Raspberry Pi as a VPN router before my router? Want all my home traffic running through Wireguard VPN.
I finally got Wireguard running on my Pi3 as a Gateway to my VPN provider for devices on certain VLANs. The rest of my home network uses my normal IP.
Not much, if any, in throughput gain. I’m at about 50Mbps and the same when I had it configured with OpenVPN. Could be my provider so not a true test but speeds have been consistent so far. But keep that in mind because you may find you don’t want all your traffic going though it and saturating the max throughput and slowing your network down. In my use, it’s more than enough for the devices that I do have connected to it.
I used dietpi (https://dietpi.com/) on my Raspberry Pi 4GB. It’s running many things in addition to wireguard (namely, emby, jellyfin, deluge, nzbget, radarr, sonarr, jackett, lidarr, etc etc etc). My Raspberry Pi is in Texas, and I’m currently in Germany. There is a ton of egress filtering in Europe that blocks VPN services, so I have my Raspberry Pi running on UDP port 53… which is pretty much never blocked.
So despite many ISPs, hotels, etc, in europe blocking VPNs, I’m able to connect to my wireguard VPN in texas without issue.
Anyway, Dietpi is great if you want it to host a lot of headless network services quickly, efficiently, and with zero bloat. It makes installation, setup, and uninstallation of such services extremely easy… and for the most part, its wireguard implementation “just works”.
You could just flash your router with the supported OpenWRT which includes WireGuard and would save you a load of hassle.
My first concern would be, if I can’t figure out how to get this set up on my router now what makes me think I can do it on the Pi? It looks like a lot of SSH stuff that is really intimidating for me.
There will be a learning curve for you to go through, but its worth it. Read the documentation carefully, it is almost invariably correct. If you don’t understand something post in the OpenWRT forums. Write down (better copy and paste into a text document) exactly what you type and the output it produces as this is invaluable when trouble shooting.
Fortunately, the install for wireguard is pretty light. You don’t need super in depth knowledge of linux or networking. And if you mess up wireguard you can just uninstall and start over.
If you’re really worried about, boot up whatever OS Pi uses in virtualbox and tinker with it there first.
Have you looked at using Pantahub One? It offers a good Wireguard combined with a Wifi Hotspot experience so you can connect your devices to the Pi rather than the router.
Hi,
I have a Pi3 and would like to achieve this.
WG server + Pihole already running on a VPS and devices are connected to it when not at home.
I’d like the Pi3 to act as a WG peer (client) but also a gateway for the router, so the whole DNS requests go through it, and so I can access my home network.
I guess everything lies in the way ‘gateway’ part of the configuration of the Pi.
Do you have any guide?
Thanks in advance.
I have no idea what any of that other stuff is except Emby/Jellyfin. I have Emby running on my QNAP NAS. What is the benefit of running it on the Pi vs a NAS?
I looked in to that. I don’t think my 86U is supported at all, if I’m reading right, and the 68U I think maybe isn’t supported all the way. Maybe there is a way to install it but I couldn’t get it last night.
You can follow this guide.
https://mgnk.it/2019/03/raspberry-pi-as-a-vpn-gateway-using-wireguard/
Once you have a connection, you can change the gateway of devices to point to the Pi (important to set a static IP). For devices that you can’t change the gateway ip you’re going to have to set some policy based routing on your router like I did using specific VLAN, but you can use static ips and point to those devices. While difficult to do based on the router you’re using, it makes it easy since you can connect any devices to that VLAN (I have a hidden wireless SSID that connects devices to that VLAN) and hardwired devices are just managed at the switch port level.
I don’t have a QNAP NAS to run it on. That’s the advantage for me (i mean, i’m sure there are others, such as raw flexibility…but I’m not familiar with the NAS enough to comment).
I run all of those services (including the VPN) on my raspberry pi so that I have a single linux server to work on, configure, and occasionally troubleshoot. If you media is hosted on the disks in your NAS, it would make more sense to run emby from your NAS.
Just replying to the original question. RP4 works great as a wireguard server.
My apologies, I searched for the wrong model.
If you’re going to go down the RaspberryPi route though you will have a learning curve to go through, its not insurmountable but will take some time.
Thank you for your detailed reply. I’ll try during the weekend.
Its down found it on wayback machine though: https://web.archive.org/web/20220528024737/https://mgnk.it/2019/03/raspberry-pi-as-a-vpn-gateway-using-wireguard/
It works yay (I am getting my grandmothers house IP and not my mothers) my mom got letter in mail for torrenting but I never got any at grandmas
Its exactly the thing I was looking for (alternative gateway) I used wifi and not ethernet bc my Wii’s WiFi is probably slower than the pi’s anyway (so the wii’s wifi is the bottle neck not pi’s wifi so I used wifi instead) and pi is running ubuntu server and not raspbian
That’s what I was afraid of!