Glittering Generality

Internet and privacy – these two should always go together.

Internet

Set Up Your Own VPN at Home With Raspberry Pi! (noob-friendly)

Set Up Your Own VPN at Home With Raspberry Pi! (noob-friendly)

So if there's anything that Iunderstood about my audience in the past 3 or so years of running this channel is that you guys really seem to like my VPN videos the 2 of my videos about VPN seem to get the most attention on my channel with a huge margin and, well, I like attention So here I am back with another banger I guess So a lot of you guys asked me inthe comments on those 2 VPN videos:.

“Wolfgang, look, I don't trust thoseVPN companies and VPS companies. I don't want to spend my hardearned dollars every month to pay for some kind of a VPS or VPN service. Can't I just host VPN at home,in the comfort of my own house?” and the answer to thatquestion is “Well, it depends”. So let's talk real quick about whypeople use VPNs in the first place. Here are some of the mostcommon use cases for a VPN: Getting access to your home or corporatenetwork securely while being somewhere else Protecting yourself in a hostile or anunsecured network on an airport or café Wi-Fi.

Or in some cases avoidingtracking and surveillance by a malicious ISP at school or at work Tricking websites into thinking that you'rein a different country to get access to some kind of a gear restricted content Circumventing censorship andgetting access to stuff that is normally blocked by your ISP or your government And last but not least piracy – downloading illegal stuffin countries where doing that on your normal ISP connection would getyou a hefty fine or a warning.

Now obviously, those are not allthings that you can use a VPN for, because if I listed all the usedcases you'd be sitting here all day. But basically one thing that iscommon about all of those cases is that people usually use a VPNto pretend they're somewhere else …for many reasons. And if you want to host your VPN at home it will be useful for you only when you need to pretendthat you're at home… Does that make sense?.

For example, you want to be outand about somewhere in the café and you want to connect tothe unsecured Wi-Fi hotspot and if you don't quite trustthe network you're connecting to you can just establish a securedencrypted tunnel to your own house to browse the internet safelyas though you were at home. And of course if you havea homelab or a home server you can get access to all ofyour local services securely without the need of exposing them to the Internet. This setup might also come in handy foryou if you often travel to countries.

Where you can't torrent or visit certain websites or maybe if you want to watch yourlocal TV shows while you're abroad. So all of that begs thequestion: Why not just use a VPN? Well first of all: no monthly costs. The only thing you need to pay isthe upfront cost for the hardware. I'll be using a Raspberry Pi here and itcosts about $60 with all the accessories but we'll also talk about cheaperalternatives later in the video. The second reason is that youdon't have to trust any third party if you watched some of myprevious videos about VPNs.

You know my opinions about VPNproviders, they can be pretty sketchy but in this case you areliterally your own VPN provider. As long as you trust your ISP more than youtrust a random unsecured network in a café, you're good to go. And then last but not least,accessing your local services securely while you're on the go I already mentioned that one so Iwon't be going too much in depth here. Now let's talk about the requirements So, what are you going to need for this project.

First of all you need basic technical skills We won't be doing any PHDlevel nuclear science here, but you will need some basic knowledgeof, you know, using a computer, some Google-Fu and basic problem solving skills. A lot of people in thecomments have been asking me “Look, Wolfgang, is there like a way, for likeless technically savvy people to do all of that?” and unfortunately that's just the entryprice you have to pay for that kind of stuff. You can either get yourself a VPNservice subscription and have no insight at what's going on behind the curtains,.

Or who's getting your data where it goes to, etc. or you can spend some timeand do everything yourself and yes it might be technically challenging but you do get some kind of a control overwhat you do and where your data goes to I'll keep this tutorial as simple as possibleand the video will be divided into chapters and you can use the YouTube speed settingif i'm going a little bit too fast for you and I will also include a text versionof this guide in the video description so make sure you take a look atthat if you like this format better All in all, I think it's a cool weekend projectand definitely a good learning experience.

So let's talk about the technical requirements now First thing you'll need is adedicated Internet connection and access to your router's admin panel if you're connected to the publicWi-Fi in your student dorm, unfortunately that's just not going to work. Then you'll need an ISP that isokay with you hosting stuff at home Here in Germany, where I live, most of theISPs will let you host stuff at home just fine Except for the mail for some reason A lot of ISPs are blocking theport 25 for outgoing mail here.

But in other countries some ISPs might put yourInternet connection behind a shared IP address and only offer a dedicatedIP address as a business service or something they have to pay for extra If you want an easy way to knowwhether your ISP is dedicated or shared you can go to website like whoer.net and seeif it maybe says that you're behind a proxy If it does, that's a pretty good indicator thatyour PC won't be accessible from the Internet so that tutorial is not goingto work for you, unfortunately You'll also need a router that supportsa function called “Port Forwarding” The easiest way to check is open your browserand go to your router's administration panel.

(Usually something like 192.168.0.1 or 1.1) and look for a function called “Port Forwarding” I've had about 4 routers here in Germany,and they all support that function One more thing that you'll need is a computerthat will basically live in your house and be on 24/7 It doesn't have to be super powerful or beefy if you have like an old laptop or a netbook,laying around, that will do just fine. For this tutorial though, I'll usea tiny computer called Raspberry Pi I'm sure that a lot of you are familiar with it.

It's small, relatively cheap, andhas a very low power consumption You can even run it off ofsolar energy if you want Do keep in mind that apart from the board itself, you also need a power adapterand at least an 8GB microSD card I wouldn't cheap out on microSDcards because, you know, inexpensive microSD cards from Aliexpresstend to break much faster than, you know, the brand ones from Kingston, Transcendand other brands, so do keep that in mind. Optionally if you do have a monitor akeyboard and a mouse somewhere in the house I would suggest buying a microHDMI to HDMI adapter.

That way you can connect your RaspberryPi directly to your monitor keyboard and mouse and it'll be a little bit easier to set up But if you don't have a monitor or aTV that supports HDMI that's okay too, we'll go over the whole setupprocess later in the video. You'll also need an Ethernetcable and a microSD card reader if your computer doesn't already have that one Otherwise if you don't pay a lot forelectricity where you live and you don't care about the place the computer takes or the noiseyou can take whatever you have laying around, just make sure it has Ethernet port and thatit's capable of running 64-bit operating systems.

That being said, I will only be covering thesetup process for Raspberry Pi in this video. But do let me know in the comments if you'dlike to see a separate video on this topic, on how to set up a VPN on a regularcomputer, such as a laptop or a netbook. Now with all the requirements and disclaimersout of the way, let's get started! First thing we need to do is downloadthe operating system for our Raspberry Pi Depending on whether you'resetting it up with a monitor or without one you can downloadeither Raspberry Pi OS Desktop which looks like that or Raspberry PiOS Lite which looks kind of like that If you're doing it with a monitor or TV though.

The former has a benefit of being ableto open a browser and copy commands from my handy dandy text guide which I'll put in the video description down below Now I must say that Raspberry PiOS is a bit controversial and got into a bit of trouble lately for includingMicrosoft's repositories in the installation So if you're a die-hard Linux veteran and youdon't want to contaminate your home network with the evil Microsoft softwarefeel free to choose something else Personally, I can recommend Ubuntu MATE or”Mate” if you prefer as a solid alternative Next thing we need to do is download Etcher.

Etcher is a tool that will help us write the operating system that we justdownloaded to the micro SD card I chose Etcher because it runson Windows, Linux and macOS but if you have some other tool that you prefer,such as dd or Rufus, you can use that instead After you have both Etcher andRaspberry Pi on your computer you can now insert the microSDcard into your computer Then, launch Etcher, choose the RaspberryPi OS image that you just downloaded, select your microSD card and click “Flash” This is going to take some time so feel free tograb a cup of coffee or tea while you're waiting.

After the flashing is done you'll see anew volume in “This PC” menu called “boot” Go to that volume, create a new text file, and call it “ssh”.Be careful! It's not “ssh.txt”, it's”ssh”, without any extension. To do that, you need to have the “Hideextensions for known file types” option disabled in the File Explorer options. With that done, you can now ejectthe microSD card from your computer Now put the SD card into the Raspberry Pi, plug your Ethernet cable intothe router, and into the board.

Then finally plug the USB Type-C cable into it In case you want to set up yourRaspberry Pi with a monitor, you also need to plug in the monitor, thekeyboard and the mouse into it at this point So once you've booted your Raspberry Pi up, youwill be presented with a very nice setup wizard which will actually let you skipa huge portion of this video Just follow the instructions on thescreen and reboot your Pi when asked And now you can skip to thistimecode. See you there! Now you need to wait for about a couple ofminutes while your little computer is booting up and then let's open the browser again andgo to the router's administration panel.

Go to the page that lists all thedevices connected to the network and there it is! Just copy the IPaddress of the Raspberry Pi here Now we need to open the command line interface On Mac and Linux it’s called Terminal, and onWindows we're going to be using PowerShell. That's really the only difference for us, since we're only going to be usingit to talk to our Raspberry Pi so if you're in Windows, go to thestart menu and search for PowerShell open it and type this command:”ssh [email protected] [and here paste the IP of the Raspberry Pi]”.

You can use Cmd+C as usual on Mac, on Linux youcan use Ctrl+Shift+C or sometimes Ctrl+Alt+C and on Windows just right click on theterminal and it's going to paste the text Answer yes to the next question andtype “raspberry” when asked for password The password won't be shown on the screen not even the asterisks or, like, circles and that applies to all the password fields in the Linux command lineinterface, so don't worry about it First thing we need to do, is change thedefault password to something more secure We won't be exposing a RaspberryPi to the internet per se,.

So you'll only be able toaccess it from your house because of that I won't be going in depthabout advanced SSH login security in this video but if you're interested you cancheck out this tutorial of mine where I discuss differentmethods of securing remote access So in order to change the password,you need to type “passwd”, type your current password (“raspberry”) and then type your new password twice And that's it! Next thing we're going to do is update our.

Operating system to all thelatest versions of software For that, type “sudo aptupdate && sudo apt upgrade” this will take a few minutesdepending on your internet speed and meanwhile you can make yourself another tea,stare at the blinking lights on the Raspberry Pi, or sing some sea shanties After the installation is complete and you see the green command prompt again type “sudo reboot” to reboot the board. Now that we're done with the initial preparations.

We need to get ourselves a dynamic DNS hostname. The thing is, unless you're usinga business broadband connection your external IP address is not static it changes every week or so. IP addresses work pretty much in thesame way as physical addresses work so let's say you have a house in New Yorkand are waiting for an important letter But then next week you have tomove to, let's say Los Angeles how can you be sure that you get that letter? well you set up a mail forwarding service,which gets all the letters for you.

And forwards them to your current address. A dynamic DNS service is kind of a mailforwarding service, but for computers. Now there are a lot of DDNS providers out there, some of them free, some ofthem with a subscription plan. For this tutorial, I'll be using afree plan from freedns.afraid.org That being said, you can use any service you want I am not endorsing any particular one and the only reason I chose freedns.afraid.org is because that's the first freedynamic DNS service I've found on Google.

That doesn't have any weird limitations After registering in a website andactivating your account via email, click on the “add a subdomain” Here the things that we need to change are Subdomain, just put whatever you wanthere, I'm going to put “wolfgangsvpn”. Domain, there are a few funny domain names here to choose from and I decidedto go with “crabdance.com” Destination, by default is going tohave your current IP address in there but we need to change it to 0.0.0.0.

That way we'll be able to test if ourdynamic IP assignment software actually works after that, type in theCaptcha, and click on “Save!”. Now we need to log back toour Raspberry Pi by typing “ssh [email protected][the ip address]”in PowerShell or terminal You can also just press the up arrow key and that will give you thelast command you entered Next enter the password that we created earlier Now we need to install a pieceof software called ddclient for that type “sudo apt installddclient” and press Enter.

It's going to ask you for a lot of things, just pretend you don't know anythingby tapping enter until it gives up Now we need to tell ddclientwhich address it needs to update for that type “sudo nano /etc/ddclient.conf” let's just delete all of thoselines and replace them with this convenient template that you canfind in my text guide in the description here we need to replace several things: “login” and “password”, replace themwith your afraid.org credentials and “somedomain.moo.org”, replace itwith the domain name that you chose.

After that is done, press Ctrl+O tosave the file and Ctrl+X to exit. Another file that we need toedit is “/etc/default/ddclient” here we need to change everything to “false” except for this option, “run_daemon”, this one we need to change to “true” Once that's done, Ctrl+O, Ctrl+X Now that all the configuration is done let's restart the ddclient service byusing “sudo systemctl restart ddclient” and see what it's been up to by typing”sudo systemctl status ddclient”.

As you can see it actuallysays “FAILED” in all caps but if you go back to our browser andrefresh the page with our subdomain you'll see that 0.0.0.0 changedto our actual real IP address which means it worked. Finally let's make sure thatddclient starts automatically every time we power our Raspberry Pi on,by typing “sudo systemctl enable ddclient” Now one last thing that we need todo before actually setting up the VPN is making sure that our VPN is accessiblefrom the outside of the home network for that go to your router's admin page.

And go to the port forwarding settings on FritzBox routers it's called”Permit Access” for some reason. What we need to do here isadd another device for sharing Here on most routers you'll beable to pick a device from a list so I'm going to pick Raspberry Pi here. Then we need to create a new port forwarding entry Here in the field “Application” I'mgoing to select “Other application” and for the name let's enter “WireGuard” For the protocol, make sure to select “UDP”.

And as for the port we needto forward the port 51820 on a lot of routers you'll need to select2 ports, so “from” port and “to” port just select 51820 in both, and then make surethat Internet access is allowed via IPv4 and IPv6 Then apply the settings and that's it! As usual with computers the hardest partof a project is often preparing for it Now we're finally ready toactually install and set up our VPN and this is really the easiest part of the video to set it up we're going to beusing a WireGuard install script from the Github user Nyr.

I've been using this script in mypersonal machines for a few months and it's really solid andreliable like a clockwork Let's copy this command from the Github page Go back to our terminal and paste it. As you can see, this commandactually needs root privileges to run so we need to type “sudobash wireguard-install.sh” The script is going to ask us for thehostname that we want to use for the VPN: type your dynamic DNS domainthat we created earlier For client name just put any name you want.

And for “DNS” this is kind of personal preference I like to use the third option, 1.1.1.1 so if you're unsure just use that, and that's it! Let's just press F here and theinstallation is going to begin So as you can see, theWireguard VPN is now installed and we have a big beautiful QRcode right here on the screen which we're going to use toconnect to our VPN from the phone Now you can simply download the WireGuardapplication from App Store or Google Play launch the app and click on the “+” button.

Here choose “From a QR code”and scan the code on the screen And that's it! Now you might want to ask”why test it on a phone?” “Why not just use the same computerthat we're using to set everything up?” Well, the catch 22 here is that we can'ttest our VPN on the home network because …we're already on the home network So what I'm going to do now is I'mgoing to turn off the Wi-Fi on my phone and then try to connect to ourVPN on the cellular network to see if my IP changes.

As you can see afterconnecting to the WireGuard VPN I can now see the IP of myhome internet connection and since I'm technically browsingthe Internet from my house I can now access all of my selfhostednetwork services as though I were home And that's it! Now connecting to our home baked VPN froma computer requires a few additional steps First we need to move the configurationfiles to our home directory For that, log in to the Raspberry Pifrom the terminal, and type “sudo su”, Enter and then “cp /root/*.conf /home/pi”.

Next we need to create a folder for allof our WireGuard configuration files Now let's go to that folder, hold”Shift”, right click on the empty space and click “Open PowerShell window here” Here you can press the Up arrow key,replace “ssh” with “sftp”, and press Enter After you've entered the password, you can nowcopy all the configuration files to your machine for that type “get *.conf” and press Enter. Now that we're done here, let's typeexit and close the PowerShell windows. WireGuard VPN is cross-platform, meaningyou can use it on Windows, Linux and macOS For Windows, we need to download this file,.

Click on the executable, and now we'reready to install our configuration file Launch WireGuard from the Start menu, andpress “Add tunnel configuration from a file” Now, I'm going to create a Wi-Fi hotspot onmy phone and connect to it on my computer and try to connect to the VPN And as you can see, after refreshing the page,my IP changes to the IP of my home network And there you go, that's howyou set up a VPN at home! Thank you for watching thisvideo, I hope it was helpful If you have any questions, do not hesitateto leave them down below in the comments And as usual, I want to thank my Patreons,the people who support this channel.

People such as Tim, Mitchell Valentino,Ray Perea, and many many others. Thank you guys for watching, onceagain, and I'll see you in the next one! Goodbye!

Share this post

About the author

13 comments

  1. TIMESTAMPS
    0:00​ Introduction
    0:42​ Common VPN use cases
    1:29​ Use cases for a selhofsted VPN
    2:15​ Why not just use a VPN service?
    2:56​ What skills will you need for this project
    3:57​ Technical requirements
    6:38​ TUTORIAL START – Downloading and installing Raspberry Pi
    8:18​ Initial setup
    8:40​ For monitor users
    8:56​ For "headless" users
    10:47​ Dynamic DNS
    13:59​ Port forwarding
    14:51​ Installing Wireguard VPN
    15:43​ Connecting to the VPN from a smartphone
    16:38​ Connecting to the VPN from a PC
    17:57​ Outro

  2. Hi, Wolfgang, great video, thanks, but could you please answer a (bit silly, but for me personally confusing) question. Let's suppose I've established personal VPN server home. Do I got it right that it won't provide me an access to content, blocked in my country (beacuse it is still connected to the same network that all of my devices, that has no access to these resources)? Thanks a lot.

  3. when i click refresh on the subdomain page it does not change the ip automatically, get caught with this error " file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = '' " thoughts?

  4. Wait….. in the dynamic dns section (starts at 10:47), I don’t understand, why do you have to install and run ddclient? Since you are using the ddns service through “afraid” shouldn’t they be the ones updating the ip address for the domain name? Or am i understanding this all wrong? Can someone please answer?…….

  5. Question, You use Fritz so your in germany. If you have a wirelessly bridged set up because your main is upstairs running plex or something like that but your ISP is downstairs since you only have one DSL port in the house. Where do you hook up the pi? I mean I would love to automate and fix things when I'm not home so I would say ISP, but I want to Automate my server remotely if it goes down. do I need to pies one for each or if i connect it to isp will it cover everything? Only reason i ask is as you know fritz is 192.16.178 where as even if i went off the router in my set up being a xxx.xxx.1.1 It's on a VLAN port anyway off the switch so technically isnt on the 192.168.178 hope I don't sound too crazy or dumb. Thank you in advance!

  6. I am running Apache on Debian Bullseye on my RPi 4b with 4GB RAM. It gets VERY little traffic as this is just a personal site. Can I run Wireguard on the same RPi without it being bogged down?

Leave a Reply

Your email address will not be published. Required fields are marked *

en_USEnglish