TC
Troy’s Tech Corner
build tech2026-02-1620 min

Build a Personal VPN Server with Raspberry Pi: Complete Guide

Create your own VPN server to securely access your home network from anywhere in the world. Browse safely on public Wi-Fi, access files on your home network remotely, and bypass geo-restrictions—all without monthly subscription fees.

What You're Building

A personal VPN server that:

  • Encrypts all your internet traffic
  • Lets you access home network remotely
  • Protects you on public Wi-Fi
  • Appears as if you're browsing from home (bypass geo-blocks)
  • Works on phone, laptop, tablet
  • No monthly fees (unlike commercial VPNs)
  • You control all your data
  • Supports multiple devices and users

Difficulty: ⭐⭐ Easy Time Required: 1-2 hours Cost: $35-55 (one-time) Monthly Savings: $5-15 vs. commercial VPN

What You'll Need

Required Components

Raspberry Pi

Storage

Network

  • Ethernet cable (highly recommended)
  • Reliable internet connection
  • Router with port forwarding capability

Power

  • Official Raspberry Pi power supply
  • Stable power critical for 24/7 operation

Case

UPS (Uninterruptible Power Supply)

  • Small UPS – Keeps VPN running during power blips
  • Prevents corruption from unexpected shutdowns

VPN Protocol Choice: WireGuard vs OpenVPN

We'll use WireGuard - it's newer, faster, and simpler than OpenVPN.

WireGuard: ✅ Faster speeds ✅ Better battery life on mobile ✅ Simpler configuration ✅ Modern cryptography ✅ Easier troubleshooting

OpenVPN:

  • Older, more widely supported
  • More configuration options
  • Better for restrictive networks
  • Still available if you prefer it

This guide uses WireGuard via PiVPN (makes setup easy).

How a VPN Works

Without VPN: Your Device → Internet → Website (Anyone on network can see your traffic)

With VPN: Your Device → Encrypted Tunnel → Your Home → Internet → Website (Traffic encrypted, appears to come from your home)

Use cases:

  • Coffee shop Wi-Fi? Encrypted and safe
  • Hotel network? Protected from snooping
  • Traveling abroad? Access home services
  • Avoid ISP tracking? Routes through your home

Step-by-Step Setup Guide

Step 1: Install Raspberry Pi OS

Using Raspberry Pi Imager:

  1. Download from raspberrypi.com/software
  2. Choose OS: Raspberry Pi OS Lite (64-bit)
  3. Configure settings (gear icon):
    • Hostname: vpn-server
    • Enable SSH
    • Set username and password
    • Configure Wi-Fi (but use ethernet!)
    • Set locale
  4. Write to SD card

Step 2: Boot and Initial Setup

  1. Insert SD card in Pi
  2. Connect ethernet cable
  3. Power on Pi
  4. Find Pi's IP address (check router or use ssh vpn-server.local)

SSH into Pi:

ssh username@vpn-server.local
# or
ssh username@192.168.1.50

Update system:

sudo apt update
sudo apt upgrade -y

Step 3: Install PiVPN

PiVPN is an automated installer that handles everything.

Run installer:

curl -L https://install.pivpn.io | bash

Installation wizard:

  1. Welcome screen → OK
  2. Static IP warning → OK (we'll configure this)
  3. Static IP configuration:
    • Choose interface (eth0 for ethernet)
    • Note current IP (e.g., 192.168.1.50)
    • Set as static: Yes
  4. User selection → Choose your username
  5. Protocol choice → WireGuard (recommended)
  6. Default WireGuard port → 51820 (keep default)
  7. DNS provider:
    • Cloudflare (fast, privacy-focused) ← Recommended
    • Google (fast, logs data)
    • OpenDNS (reliable)
    • Pi-hole (if you have one running)
  8. Public IP or DNS:
    • Use your public IP (if static)
    • OR use Dynamic DNS service (if IP changes)
  9. Enable unattended upgrades → Yes (security updates)
  10. Installation completes → Reboot: Yes

Wait 2-3 minutes for installation and reboot.

Step 4: Set Up Static IP on Router

Your Pi needs a consistent local IP address.

Option 1: DHCP Reservation (Recommended)

  1. Log into your router admin panel
  2. Find DHCP settings or LAN settings
  3. Locate your Pi in connected devices
  4. Reserve/assign static IP (e.g., 192.168.1.50)
  5. Save settings

Option 2: Configure on Pi (if router doesn't support it)

  • Already done during PiVPN installation
  • Pi will use same IP every time

Step 5: Port Forwarding

Critical step! Your router must forward VPN traffic to your Pi.

Configure port forwarding on router:

  1. Log into router admin panel
  2. Find "Port Forwarding" or "Virtual Server" settings
  3. Create new rule:
    • Service/Name: WireGuard or VPN
    • Protocol: UDP
    • External Port: 51820
    • Internal IP: Your Pi's IP (192.168.1.50)
    • Internal Port: 51820
  4. Save and apply settings

Test port is open (from external network):

  • Visit: canyouseeme.org
  • Enter port 51820
  • Should show "Success" (may need to create client first)

Step 6: Get Your Public IP Address

Find your home's public IP:

curl ifconfig.me

Example: 203.0.113.45

If your IP changes (dynamic IP):

  • Set up Dynamic DNS (DDNS)
  • Free services: No-IP, DuckDNS, Dynu
  • Update PiVPN config with DDNS hostname

Step 7: Create VPN Client

Create client for your device:

pivpn add

Follow prompts:

  1. Enter name for this client (e.g., "iphone", "laptop")
  2. Enter valid number of days (default 1080 is ~3 years)
  3. QR code displays (for mobile devices)

Output:

  • QR code for mobile scanning
  • Config file saved: /home/username/configs/clientname.conf

Create multiple clients:

pivpn add
# Repeat for each device

Step 8: Install Client Apps

Mobile (iPhone/Android):

  1. Install "WireGuard" app from App Store/Play Store
  2. Open app → Add Tunnel → Scan QR code
  3. Scan QR code displayed during pivpn add
  4. Toggle on to connect

Computer (Windows/Mac/Linux):

  1. Download WireGuard client from wireguard.com/install
  2. Install application
  3. Transfer config file from Pi to computer: 
    # On your computer
scp username@192.168.1.50:~/configs/laptop.conf ~/Downloads/
  4. Open WireGuard app → Import tunnel from file
  5. Select the .conf file
  6. Activate tunnel

Step 9: Test VPN Connection

From mobile/computer:

  1. Connect to cellular data or different network (NOT your home Wi-Fi)
  2. Enable VPN in WireGuard app
  3. Should connect within 1-2 seconds
  4. Visit: whatismyip.com
  5. Should show your HOME IP address, not your current location

Test DNS:

nslookup google.com

Should use the DNS provider you selected during setup.

Test local network access:

  • Try accessing local network devices
  • Example: http://192.168.1.1 (router admin)

PiVPN Management Commands

Useful commands:

# Add new client
pivpn add

# List all clients
pivpn list
pivpn -c  # Show connected clients

# Remove client
pivpn remove

# Regenerate QR code
pivpn -qr clientname

# Show stats
pivpn -d

# Backup configs
pivpn backup

# Update PiVPN
pivpn update

# Debug issues
pivpn debug

Dynamic DNS Setup (If Your IP Changes)

If you don't have static IP from ISP:

Option 1: DuckDNS (Free, Easy)

  1. Create account: duckdns.org
  2. Create subdomain: yourhome.duckdns.org
  3. Get token from dashboard
  4. Install DuckDNS on Pi:
mkdir ~/duckdns
cd ~/duckdns
nano duck.sh

Add:

echo url="https://www.duckdns.org/update?domains=yourhome&token=YOUR_TOKEN&ip=" | curl -k -o ~/duckdns/duck.log -K -

Make executable and schedule:

chmod 700 duck.sh
crontab -e

Add line:

*/5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1

Update PiVPN config:

sudo nano /etc/pivpn/wireguard/setupVars.conf

Change pivpnHOST to your DuckDNS domain.

Security Best Practices

Strengthen security:

1. Change default SSH port:

sudo nano /etc/ssh/sshd_config
# Change: Port 22 → Port 2222
sudo systemctl restart ssh

2. Disable password authentication (use SSH keys):

sudo nano /etc/ssh/sshd_config
# Set: PasswordAuthentication no

3. Enable firewall:

sudo apt install ufw
sudo ufw allow 51820/udp
sudo ufw allow 22/tcp  # Or your custom SSH port
sudo ufw enable

4. Keep system updated:

# Automatic updates enabled during install
# Manual update anytime:
sudo apt update && sudo apt upgrade -y

5. Monitor logs:

sudo journalctl -u wg-quick@wg0

Advanced Configuration

Split Tunneling

Route only specific traffic through VPN:

Edit client config file:

[Interface]
PrivateKey = ...
Address = 10.6.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = ...
Endpoint = yourhome.duckdns.org:51820
# Only route home network through VPN
AllowedIPs = 192.168.1.0/24
# Or route everything except local:
# AllowedIPs = 0.0.0.0/1, 128.0.0.0/1

Access Local Services

Access Pi-hole, NAS, or other services:

Just connect to VPN, then access by local IP:

  • Pi-hole: http://192.168.1.50/admin
  • NAS: http://192.168.1.100
  • Security camera: http://192.168.1.25

Multiple Users

Create clients for family members:

pivpn add
# Name: dad-phone
pivpn add
# Name: mom-laptop
pivpn add
# Name: kid-tablet

Each gets own config/QR code.

View who's connected:

pivpn -c

Bandwidth Monitoring

Monitor VPN usage:

# Install vnStat
sudo apt install vnstat
sudo vnstat -i wg0

Shows data transferred through VPN.

Troubleshooting

Can't Connect to VPN

Check list:

  1. Pi is powered on and connected to network
  2. Port forwarding configured correctly (UDP 51820)
  3. Public IP hasn't changed (use DDNS if dynamic)
  4. Client config has correct endpoint
  5. Firewall on router not blocking UDP 51820

Test from Pi:

# Check WireGuard status
sudo wg show

# Check if port is listening
sudo netstat -tulpn | grep 51820

VPN Connects but No Internet

Solutions:

# Check IP forwarding enabled
cat /proc/sys/net/ipv4/ip_forward
# Should show: 1

# If not, enable:
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Slow VPN Speeds

Optimize performance:

  1. Use ethernet on Pi (not Wi-Fi)
  2. Upgrade internet connection (VPN limited by upload speed)
  3. Pi 4 faster than Pi 3 for encryption
  4. Check server CPU: top (shouldn't be maxed)
  5. Reduce MTU in client config: 
    MTU = 1420

Public IP Changed

If using static IP and it changed:

  1. Find new IP: curl ifconfig.me
  2. Update client configs with new endpoint
  3. Or set up DDNS (see above)

Lost Client Config

Regenerate QR code:

pivpn -qr clientname

Or transfer config again:

cat ~/configs/clientname.conf

Performance Considerations

Expected speeds:

Raspberry Pi 4:

  • Upload: 80-100 Mbps
  • Download: 200+ Mbps
  • Good for most home internet

Raspberry Pi 3:

  • Upload: 40-60 Mbps
  • Download: 100-150 Mbps
  • Adequate for standard use

Bottleneck is usually your home upload speed, not the Pi.

When to Use Your VPN

Always use:

  • Public Wi-Fi (coffee shops, hotels, airports)
  • Unsecured networks
  • When accessing home network remotely

Consider using:

  • Avoid ISP throttling
  • Access geo-restricted content (from your home region)
  • Extra privacy layer

May not need:

  • Already on secure home network
  • Using HTTPS sites on trusted network
  • When speed is critical (adds slight overhead)

Commercial VPN vs Personal VPN

Your Pi VPN: ✅ No monthly fees ✅ You control all data ✅ Access home network ✅ Appears from your home location ❌ Limited to your home IP ❌ No server location choice ❌ Limited by home upload speed

Commercial VPN: ✅ Multiple server locations ✅ Often faster speeds ✅ Professional infrastructure ❌ Monthly fees ($5-15) ❌ Trust third party with data ❌ Can't access home network

Use both: Commercial for privacy/speed, personal for home access!

Backup and Disaster Recovery

Backup configs:

pivpn backup
# Creates tar.gz with all configs

Store backup safely:

  • Copy to USB drive
  • Upload to cloud (encrypted)
  • Print QR codes (old school but works!)

Restore after crash:

  1. Reinstall PiVPN
  2. Restore backup
  3. Clients reconnect with same configs

Integration with Other Projects

Combine with:

Pi-hole: Filter ads even when away from home NAS: Access files remotely and securely Home Assistant: Control smart home from anywhere Security cameras: View footage remotely

Just connect to VPN first, then access local services!

Cost Comparison

Personal VPN (One-time):

  • Raspberry Pi 4: $35-55
  • microSD card: $10-15
  • Case + power: $15-20
  • Total: ~$60-90 one-time

vs. Commercial VPN (Ongoing):

  • NordVPN: $11.99/month
  • ExpressVPN: $12.95/month
  • Private Internet Access: $9.95/month
  • Cost: $120-156 per year

Savings Year 1: $30-95 Savings Year 2+: $120-156 annually

What's Next?

Enhance your VPN:

  • Set up redundant VPN (second Pi)
  • Add Pi-hole for network-wide ad blocking
  • Configure split tunneling per-app
  • Create guest VPN network
  • Monitor with Grafana dashboard

Resources

Official:

  • PiVPN: pivpn.io
  • WireGuard: wireguard.com

Communities:

  • r/pivpn
  • r/wireguard
  • r/raspberry_pi

Help:

  • PiVPN issues: github.com/pivpn/pivpn/issues

Final Thoughts

A personal VPN server is one of the most practical Pi projects:

Daily use - Actually use it regularly ✅ Saves money - No monthly VPN fees ✅ Privacy - You control your data ✅ Secure - Protect yourself on public Wi-Fi ✅ Access home - Reach home network anywhere ✅ Set and forget - Runs 24/7 reliably

Perfect for frequent travelers, remote workers, or anyone who values privacy and security!

Ready to build your personal VPN? Follow this guide for secure, private internet access anywhere!

Enjoyed this guide?

Get more beginner-friendly tech explanations and guides sent to your inbox.

No spam. Unsubscribe at any time. We respect your privacy.

Related Guides

build tech

Build Your Own Voice Assistant with Raspberry Pi: DIY Alexa Alternative

Learn how to create your own privacy-focused voice assistant using Raspberry Pi. Complete tutorial covering wake word detection, speech recognition, smart home control, and custom skills - all without sending data to big tech companies.

build tech

Build an Ambient Lighting System with Raspberry Pi: Smart LED Control Guide

Learn how to create intelligent ambient lighting with Raspberry Pi and addressable LEDs. Complete tutorial covering setup, programming, music sync, smart home integration, and creating stunning lighting effects.

build tech

Build a Minecraft Server with Raspberry Pi: Complete Setup Guide

Learn how to create your own Minecraft server using Raspberry Pi. Complete tutorial covering server installation, performance optimization, world management, and supporting multiple players for endless creative fun.