How to Set Up a VPN Server on Raspberry Pi?

What you'll need

• Raspberry Pi 4 or 5 (2 GB RAM is plenty) with a 32 GB+ microSD card
• Official Raspberry Pi power supply (5V/3A USB-C)
• Ethernet cable (Wi-Fi works but ethernet is faster and more stable)
• A static LAN IP or DHCP reservation on your router
• Optional: a free DuckDNS / No-IP hostname if you want to reach the Pi from outside your home

Step 1: Flash the OS and SSH in

1. Use the Raspberry Pi Imager to flash Raspberry Pi OS Lite (64-bit) onto the microSD card.
2. In the imager, click the gear icon to set a hostname, enable SSH with a password or key, and configure your Wi-Fi.
3. Boot the Pi, find its IP from your router, and SSH in: ssh pi@raspberrypi.local.
4. Update everything: sudo apt update && sudo apt full-upgrade -y.

Step 2: Run the PiVPN installer

PiVPN is a wrapper around WireGuard (and OpenVPN if you prefer). It handles the keys, the firewall, and the systemd service for you.

Run:

curl -L https://install.pivpn.io | bash

Follow the prompts. When it asks, pick WireGuard. It will set up UDP port 51820, generate server keys, and ask for a DNS provider (pick Cloudflare 1.1.1.1 or Quad9 9.9.9.9).

Step 3: Add a client

For each device you want to connect, run:

pivpn add

Give the client a name (e.g., iphone). It produces two files: a .conf file in /home/pi/configs and a QR code on screen.

• On iOS/Android: install the WireGuard app, tap "+ → Create from QR code", and scan the terminal output.
• On macOS/Windows/Linux: install the WireGuard client and import the .conf file.

Step 4: Make it reachable from outside (port forwarding)

Inside your home network, just point clients at the Pi's local IP. To connect when you're on the road, you need either:

• Port forwarding on your router: forward UDP 51820 to the Pi's local IP.
• Dynamic DNS: a hostname (e.g., myhome.duckdns.org) that updates whenever your public IP changes — DuckDNS is free.

PiVPN vs a paid provider