (Virtual Private Network) is a system that protects your privacy while you communicate online. Using encryption technology, a VPN makes a portion of the public internet function like a private network. The VPN hides your IP address and location, while also giving you more privacy and security online.
A normal VPN, like NordVPN, consists of software that runs on your computer or smartphone, and hardware VPN servers located around the world. The software on your computer encrypts/decrypts traffic between your device and the VPN server.
The VPN servers are the interface between your device and the rest of the internet. They decrypt messages from your device, replace your IP address with their own, and pass the messages along to their destination on the internet. They also receive messages from the internet, encrypt them, and pass them along to your device.
The encrypted connection between your device and a VPN server is called the VPN tunnel.
Why would you want to turn a Raspberry Pi into a VPN server?
You would turn a Raspberry Pi into a VPN server if you wanted to get some of the benefits of a full-blown VPN service. By communicating with the internet through a Raspberry Pi VPN server, you will prevent your ISP from tracking your online activities. You will also be able to visit websites without exposing your real IP address and true location.
But be aware of what you won’t get. One of the big benefits of commercial VPN services is that they have hundreds to thousands of servers located in dozens of countries around the world. That huge collection of geographically-distributed VPN servers makes it possible to access geo-blocked content. In fact, using a VPN for streaming is becoming increasingly popular to access media sites like Netflix, Hulu, and Disney Plus from anywhere in the world.
Another big benefit of using a commercial VPN service over a Raspberry Pi VPN server is obscurity. When you use a commercial service, your online activities will be mixed with thousands of other users, and the exact physical VPN server you connect to will likely change frequently. With the Pi VPN server, all activity will be from your device, and it will all flow through the Pi VPN server. This means you will not be blending in with a crowd of other people behind the same IP address.
Raspberry Pi VPN server prerequisites
The hardware requirements for this project are minimal. You’ll need to provide:
- A Raspberry Pi
- The Raspberry Pi power supply
- An SD card
Optional hardware includes:
- A Raspberry Pi case
- A USB keyboard and mouse
The only hardware requirements for Raspberry Pi VPN server are a Raspberry Pi, a power supply, and an SD card.
To get the most value out of your Raspberry Pi VPN server, you’ll want to consider two system additions. These are:
- A DHCP reservation
- A Dynamic DNS service
Consider setting up a DHCP reservation for your Raspberry Pi if your router supports them. Normally, the IP address of each device on your network will change every so often. While this doesn’t matter during normal use, it does matter for this project. If the IP address of your Raspberry Pi changes on your home network, you’ll have to look it up every time you try to use your VPN server.
A DHCP reservation is a solution to the problem. By configuring your router to always assign the same network IP address to your Pi, you can avoid the recurring hassle of looking up that address all the time. This is a router setting, and the steps vary from manufacturer to manufacturer. If you follow your router’s instruction manual, you should be able to complete the task very quickly.
Dynamic DNS service
Let’s assume that you have your Raspberry Pi connected to your home network and you want to use it while you are away from home. You can log into your home network using a remote desktop program, then connect to the website or other resource through that.
This approach works fine, except for one thing. You need to have an IP address on your home network exposed to the internet so you can run the remote desktop. And remember that the IP addresses on your home network can change at any time.
A Dynamic DNS service provides an easy-to-remember domain name, which updates with each IP address change. You’ll need to configure this on your router and possibly pay a fee for the service, but it could be worth it. Once you set this up, you will be able to log into the same domain all the time, without worrying about what the underlying IP address is.
OpenVPN or WireGuard
You have one more decision to make before getting started: OpenVPN or WireGuard. These are the VPN protocols you can use on your Raspberry Pi. In simple terms, a VPN protocol is a set of rules for transmitting data along with standards for the types of encryption used to make the data secure.
OpenVPN has been the industry standard VPN protocol for several years. It is private, secure, and reasonably fast. But it is very complex consisting of around 400,000 lines of code. This makes it hard to maintain and offers lots of areas for hackers to try and crack the code. It also does not do very well on mobile devices.
WireGuard is the new kid on the VPN protocol block. It is much faster than OpenVPN, and uses the latest in encryption. It is also much simpler than OpenVPN, requiring 4,000 lines of code instead of the 400,000 lines in OpenVPN. It should be much easier for coders to maintain, and much harder for hackers to attack than OpenVPN. WireGuard also offers the best reliability on mobile devices and can transition between different network interfaces without dropping a connection.
Note: We have an in-depth OpenVPN vs WireGuard guide that examines these topics in more detail.
One possible drawback of WireGuard is that it stores the IP addresses of users on the server. Commercial VPNs that keep no logs of user activity have to take steps to deal with this when they support WireGuard. But we don’t see this as a drawback for this project. This is a personal project to gain some of the benefits of a commercial VPN without subscribing to one.
If you are concerned about a government agency subpoenaing data about your online activities, or a hacker breaking into your Raspberry Pi, or federal agents physically seizing your Raspberry Pi to see if you are the one using it to do stuff online, then this project isn’t for you. Otherwise, don’t sweat the fact that your IP address will appear in the Raspberry Pi VPN server sitting on your desk at home.
How to turn a Raspberry Pi into a VPN server
With all that preliminary stuff out of the way, it is time to see how to get this project built. But before we start, let’s be clear. This is not an attempt to give you detailed instructions to complete the project. We’re not going to be telling you to open a command prompt and enter commands like this:
curl -L https://install.pivpn.io | bash
We’re not hard-core Raspberry Pi people. We don’t know all the ins and outs of these little devices well enough to do so safely. Besides, there is no way we’re going to be able to keep this article up to date with all the new Linux updates and Pi versions that keep popping up.
Instead, we’re going to give you all the high-level steps, and leave it up to you (or other Pi experts) to know exactly how to implement those steps on this version of the Pi, running this version of Linux, and so on. So let’s get started:
- Install PiVPN on your Raspberry Pi. Hint: The example command from before, “curl -L https://install.pivpn.io | bash” could come in handy here.
- Run PiVPN.
- Tell PiVPN whether you set up a static address (a DHCP reservation).
- Choose between OpenVPN or WireGuard.
- Select a communication protocol. UDP is recommended for OpenVPN and required for WireGuard.
- Set the VPN port. The default OpenVPN port is 1194. The default WireGuard port is 51820.
- Set the DNS provider. If you set up a dynamic DNS you will enter that here. If not, you will need to specify a DNS service to use. An internet search for the phrase “secure DNS providers” will give you lots of options.
- If using OpenVPN, select the Enable OpenVPN 2.5 features option unless some Apps you’re using don’t support them.
- If PiVPN presents them, follow the steps for creating a security certificate and configuration file.
- Using the instructions for your router, forward the VPN port to the internal IP address of your Raspberry Pi VPN server. Remember, this is port 1194 for OpenVPN and 51820 for WireGuard.
Your Raspberry Pi VPN server should now be ready to go.
Adding a VPN client
While the Raspberry Pi is now set to function as a VPN server, you still need a VPN client (VPN app) to connect to the server.
OpenVPN provides OpenVPN Connect clients you can install on whichever devices you plan to connect to your Pi VPN server.
WireGuard also provides clients for the leading operating systems.
An alternative approach to using your Raspberry Pi with a VPN
We started this article from the premise that your goal was to turn your Raspberry Pi into a VPN server. But now that we’ve gone through all the things you need to do to make that happen, you might want to consider a different approach. Instead of turning your Raspberry Pi into a VPN server, it might make more sense to use your Raspberry Pi as a computer, and connect it to a full-strength commercial VPN service.
Going this route would free up your Raspberry Pi for other projects, and provide faster speeds, more privacy, and better security for connecting to the internet at the same time. All three of our top VPN services provide VPN clients that can run on a Raspberry Pi, giving it the benefit of world-class online privacy and security.
All three of these services are fast and reliable, plus they offer 24/7 live chat support and a 30 day money back guarantee so you have plenty of time to test them out.
1. NordVPN for Raspberry PI
|Logs||No logs (audited)|
|Support||24/7 Live chat|
NordVPN is our top-ranked VPN service. When running the WireGuard protocol, it has turned in the fastest test results we’ve ever seen. You can connect your Raspberry Pi (and other devices) to the NordVPN network of over 5,500 serves using either the OpenVPN or NordLynx (NordVPN WireGuard protocol implementation) VPN protocols.
2. Surfshark VPN on Raspberry Pi
|Based in||British Virgin Islands|
|Support||24/7 Live chat|
Surfshark recently moved into the #2 spot in our VPN testing and evaluations. It is almost as fast as NordVPN, and offers its own unique benefits including a super low price and the ability to connect an unlimited number of devices to their network simultaneously.
Both Surfshark and NordVPN support the WireGuard VPN protocol, which is great if you value speed. Surfshark also offers some extra add-on features, including a private search engine and an identity theft alert service. Our Surfshark review has more info, or you can just visit the site below.
3. ExpressVPN with Raspberry Pi
|Based in||British Virgin Islands|
|Logs||No logs (audited)|
|Support||24/7 Live chat|
ExpressVPN is a perennial leader in most VPN categories. It offers secure and user-friendly apps, a large network of global servers, full support for streaming services, and excellent support.
We have long been testing (and recommending) ExpressVPN and it is also a solid choice VPN for Raspberry Pi. In the performance category, it offers above-average speeds, but still came out in second place in our ExpressVPN vs NordVPN comparison.
You can get more info in our ExpressVPN review — or check out the website below.
Conclusion on Raspberry Pi VPNs
Turning a Raspberry Pi into your own personal VPN server is a great project. It can provide you with some of the benefits of using a commercial VPN service, without having to subscribe to one. At the same time, a Raspberry Pi VPN server is limited in what it can do for you.
If your #1 goal is to put that spare Raspberry Pi to work improving your online privacy and security, that’s great. But if your #1 goal is to get the maximum privacy and security in this spy-filled world, then you should consider investing in one of the VPN services we listed above. After all, there will always be more projects you can run on your Raspberry Pi.