Your own VPN in the Homelab
Everyone is talking about VPNs these days. They help us access our files in the office when we are working from home or encrypt data traffic when we are on public hotspots.
But why do you always have to pay money for a VPN when we can basically run the whole thing very easily at home in our home lab at low cost?
I'll show you how it's done and what you need for it!
Why use a VPN?
A VPN connection establishes a secure connection between you and the Internet. With the VPN, all your traffic is routed through an encrypted virtual tunnel. This obfuscates your IP address on the Internet and your location is no longer visible to anyone.
I use my own VPN at home to connect to certain services that are in my home infrastructure when I'm on the go. For example, to deploy a new container or a new stack using Portainer when I'm on the go, for example when I'm on the train or at the airport.
For this I use, for example, one of my nodes in my homelab on which I have installed PiVPN on.
How can I run my own VPN?
Basically it's quite simple.
All you need for this is, for example, an old Raspberry Pi and an Internet connection. However, it is also important to remember that we connect to our network from outside our network and therefore certain ports have to be released and that our network is either provided with a static IP address or a dynamic DNS resolution (more on this below). .
In order to install pivpn on our Raspberry Pi, we have to set up our RPI with a Debian-based distribution in advance, since PiVPN has to install some packages that are available under Debian/Ubuntu.
If we have successfully set up our Raspberry Pi and it can be reached in the network via SSH, we can now start installing PiVPN.
To do this, we run the following command in our terminal:
curl -L https://install.pivpn.io | bash
This script installs all required dependencies and guides us through the installation process.
The wizard asks us whether we want to use OpenVPN or Wireguard to operate our VPN.
Most well-known VPNs offer the WireGuard protocol on mobile devices. As far as ease of use goes, WireGuard is very basic compared to OpenVPN. This is also because the code base is lighter, making it a better option for embedded systems. In addition, Wireguard is significantly faster than OpenVPN.
Now that we have answered a few questions and PiVPN has been installed, we can already start using our VPN by first creating a client to connect to the VPN via our device:
pivpn -a -n USERNAME
Now we either have the option of copying the profile from the /config directory or installing it on our smartphone or tablet via a QR code.
Now we can connect to our VPN via our device (Important: It makes no sense to be connected via WiFi in the same network that our VPN is also operated on.)
To see which clients are currently connected, we can use the PiVPN console with the pivpn -c command to list all connected clients.