Build Your Own Raspberry Pi VPN Server

In this tutorial, I will be going through the steps on how to set up a Raspberry Pi VPN server using the OpenVPN software.

Raspberry Pi VPN server

I will also go into setting up various things you must do to ensure that your connection is as secure as possible by setting up encryption keys.

This project can be a bit of a long process, but it is a relatively simple tutorial to follow, and shouldn’t require any extra interaction once it has been configured.

Using a Raspberry Pi is a cheap way of setting up a virtual private network (VPN) that can stay online 24/7 without consuming a large amount of power.

It’s small and powerful enough to handle a few connections at a time making it great for private use at home.

VPN’s are an incredibly useful network tool that can allow you to gain access to encrypted and secure internet traffic even when you are utilizing public Wi-Fi.

As an added bonus, you can also use it to allow yourself to connect to your own computer and access the home network. It allows your other devices that are located outside your local network to act as if they were on the local network of the VPN Server.

For example, if you had a network attached storage server that you wanted to access while away, then a VPN server will be extremely handy in achieving a secure way to access it.

Equipment List

Below are all the bits and pieces that I made use of for this Raspberry Pi VPN server tutorial, there is nothing super special that you will need to be able to complete this.

Recommended

Raspberry Pi

Micro SD Card or a SD card if you’re using an old version of the Pi.

Ethernet Cord or Wifi dongle (The Pi 3 has WiFi inbuilt)

Optional

Raspberry Pi Case

USB Keyboard

USB Mouse

Video

In the video below, we walk you through the process of setting up a VPN on our Raspberry Pi using the OpenVPN software.

If you run into any issues, be sure to check out the written version of our VPN guide below.

Adblock blocking the video? Support us by subscribing to our ad-free service.

Getting Prepared for your VPN server

Before we get started with setting up the Raspberry Pi VPN server there are a few things we must go over to ensure that you are ready to set it up and use it.

Firstly, for this tutorial, it’s important to know that I am using a clean version of Raspbian. If you haven’t installed it and would like to learn how then my guide on installing Raspbian is extremely handy if you’re new to all this.

For starters, make sure you actually do need a VPN before you start setting this up, as it can act as a gateway into your home network.

If you do intend on using a VPN make sure all the computers on your home network are secure, and that you aren’t sharing anything within your local network that you wouldn’t want someone gaining access to.

Preparing your VPN Server’s IP Address

It’s important to decide whether you are going to make use of a static IP address or a dynamic IP address, setting up a VPN for a static IP address is a rather simple process and requires no extra work.

However, if you want to utilize a dynamic IP address, you must make use of a dynamic DNS service.

If you choose to go down the dynamic DNS service route, then you should decide whether you want to make use of your own domain name or a free one.

If you want to make use of your own domain name, then you can use a service like CloudFlare, if you’re going to make use of a free subdomain then a service such as no-ip.org will be useful for you.

You can check out our guide on setting up your Raspberry Pi for Dynamic DNS for more information.

Remember the domain name that you set up for either Cloudflare or no-ip.org as you will need this later on in the tutorial.

Port Forward for your Raspberry Pi VPN

The third important thing that you will need to get done before you start setting up your Raspberry Pi is to port forward for the OpenVPN software.

The default port you need to forward is 1194. Remember the port you set as you will need this later on in the tutorial. The protocol you will have to make use of for this port is UDP.

If you are unsure on how to port forward on your router, we recommend looking your router up over on port forward.

Installing the VPN Server

1. Setting up a Raspberry Pi VPN Server can be quite a complicated process, normally you would have to install the software, generate the encryption keys, add the port to the firewall, set the Pi to keep a static IP address and much more.

Luckily for us, there is a much easier way to set up a Raspberry Pi VPN server thanks to an install script called PiVPN, this handles all the grunt work for setting up a VPN and reduces the potential for making mistakes.

Before we get started, we should first change the password of the default pi user, this is to ensure if someone managed to gain access to your VPN they wouldn’t be able to access your Raspberry Pi easily.

passwd

2. With the password changed we can begin the process of setting up our VPN server on the Raspberry Pi. We can begin this process by running the command below, this command downloads the install script from PiVPN’s GitHub page and runs it.

Normally running a script straight from a URL is a poor idea, as it can be an easy way for someone to gain access to your Raspberry Pi and do some serious damage.

However this is a trusted source that we have verified, if you want to check out the code yourself, just go to the location of the script.

curl -L https://install.pivpn.io | bash

3. Once you have run the above command, you should be met with the following screen. This screen will feature some text telling you that you are about to install OpenVPN.

To proceed to the next screen, you need to press the ENTER key.

PiVPN Installer Welcome Screen

4. The next screen explains that you will need to set up a static IP address for your VPN.

This is so that when the Raspberry Pi is restarted, it will try and use the same IP address. If the local IP changes, you could potentially lose access to your VPN.

PiVPN Static IP Address Required

5. You will now be asked if you are using a DHCP reservation on your router.

If you don’t know what DHCP reservation is or how to use it, select <No> to continue.

PiVPN Are you using DHCP Reservation

6. Here, select <Yes> to set the current IP address and gateway as static.

If you are unhappy with the IP address displayed on this page, then select <No>.

Allow PiVPN to set a Static IP address

7. This screen warns you that there is a chance your router will assign the IP address to another device.

You can use DHCP reservations to avoid this. However, most routers are smart enough to prevent the problem.

To continue, select <Ok> and press the ENTER key.

warning about IP Conflict

8. This screen explains that we will need to set a user that will own the OpenVPN configuration files.

Select <Ok> and press ENTER to go to the next screen.

Choose local user to hold config

9. We will be presented with a list of users who can own our Raspberry Pi’s VPN config files.

In this tutorial, we will be making use of the pi user. If you want to use another user, use the ARROW keys and SPACEBAR to select it.

Once you are happy with your selection, press the ENTER key to continue.

PiVPN Choose user for VPN config

10. You will now be asked to select what type of VPN you want to install on your Raspberry Pi.

The two choices are WireGuard and OpenVPN.

For this guide, we will be using OpenVPN on our Raspberry Pi (1.). Use the ARROW keys and the SPACEBAR to select it.

Once you have OpenVPN selected, press the ENTER key to continue (2.).

PiVPN Choose software type for VPN - OpenVPN

10. You can now decide whether you want to customize the installation of OpenVPN on your Raspberry Pi.

The setting chosen by the PiVPN team is best for most users. However, you can modify these if you like.

For our guide, we are going to stick with the default settings.

To continue, select <No>, then press the ENTER key.

PiVPN Select easy mode installation

11. Now we will be selecting the port that OpenVPN will operate through.

For this tutorial, we are going to stick with the default port of 1194. You should only change the port if you have a good reason to.

Once you have defined the port, select <Ok> and press ENTER.

Set default OpenVPN port

14. You will be asked to confirm the port that you set for your OpenVPN installation

If you are happy with the port you have chosen, then select <Yes> to continue.

Confirm OpenVPN Port Settings

15. The next step is to select a DNS provider. A DNS provider is what resolves a URL like https://pimylifeup.com into an IP address.

Within our guide, we will be making use of Cloudflare’s DNS servers. Cloudflare wipes their logs every 24 hours and does not track the querying IP address.

To select Cloudflare or another DNS provider, you will need to use the ARROW keys (1.).

Once you are hovering over the DNS provider you want, press the SPACEBAR key to select it.

Once you are happy that you have made the right choice, you can press the ENTER key to proceed.

PiVPN Select DNS Provider

16. You will need to decide whether you want to make use of your public IP Address or a DNS name.

If you are using a dynamic IP address, we recommend using the public DNS name option. You can follow our guide on setting up dynamic DNS on the Raspberry Pi if you need assistance with this.

As we are using a static public IP address, we will stick with using our public IP address for this guide.

You can change between options by using the ARROW keys. Once you have the one you want, press the SPACEBAR key to select it.

PiVPN Select Public IP Or DNS

17. This next step is just explaining to you that the PiVPN script is about to generate both the HMAC key and the server key.

These keys are part of what makes up the encryption part of your Raspberry Pi’s VPN.

Press the ENTER key to continue with the guide.

PiVPN Generating Server and HMAC keys

18. Now you will be presented with a simple explanation of unattended-upgrades.

This feature makes the Raspberry Pi OS automatically download security package updates daily.

Press the ENTER key to proceed to the actual configuration page for this setting.

PiVPN Message about enabling Unattended Upgrades

19. On this screen, we highly recommend that you enable unattended-upgrades by selecting <Yes>. Enabling this will ensure your Raspberry Pi should always have the latest packages.

Leaving this feature switched off can pose a significant security risk to your Raspberry Pi’s VPN and potentially your home network.

Once done, press the ENTER key to confirm your settings.

PiVPN Enable Unattended Upgrades

20. You have now completed the installation of OpenVPN on your Raspberry Pi.

While there are still a couple more things you will need to complete to allow connections, you are now about 90% through this setup guide.

PiVPN Installation Completed

21. We will now be greeted by a screen asking for us to reboot the Raspberry Pi.

Select the <Yes> option to the following two screens by pressing the ENTER key.

Rebooting your Raspberry Pi after installing OpenVPN is a crucial step.

Reboot Pi after PiVPN installation

Setting up your first OpenVPN User

1. Normally setting up a user for OpenVPN would be a painful process as you would have to generate the individual certificates for the user, luckily we can do this in one single command thanks to PiVPN.

To begin adding the user, run the following command:

sudo pivpn add

On this screen, you will need to enter a name for the client, and this name will act as an identifier so you can differentiate between different clients.

It will also ask you to set a password for the client, and it is important to make this something secure and not easy to guess as this will secure the encryption key.

So, if someone can guess the password easily, it severely reduces the security of your VPN.

Pivpn add

Once you press enter to these, the PiVPN script will tell Easy-RSA to generate the 2048-bit RSA private key for the client, and then store the file into /home/pi/ovpns.

/home/pi/ovpns is the folder we will have to gain access to in the next few steps so we can copy the generated file to our devices.

Make sure you keep these files safe as they are your only way of accessing your VPN.

2. Now that our new client has been set up for OpenVPN with our passphrase we will now need to get it to the device that we intend on connecting from.

The easiest way to do this is to make use of SFTP from within your home network.

Make sure you have a program such as FileZilla that can handle SFTP connections installed before continuing with this tutorial.

To get started, let’s log in to our Raspberry Pi over SFTP. Remember to type sftp:// in front of your Raspberry Pi’s IP address.

If you don’t have you Pi’s local address use the command hostname -I in the terminal.

Once you have entered your IP address, Username and Password, press the quick-connect button.

SFTP Details

3. Once you have successfully logged in, we need to look for the ovpns folder, as this is where the file we need will be located.

Once you have found the folder, double-click on it.

SFTP ovpns

4. Now, all we need to do is drag the .ovpn file you want to somewhere safe on your computer. This file contains the data that we will need to connect to the VPN so keep this file safe.

It is also the only way someone could potentially gain access to your VPN, so keeping the passphrase and the file secure is incredibly important.

If someone gains access to these, they could potentially cause some harm to your network.

SFTP ovpns download

5. Now we have the .opvn file on our device we can use this to make a connection to our VPN.

The .opvn file stores everything we need to make a secure connection. It contains the web address to connect to, and all the encryption data it needs.

The only thing it does not contain is your passphrase, so you will need to enter this when you connect to the VPN.

The client we are going to use is the official OpenVPN client, and you can obtain this from their official OpenVPN website.

Download and install this client, on its first run it will automatically minimize to the taskbar, right click on the icon, then select “Import file…”

OpenVPN GUI

6. You will be presented with a file explorer screen, in here go to where you saved the .opvn file from earlier.

Once you have found it, double-click the file to import into the OpenVPN client.

Select ovpn file

7. You should now be presented with a dialog telling you the file has been successfully imported into OpenVPN.

Just click the “OK” button to proceed.

Ovpn file imported successfully

8. Now right-click the OpenVPN client icon in the taskbar again, this time click the “Connect” button.

OpenVPN GUI 2

9. Now the OpenVPN client will attempt to read the data located in the .opvn file.

Since we have a passphrase set, it will now ask for you to enter the passphrase you set earlier on in this tutorial.

Once you are certain you have entered the correct passphrase, click the “OK” Button.

Ovpn enter password

10. The OpenVPN client will now attempt to connect to your Raspberry Pi’s VPN server. If the OpenVPN icon turns to a solid green, then it means that you have successfully connected into your VPN.

However, if it turns yellow and fails to turn green after 60 seconds that means something is causing the connection to fail.

In most cases the connection failure is caused by port forwarding issues, my router, for instance, has numerous issues with port forwarding.

It is easiest to google your router’s model number to try and find help on any issues you may face with port forwarding.

Some ISP’s (Internet Service Provider) also block specific ports, so it’s best to check that your ISP is not blocking the port you plan on using.

If you are using a dynamic DNS service, then make sure that the service is being correctly updated with your latest IP address if the IP address has changed, but the DNS setting hasn’t then it will cause the connection to fail.

Hopefully, by now, you will have a fully functional VPN that you’re able to connect to successfully.

Uninstalling the VPN from your Pi

1. If for some reason you want to remove your VPN from your Raspberry Pi you can simply utilize the following command on it.

This command will utilize the pivpn software to uninstall the VPN tunnel.

sudo pivpn uninstall

I hope that this tutorial has shown you how to set up a Raspberry Pi VPN Server and that you haven’t run into any issues. It’s certainly a great project for anyone who wishes to set up a cheap always-on VPN network.

If you have some feedback, tips or have come across any issues that you would like to share, then please don’t hesitate to leave a comment below.

52 Comments

  1. Avatar for S R
    S R on

    Gus – a fantastic guide, worked like a treat for a first time user of RPi.

    thank you very much!

    For the first time the connection on my Mac worked fine with tunnel blink as a client but now I am getting connection timeout each time on android and Mac devices. I have configured my virgin media router for port forwarding and enabled remote access.

    Any suggestions?

  2. Avatar for Alexey Rubinchyk
    Alexey Rubinchyk on

    Thank you guys for this tutorial! All fine, all working. Raspbian, Raspberry pi 3 model B.

  3. Avatar for Brodie
    Brodie on

    My pi will be installed behind a firewall that I cannot open a port forward. I would like to have the pi create the connection back to my computer (which is possible), yet still have my computer treat the pi as the internet gateway and thereby route all traffic via the pi. Is this possible?

  4. Avatar for incnorm
    incnorm on

    Does this handle both source and destination networks being on the same subnet?

    e.g. if my source network was 192.168.1.0/24 and the destination network (where the RPi VPN Server resides) is also 192.168.1.0/24, will this cause problems?

  5. Avatar for Clubeddie
    Clubeddie on

    I have installed this through thus great tutorial. It is working, i can connect with an android phone. The only issue is ghat i cannot internet through this connection. It won’t go outside my network.

    Anybody know how to solve this?

    1. Avatar for Hans
      Hans on

      Did you find any solution yet? I have exactly the same issue, I am able to access my homenetwork but browsing internet is not possible. Thank you in advance.

  6. Avatar for jim
    jim on

    This vpn pi server is working great, but I was wondering if there is a way to hide my ip address?

  7. Avatar for Ano
    Ano on

    If you have problems with step 2, try using ‘raw.githubusercontent.com/pivpn/pivpn/master/auto_install/install.sh’ instead of the ‘https://install.pivpn.io’ that they use.

  8. Avatar for Ben
    Ben on

    Is it possible you can tell me how to connect a raspberry pi to the VPN server? Please.

  9. Avatar for Rich
    Rich on

    I have tried a few different configurations. Using a static IP, not using one, using Google for DNS and trying my own, and on and on. It is fine on FB, Google, Youtube, but when I go to a news sites or Amazon or Ebay, nothing. It won’t work.

  10. Avatar for Patrick
    Patrick on

    Thank you for the excellent guide !! It works perfectly…
    I’ve got a question : I’d like to access to my wifi printer at home (connected on my local network) from outside using the VPN.
    How can I do that ?
    Thank in advance for your answer…

  11. Avatar for Gus
    Gus on

    Hi Gus! this is Gus 🙂

    I just wanted to say thank you very much for your guide ! was looking the whole day for a good solution for my raspberry as vpn server (tried docker containers) but none was so clear and effective like yours!

    Worked like a charm !

    Thanks a lot!
    Gus

  12. Avatar for Joseph Kezar
    Joseph Kezar on

    I can connect to the VPN and get a solid green icon in the taskbar. I cannot however access any resources on my home network. For instance, my home fileserver has a local IP of 192.168.0.100. Even though a private network is unroutable, should I be able to access this resource from the clientside of my VPN?

    1. Avatar for TGC tech
      TGC tech on

      I have the same problem on my Pi 1

    2. Avatar for Gus
      Gus on Editor

      I’ll look into this and see if I can find out what’s going on.

  13. Avatar for LethalBoar70923
    LethalBoar70923 on

    Hey Gus great tutorial! I wanted to make a video explaining how to do this but I thought I would ask for permission first.

    1. Avatar for Gus
      Gus on Editor

      Go for it.

  14. Avatar for Siamak
    Siamak on

    Hi Everyone,

    I have used this program to set my VPN Server not on a Raspberry Pi but on a Laptop using UBUNTU Server, works like a charm.

    One thing that I ran into was that when I chose the 4096 encryption, it did indeed took a long time to do it but I could not use the .ovpn file on my Smart phone, it worked on another laptop running windoze.

    I then reinstalled it with 2048 and works every where.

    Cheers

    Siamak

    P.S. I used the TCP and the port is 443 if I remember rightly.

  15. Avatar for tcow1015
    tcow1015 on

    Any chance of this working on a Pi 1 or a chip ( the little $9 thing that is similar in specs to a pi 1) because I have both a Pi 1 and a chip lying around that I would like to use for this project

    I am going to try anyway but just wanted to see if anyone has had success

    1. Avatar for tcow1015
      tcow1015 on

      it seems to have worked on my chip (I can connect to the VPN just fine) but is very slow and often fails to load sites, over all I would say it is an unusable experience

    2. Avatar for Rich
      Rich on

      This is an easy project and I have it working too, but it is unusable. Very slow.

      I’m using DNS and not a static IP. I wonder if that has something to do with it.

      Maybe I’m doing something wrong??

    3. Avatar for Gus
      Gus on Editor

      I haven’t tested it but can’t see why it wouldn’t work.

  16. Avatar for Karen
    Karen on

    Hi Gus. Thanks for doing this. Is the vpn code on the Pi always running, or do I need to start a program? Thanks.

  17. Avatar for henry isenberg
    henry isenberg on

    Hello Gus, Fantastic! Thank you! I will be working on this soon. Step 18, DNS providers. Do you have pluses and minuses for the other services than google? I am not a terrific fan of google and their watchful eyes. Henry

  18. Avatar for Jack Sweeney
    Jack Sweeney on

    Hay Gus, can you show us how to add Authy authentication to the server I tried but couldn’t login in. Here are the projects that Authy has made for this.
    https://www.authy.com/integrations/openvpn/
    https://github.com/authy/authy-openvpn

  19. Avatar for Joris
    Joris on

    Hey when i want to connect using filezilla i get “connection refused”, do i log in with my new made VPN account or my Pi acc ?

    1. Avatar for Joris
      Joris on

      Okay managed to fix that but u seem to have a different version of openVPN because there is no connect or import only settings!

    2. Avatar for joris
      joris on

      okay.. fixed that too but when i try to dowload the file it downloads it as a .xml and i cant change that. and even when i try to make te file a .opvn it wont connect 🙁

  20. Avatar for Jack Sweeney
    Jack Sweeney on

    If you are wanting to remove a user the command is “sudo pivpn revoke” and it will ask for the user u want to remove from a list. “sudo pivpn clients” shows current connected clients.

Leave a Reply

Your email address will not be published. Required fields are marked *