Wether you want to secure your connections while you are on a public wi-fi, with or without password, or you simple want to access resources on your home network a VPN connection is the way to go.

In this post i will help you setup your own vpn server in your home or office network using a cheap raspberry pi or home PC but it has to be on all the time, at least it must be up when you want to connect to it. So i do recomend the Raspberry pi it only consumes very litle eletricity like five to ten whats if you are using a external usb disk with a Raspberry pi 4. The raspberry 3 can consume as low as 2 to 3 watts when using the micro sd as storage, thats perfect to host our personal free VPN.

Setting up the IPs.

Local IP

If you didnt already do it, first you need that the internal ip of your Raspberry pi don change every time you boot it. To setup that you can go to google and search How to set it up its easy and fast.

External IP

Your external IP the public ip your ISP give you can change quite a lot so you need to setup a free DuckDNS account and create a custom domain for you like myvpnexample.duckdns.org so you can access you home network even if the ISP changes your public ip, we have a tutorial on doing that just check it out here Set up a Dynamic DNS ip with duckdns on a Linux system.

NAT Fowarding

You'll need a port open in your router's firewall so you can access from outside of your network otherwise your router should block the connection. This is router independent so you'll have to search how to do it in goole, just search "your routers manufacturer/ model and how to create a foward port rule" just make sure you point the rule to your Raspberry PI internalIP and port. Basicly you are telling your router to let the incomming conecction to that port to happen otherwise it will block the connection attempt (like it is suposed to do).

Is that safe?

Yes, its better to have only one port open and you securelly connect to your VPN and next after connecting to the VPN you can access whatever service tyou want in your local network, than having a port open for every service you want to access from outside. Like one port for SSH another for Plex or FTP or local WebServer, plex, NAS etc. Just make sure you only give access to your VPN people you trust. And secure the certificate PiVPN gives you with a good password and save the certificate somewhere and dont share it with anyone.

Ok lets setup PiVPN

Ok, so the easiest way to setup your own vpn its to use the PIVPN. Its like 1 line of a command.

First you need your raspberry pi up and running and then just get a open terminal and run the following command:

curl -L https://install.pivpn.io | bash

The first part of the command you download the install script from PiVPN page then the script will run for you in with the '| bash' part. PiVPN is a easy to use, open source setup and instalation of Openv-VPN or WireGuard with just a few setup lines you can get it running and have a free vpn running in your home network check more at https://pivpn.io and support their work if you can. PiVPN is made with raspberry pi in mind but i didnt have any problems to make it run in  a PC with any debian-based Linux distro Operating System.

After a few minutes you should be ready to create your first client. The client is used so you have some way to connect to your newly created VPN server. You simple issue the command:

pivpn -a

Then youll be prompt for a password and name for your client give a name like myphone and chose a good password for it. You should do that to every device you want to allow connecting to your vpn. Having that certificate text and the password gives access to your network, so keep it safe.

Now you can access your network on the run and use your home internet conection to access every site on internet You well have your home network public ip. Beside that you can access everything your raspberry pi can access on your network its like being on the street with a RJ45 cable plugged to your home or office router.

This is usefull to to use a public network even without WiFi password your connection to your home will be encrypted so noone in that public network can sniff your trafic. They can only see that you are connected to your home/ office.

Hope that the post is usefull and post a comment if you cant make it work or don't understand something.

Have fun with your private VPN, be safe and healthy.