Why should you use a VPN? Most of the published articles tend to start with a list of instructions how to use a VPN as a protection against snoopers or how to get an access to services which are available from only one particular geographical location that was determined based on an IP address. I do not have such ambitions. All I need is a static IP address, ideally the domestic one.
In my office I usually use mobile internet connection which is perfectly sufficient for my job as a web designer as well as for a visit during a course. The same thing goes for travelling. But an IP address that is changing after each connection actually forces me to use a VPN. Anyway, this is actually a trouble-free matter. It is possible to do with my router and also with my NAS which stands right behind it.
On my Synology NAS I have some web apps to which I control access via reverse proxy. Unfortunately the moment I use a VPN on my router or NAS, my external IP address gets to these apps, not the local one or the one working with the local connection.
So I have been searching for possible solutions and eventually my currently turned-off Raspberry Pi 3 caught my eye, placed on the shelf right next to the screen. Starting up a VPN in the Raspbian operating system is only a matter of one command in terminal, a few Enter presses and an export of a configuration file.
PiVPN supported by OpenVPN and WireGuard
Really, putting a VPN into operation on a small computer Raspberry Pi is possible just by one command in terminal, thanks to the project PiVPN. It is enough to following command to your terminal and press Enter:
curl -L https://install.pivpn.io | bash
The script will install necessary software step by step and offer several configuration dialogs. Then it basically suffices to confirm the default settings by pressing Enter. Of course, the prerequisite for a successful operation is a static IP address of your router and naturally the same local IP address of Raspberry Pi. At the end of the installation you will be able to find out which port to set up for redirecting in your router to the “raspberry” computer.
I choose WireGuard as a VPN
By the end it is necessary to decide whether you are going to use the older technology OpenVPN or newer, more up-to-date WireGuard. Both will require an application of a third party on the client computer. At least on MacOS. For OpenVPN I use very geekish looking TunnelBlick on MacOS. Yes, it does work, but the connecting process is fairly slow and after my initial experience I am still (even after a year) waiting for a moment of crash.
That’s why I recently have given WireGuard a try. On the PiVPN part it meant only starting the command pivpn add after the installation and entering a user name for identification of the VPN connection after that. In the home folder on Raspberry Pi and the subfolder config there will be created a configuration file that you shall somehow copy into the end computer.
On MacOS it was necessary to install a free connection app for WireGuard because VPN built in the operating system doesn’t comply with this type of connection (only L2TP/IPSec is compatible). After launching the app you just load a generated configuration file from Raspberry Pi and complete connection settings will be prepared automatically.
After that you just connect with one click and you are ready. Verification is quick as a wink.
Is VPN quicker on a Synology Router or in WireGuard on Raspberry Pi?
Out of mere curiosity I wanted to find out how significant speed differences of both solutions I can expect. The difference probably won’t be noticeable when using mobile connection in my office most of the time. But I have connected to cable internet and launched a few tests.
WireGuard on Raspberry Pi: ping 31 ms, jitter 2,24 ms, download 60 Mbps, upload 9,48 Mbps
L2TP/IPec on Synology router: ping 31 ms, jitter 2,58 ms, download 85 Mbps, upload 9,17 Mbps
There is a certain difference in the download speed when Raspberry Pi does not manage or reaches some kind of limit of its network interface. However for my needs the 60 Mbps speed is definitely sufficient; I haven’t exceeded this speed when testing repeatedly.
Other commands of PiVPN
When using PiVPN there are other useful information that you can acquire via command line. In my case, two of those were enough for the time being:
pivpn -c, which makes a list of connected clients at the moment.
pivpn -d, which checks and in case of need corrects the settings, in my particular case mixed up IPTABLES configuration after the change of connection of my raspberry from Wi-Fi to Ethernet.
Shall you need to adjust the configuration, then all you have to do is to launch the installer that will offer current values and their editing.
