Today we’re going to talk about how to turn your Raspberry Pi into a VPN server. Since you are reading this, you probably already know that you can do all sorts of cool stuff with a Raspberry Pi. But why turn a Pi into a VPN? For that matter, what the heck is a VPN exactly?
We’ll cover those topics here, along with a quick intro to the VPN protocols you can choose from, and instructions for getting your Raspberry Pi VPN server built.
What is a VPN?
In case you are coming from the “doing cool things with tiny computers” world instead of the “internet privacy and security” world, here’s a 1-minute intro to VPNs. A VPN (Virtual Private Network) is a system that protects your privacy while you communicate online. Using encryption technology, a VPN makes a portion of the public internet function like a private network. The VPN hides your IP address and location, while also giving you more privacy and security online.
A normal VPN, like NordVPN, consists of software that runs on your computer or smartphone, and hardware VPN servers located around the world. The software on your computer encrypts/decrypts traffic between your device and the VPN server.
The VPN servers are the interface between your device and the rest of the internet. They decrypt messages from your device, replace your IP address with their own, and pass the messages along to their destination on the internet. They also receive messages from the internet, encrypt them, and pass them along to your device.
The encrypted connection between your device and a VPN server is called the VPN tunnel.
Why would you want to turn a Raspberry Pi into a VPN server?
You would turn a Raspberry Pi into a VPN server if you wanted to get some of the benefits of a full-blown VPN service. By communicating with the internet through a Raspberry Pi VPN server, you will prevent your ISP from tracking your online activities. You will also be able to visit websites without exposing your real IP address and true location.
But be aware of what you won’t get. One of the big benefits of commercial VPN services is that they have hundreds to thousands of servers located in dozens of countries around the world. That huge collection of geographically-distributed VPN servers makes it possible to access geo-blocked content. In fact, using a VPN for streaming is becoming increasingly popular to access media sites like Netflix, Hulu, and Disney Plus from anywhere in the world.
Another big benefit of using a commercial VPN service over a Raspberry Pi VPN server is obscurity. When you use a commercial service, your online activities will be mixed with thousands of other users, and the exact physical VPN server you connect to will likely change frequently. With the Pi VPN server, all activity will be from your device, and it will all flow through the Pi VPN server. This means you will not be blending in with a crowd of other people behind the same IP address.
Raspberry Pi VPN server prerequisites
The hardware requirements for this project are minimal. You’ll need to provide:
- A Raspberry Pi
- The Raspberry Pi power supply
- An SD card
Optional hardware includes:
- A Raspberry Pi case
- A USB keyboard and mouse
The only hardware requirements for Raspberry Pi VPN server are a Raspberry Pi, a power supply, and an SD card.
To get the most value out of your Raspberry Pi VPN server, you’ll want to consider two system additions. These are:
- A DHCP reservation
- A Dynamic DNS service
DHCP reservation
Consider setting up a DHCP reservation for your Raspberry Pi if your router supports them. Normally, the IP address of each device on your network will change every so often. While this doesn’t matter during normal use, it does matter for this project. If the IP address of your Raspberry Pi changes on your home network, you’ll have to look it up every time you try to use your VPN server.
A DHCP reservation is a solution to the problem. By configuring your router to always assign the same network IP address to your Pi, you can avoid the recurring hassle of looking up that address all the time. This is a router setting, and the steps vary from manufacturer to manufacturer. If you follow your router’s instruction manual, you should be able to complete the task very quickly.
Dynamic DNS service
Let’s assume that you have your Raspberry Pi connected to your home network and you want to use it while you are away from home. You can log into your home network using a remote desktop program, then connect to the website or other resource through that.
This approach works fine, except for one thing. You need to have an IP address on your home network exposed to the internet so you can run the remote desktop. And remember that the IP addresses on your home network can change at any time.
A Dynamic DNS service provides an easy-to-remember domain name, which updates with each IP address change. You’ll need to configure this on your router and possibly pay a fee for the service, but it could be worth it. Once you set this up, you will be able to log into the same domain all the time, without worrying about what the underlying IP address is.
OpenVPN or WireGuard
You have one more decision to make before getting started: OpenVPN or WireGuard. These are the VPN protocols you can use on your Raspberry Pi. In simple terms, a VPN protocol is a set of rules for transmitting data along with standards for the types of encryption used to make the data secure.
OpenVPN has been the industry standard VPN protocol for several years. It is private, secure, and reasonably fast. But it is very complex consisting of around 400,000 lines of code. This makes it hard to maintain and offers lots of areas for hackers to try and crack the code. It also does not do very well on mobile devices.
WireGuard is the new kid on the VPN protocol block. It is much faster than OpenVPN, and uses the latest in encryption. It is also much simpler than OpenVPN, requiring 4,000 lines of code instead of the 400,000 lines in OpenVPN. It should be much easier for coders to maintain, and much harder for hackers to attack than OpenVPN. WireGuard also offers the best reliability on mobile devices and can transition between different network interfaces without dropping a connection.
Note: We have an in-depth OpenVPN vs WireGuard guide that examines these topics in more detail.
One possible drawback of WireGuard is that it stores the IP addresses of users on the server. Commercial VPNs that keep no logs of user activity have to take steps to deal with this when they support WireGuard. But we don’t see this as a drawback for this project. This is a personal project to gain some of the benefits of a commercial VPN without subscribing to one.
If you are concerned about a government agency subpoenaing data about your online activities, or a hacker breaking into your Raspberry Pi, or federal agents physically seizing your Raspberry Pi to see if you are the one using it to do stuff online, then this project isn’t for you. Otherwise, don’t sweat the fact that your IP address will appear in the Raspberry Pi VPN server sitting on your desk at home.
How to turn a Raspberry Pi into a VPN server
With all that preliminary stuff out of the way, it is time to see how to get this project built. But before we start, let’s be clear. This is not an attempt to give you detailed instructions to complete the project. We’re not going to be telling you to open a command prompt and enter commands like this:
curl -L https://install.pivpn.io | bash
We’re not hard-core Raspberry Pi people. We don’t know all the ins and outs of these little devices well enough to do so safely. Besides, there is no way we’re going to be able to keep this article up to date with all the new Linux updates and Pi versions that keep popping up.
Instead, we’re going to give you all the high-level steps, and leave it up to you (or other Pi experts) to know exactly how to implement those steps on this version of the Pi, running this version of Linux, and so on. So let’s get started:
- Install PiVPN on your Raspberry Pi. Hint: The example command from before, “curl -L https://install.pivpn.io | bash” could come in handy here.
- Run PiVPN.
- Tell PiVPN whether you set up a static address (a DHCP reservation).
- Choose between OpenVPN or WireGuard.
- Select a communication protocol. UDP is recommended for OpenVPN and required for WireGuard.
- Set the VPN port. The default OpenVPN port is 1194. The default WireGuard port is 51820.
- Set the DNS provider. If you set up a dynamic DNS you will enter that here. If not, you will need to specify a DNS service to use. An internet search for the phrase “secure DNS providers” will give you lots of options.
- If using OpenVPN, select the Enable OpenVPN 2.5 features option unless some Apps you’re using don’t support them.
- If PiVPN presents them, follow the steps for creating a security certificate and configuration file.
- Using the instructions for your router, forward the VPN port to the internal IP address of your Raspberry Pi VPN server. Remember, this is port 1194 for OpenVPN and 51820 for WireGuard.
Your Raspberry Pi VPN server should now be ready to go.
Adding a VPN client
While the Raspberry Pi is now set to function as a VPN server, you still need a VPN client (VPN app) to connect to the server.
OpenVPN provides OpenVPN Connect clients you can install on whichever devices you plan to connect to your Pi VPN server.
WireGuard also provides clients for the leading operating systems.
An alternative approach to using your Raspberry Pi with a VPN
We started this article from the premise that your goal was to turn your Raspberry Pi into a VPN server. But now that we’ve gone through all the things you need to do to make that happen, you might want to consider a different approach. Instead of turning your Raspberry Pi into a VPN server, it might make more sense to use your Raspberry Pi as a computer, and connect it to a full-strength commercial VPN service.
Going this route would free up your Raspberry Pi for other projects, and provide faster speeds, more privacy, and better security for connecting to the internet at the same time. All three of our top VPN services provide VPN clients that can run on a Raspberry Pi, giving it the benefit of world-class online privacy and security.
All three of these services are fast and reliable, plus they offer 24/7 live chat support and a 30 day money back guarantee so you have plenty of time to test them out.
NordVPN for Raspberry PI
VPN | NordVPN |
Based in | Panama |
Logs | No logs (audited) |
Price | $3.29/mo. |
Support | 24/7 live chat |
Refund | 30 days |
Website | NordVPN.com |
NordVPN is our top-ranked VPN service. When running the WireGuard protocol, it has turned in the fastest test results we’ve ever seen. You can connect your Raspberry Pi (and other devices) to the NordVPN network of over 5,100 servers (spread across 60 countries) using either the OpenVPN or NordLynx protocols. (NordLynx is NordVPN’s own implementation of the WireGuard VPN protocol.)
NordVPN’s website has lots of information and tutorial guides. We also discuss setup and test results in our NordVPN review.
Aside from Raspberry Pi, there are many other types of devices you can use with NordVPN. First, NordVPN has custom apps for Windows, Mac OS, Linux, Android, and iOS. Additionally, NordVPN offers various solutions for other devices such as Smart TVs, TV boxes, and even gaming systems.
NordVPN also scores well in the privacy and security categories. This VPN has passed independent audits for both privacy and security. All NordVPN servers run in RAM-disk mode, which ensures no data can ever be stored on a server. NordVPN also has a CyberSec feature to block ads, trackers, and malware domains through the VPN app via DNS filtering.
For the best savings on NordVPN, use the coupon below:
NordVPN’s Cyber Deal is live:
Get 63% Off NordVPN plus an additional 3 months FREE:
(Coupon is applied automatically.)
See our NordVPN review for more information and test results.
Surfshark VPN on Raspberry Pi
VPN | Surfshark |
Based in | The Netherlands |
Logs | No logs |
Price | $2.30/mo. |
Support | 24/7 live chat |
Refund | 30 days |
Website | Surfshark.com |
Surfshark recently moved into the #2 spot in our VPN testing and evaluations. It is almost as fast as NordVPN, and offers its own unique benefits including a super low price and the ability to connect an unlimited number of devices to their network simultaneously.
Both Surfshark and NordVPN support the WireGuard VPN protocol, which is great if you value speed. Surfshark also offers some extra add-on features, including a private search engine and an identity theft alert service.
Surfshark also does well with privacy and security. Like NordVPN, they offer a VPN ad blocking feature that works through the VPN apps. Surfshark also has an ad blocking feature and an obfuscation feature (Camouflage mode) to get through VPN blocks or restricted networks.
Surfshark VPN Coupon:
Get 82% off Surfshark VPN (drops the price down to $2.30 per month) plus 2 months FREE:
(Coupon is applied automatically.)
Our Surfshark review has more info.
ExpressVPN with Raspberry Pi
VPN | ExpressVPN |
Based in | British Virgin Islands |
Logs | No logs (audited) |
Price | $6.67/mo. |
Support | 24/7 live chat |
Refund | 30 days |
Website | ExpressVPN.com |
ExpressVPN is a perennial leader in most VPN categories. It offers secure and user-friendly apps, a large network of global servers, full support for streaming services, and excellent support.
We have long been testing (and recommending) ExpressVPN and it is also a solid choice VPN for Raspberry Pi. In the performance category, it offers above-average speeds, but still came out in second place in our ExpressVPN vs NordVPN comparison.
ExpressVPN does well in nearly every use case, from streaming to privacy and security. It offers custom VPN apps for all major operating systems and devices, and even has an app if you want to use a VPN with Firestick or Fire TV.
You can get more info in our ExpressVPN review — or check out the website below.
Raspberry Pi VPN Comparison Table
Turning a Raspberry Pi into your own personal VPN server is a great project. It can provide you with some of the benefits of using a commercial VPN service, without having to subscribe to one. At the same time, a Raspberry Pi VPN server is limited in what it can do for you.
If your #1 goal is to put that spare Raspberry Pi to work improving your online privacy and security, that’s great. But if your #1 goal is to get the maximum privacy and security in this spy-filled world, then you should consider investing in one of the VPN services we listed above. After all, there will always be more projects you can run on your Raspberry Pi.
And as a recap, here are the best VPNs to use on your Raspberry Pi:
This Raspberry Pi VPN guide was last updated on July 20, 2022.
UPDATE for readers:
NordVPN is running a Christmas sale with 3 months free.
A much easier approach is to work with the onboard VPN clients in Windows and Apple.
See here for a easy solution:
[https://administrator.pro/contentid/1769120412]
I’ll be doing this once my raspberry pi comes in. Also want to order another to use for a security system. Will I be able to save my camera footage on a external hard drive?
Hi Heinrich RP Team,
This was a fun article. May I comment that “doing cool things with tiny computers” and “internet privacy and security,” are not mutually exclusive – though I agree the above is not a rounded privacy solution, I do believe playing with tech in a safe manner is good for education and education is good for privacy.
Regards,
BoBeX
You bring up valid points. It would be placing the trust in the ISP which is probably a bad idea in most countries.
I did read most of the article. Very informative and thorough, but as Mirmir touched upon. It a huge effort if you don’t have a particular interest or need for that kind of privacy/anonymity.
I agree that pervasive surveillance is a threat to both individual freedoms and can be a concerning factor which can be a invaluable tool for potential totalitarian regimes.
I feel like the web is broken. Don’t know if it’s repairable. Maybe start from scratch. Not to mention all the misuse of such technology that have no valid reason, or in many cases not even legal.
I wish most people would actually care about their privacy, but the way things have been going it seems that no scandal is big enough to be remembered for more that 15 minutes.
There are of course some passionate individuals, such as yourself, but I don’t know if it will be enough to make the internet a democratic and decentralized place.
I’m thinking if we’re really going accomplish something like that we need a complete and always verifiable chain of trust. With things like intel ME, and the gods know what else, we’re already compromised at the ground level.
Not to mention using macOS or Windows. Not that I have anything against those OS’s, but it’s not exactly a secret that they collect massive amounts of data from their users.
They are really convenient and often very useful. Just like our sensor filled pocket computers. But if every user was explained in every detail what data is collected and in every way it can be used i don’t think it would go down very well with most people.
There will be no riots before the next dictator or group of wrong people come to power. Any opposition will be stopped once an algorithm predicts from big data that a given group or individual is likely to be a problem. I’m starting to get out there now.. But in all seriousness, in a worst case scenario this is not a totally unrealistic fear.
Yes, such methods can of course be used for catching the bad guys, and probably has prevented all sorts horrible things and international conflicts etc. But with that kind of power.. you know what follows.
Bottom line, I belive that as long as most people get bored or don’t care or understand the potential long-term dangers of sharing everything and not protecting their privacy then nothing will change.
I’ve seen it many times, people who understand it also, It’s just to much. It’s a everchanging environment that demands constant learning to combat. So what to do?
These days I will be plenty satisfied if I can have privacy. Anonymity is a thing of the past.
Read this.
I’m not sure I agree with advising people to use commercial VPN services. I would say it’s better to use your own VPN server, while it doesn’t obfuscate your traffic, it will let you have full control over the server. A commercial VPN is no better than their promise. Which is no more than that. A faceless logo with a promise that many VPN providers have broken. Doesn’t matter if their company is registered outside the eyes if they have servers in countries who watch.
If you’re a journalist with sensitive info or someone who needs anonymity you better use a computer that is not connected to you, in a place not connected to and don’t carry any wireless device connected to you.
“better to use your own VPN server”
Bad idea. If you have a VPN server in your home, all traffic downstream of your own VPN server will be monitored and recorded by your ISP, which is collecting all data and handing it to whoever wants it. This is reality in the US, Canada, and much of Europe. So you literally have zero privacy with your own VPN. Additionally, everything you do on your own server is getting tied back to you and your identity. Your traffic is not getting mixed with others. And your ISP of course knows your identity, address, etc.
If you have your own VPS server that you turn into a VPN server, again, all traffic is still linked back to your identity, which the server host knows. Your traffic is not getting mixed with other users, so everything goes back to you.
“A commercial VPN is no better than their promise”
First of all, there are verified no logs VPN services that have been audited by trustworthy third parties, verifying both security and the privacy guarantees (no logs). This gives you a very high level of confidence if your VPN has passed multiple audits and operates from a safe overseas jurisdiction where it can’t be compelled to log data for Uncle Sam.
Another benefit is you get your traffic mixed with other VPN users on that same server. This allows you to further blend in with the crowd.
Lastly, there are ways to use multiple VPNs at the same time, thereby distributing trust across different providers. For example, using a VPN on a router and a different VPN on your desktop computer.
Supposing I would manage to install a Rasperry Pi VPN-Server, how safe is that?
I mean that VPN-Server has an ip-address that belongs to my local network (like 192….), wouldn’t that mean that my normal ip-address is included in the data stream to access the VPN server? Hence, my ip-address would be trackable.
That makes me think that this is rather a solution for external users than for me.
Correct?
Thank you for publishing this excellent article!
oct
How can I access my PiHole remotley without exposing my home network ISP IP?
On my network i have my router which has a VPN client connected to Mullvad which all my netqork traffic goes through including PiHole. The only way I can access my PiHole remotley is by exposing my home networks ISP provided IP address. How can I access my PiHole remotley without exposing my ISP IP?