Set Up Your Own VPN at Home With Raspberry Pi! (noob-friendly)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
So if there's anything that I  understood about my audience in the past 3 or so years of running this channel is that you guys really seem to like my VPN videos the 2 of my videos about VPN seem to get the most attention on my channel with a huge margin and, well, I like attention So here I am back with another banger I guess So a lot of you guys asked me in  the comments on those 2 VPN videos: "Wolfgang, look, I don't trust those  VPN companies and VPS companies. I don't want to spend my hard  earned dollars every month to pay for some kind of a VPS or VPN service. Can't I just host VPN at home,  in the comfort of my own house?" and the answer to that  question is "Well, it depends". So let's talk real quick about why  people use VPNs in the first place. Here are some of the most  common use cases for a VPN: Getting access to your home or corporate  network securely while being somewhere else Protecting yourself in a hostile or an  unsecured network on an airport or café Wi-Fi Or in some cases avoiding  tracking and surveillance   by a malicious ISP at school or at work Tricking websites into thinking that you're  in a different country to get access to   some kind of a gear restricted content Circumventing censorship and  getting access to stuff that   is normally blocked by your ISP or your government And last but not least piracy – downloading illegal stuff  in countries where doing that on your   normal ISP connection would get  you a hefty fine or a warning. Now obviously, those are not all  things that you can use a VPN for, because if I listed all the used  cases you'd be sitting here all day. But basically one thing that is  common about all of those cases is that people usually use a VPN  to pretend they're somewhere else ...for many reasons. And if you want to host your VPN at home it will be useful for you  only when you need to pretend  that you're at home... Does that make sense? For example, you want to be out  and about somewhere in the café and you want to connect to  the unsecured Wi-Fi hotspot and if you don't quite trust  the network you're connecting to you can just establish a secured  encrypted tunnel to your own house to browse the internet safely  as though you were at home. And of course if you have  a homelab or a home server you can get access to all of  your local services securely without the need of exposing them to the Internet. This setup might also come in handy for  you if you often travel to countries where you can't torrent or visit certain websites or maybe if you want to watch your  local TV shows while you're abroad. So all of that begs the  question: Why not just use a VPN? Well first of all: no monthly costs. The only thing you need to pay is  the upfront cost for the hardware. I'll be using a Raspberry Pi here and it  costs about $60 with all the accessories but we'll also talk about cheaper  alternatives later in the video. The second reason is that you  don't have to trust any third party if you watched some of my  previous videos about VPNs  you know my opinions about VPN  providers, they can be pretty sketchy but in this case you are  literally your own VPN provider. As long as you trust your ISP more than you  trust a random unsecured network in a café, you're good to go. And then last but not least,  accessing your local services securely while you're on the go I already mentioned that one so I  won't be going too much in depth here. Now let's talk about the requirements So, what are you going to need for this project First of all you need basic technical skills We won't be doing any PHD  level nuclear science here, but you will need some basic knowledge  of, you know, using a computer, some Google-Fu and basic problem solving skills. A lot of people in the  comments have been asking me "Look, Wolfgang, is there like a way, for like  less technically savvy people to do all of that?" and unfortunately that's just the entry  price you have to pay for that kind of stuff. You can either get yourself a VPN  service subscription and have no insight at what's going on behind the curtains, or who's getting your data where it goes to, etc. or you can spend some time  and do everything yourself and yes it might be technically challenging but you do get some kind of a control over  what you do and where your data goes to I'll keep this tutorial as simple as possible  and the video will be divided into chapters and you can use the YouTube speed setting  if i'm going a little bit too fast for you and I will also include a text version  of this guide in the video description so make sure you take a look at  that if you like this format better All in all, I think it's a cool weekend project  and definitely a good learning experience So let's talk about the technical requirements now First thing you'll need is a  dedicated Internet connection  and access to your router's admin panel if you're connected to the public  Wi-Fi in your student dorm, unfortunately that's just not going to work. Then you'll need an ISP that is  okay with you hosting stuff at home Here in Germany, where I live, most of the  ISPs will let you host stuff at home just fine Except for the mail for some reason A lot of ISPs are blocking the  port 25 for outgoing mail here But in other countries some ISPs might put your  Internet connection behind a shared IP address and only offer a dedicated  IP address as a business   service or something they have to pay for extra If you want an easy way to know  whether your ISP is dedicated or shared you can go to website like whoer.net and see  if it maybe says that you're behind a proxy If it does, that's a pretty good indicator that  your PC won't be accessible from the Internet so that tutorial is not going  to work for you, unfortunately You'll also need a router that supports  a function called "Port Forwarding" The easiest way to check is open your browser  and go to your router's administration panel (Usually something like 192.168.0.1 or 1.1) and look for a function called "Port Forwarding" I've had about 4 routers here in Germany,  and they all support that function One more thing that you'll need is a computer that will basically live in your house  and be on 24/7 It doesn't have to be super powerful or beefy if you have like an old laptop or a netbook,  laying around, that will do just fine. For this tutorial though, I'll use  a tiny computer called Raspberry Pi I'm sure that a lot of you are familiar with it It's small, relatively cheap, and  has a very low power consumption You can even run it off of  solar energy if you want Do keep in mind that apart from the board itself, you also need a power adapter  and at least an 8GB microSD card I wouldn't cheap out on microSD  cards because, you know, inexpensive microSD cards from Aliexpress  tend to break much faster than, you know, the brand ones from Kingston, Transcend  and other brands, so do keep that in mind. Optionally if you do have a monitor a  keyboard and a mouse somewhere in the house I would suggest buying a microHDMI to HDMI adapter That way you can connect your Raspberry  Pi directly to your monitor keyboard and   mouse and it'll be a little bit easier to set up But if you don't have a monitor or a  TV that supports HDMI that's okay too, we'll go over the whole setup  process later in the video. You'll also need an Ethernet  cable and a microSD card reader if your computer doesn't already have that one Otherwise if you don't pay a lot for  electricity where you live and you don't care about the place the computer takes or the noise  you can take whatever you have laying around, just make sure it has Ethernet port and that  it's capable of running 64-bit operating systems. That being said, I will only be covering the  setup process for Raspberry Pi in this video. But do let me know in the comments if you'd  like to see a separate video on this topic, on how to set up a VPN on a regular  computer, such as a laptop or a netbook. Now with all the requirements and disclaimers  out of the way, let's get started! First thing we need to do is download  the operating system for our Raspberry Pi Depending on whether you're  setting it up with a monitor or without one you can download  either Raspberry Pi OS Desktop which looks like that or Raspberry Pi  OS Lite which looks kind of like that If you're doing it with a monitor or TV though the former has a benefit of being able  to open a browser and copy commands  from my handy dandy text guide which I'll put in the video description down below Now I must say that Raspberry Pi  OS is a bit controversial and got   into a bit of trouble lately for including  Microsoft's repositories in the installation So if you're a die-hard Linux veteran and you  don't want to contaminate your home network with the evil Microsoft software  feel free to choose something else Personally, I can recommend Ubuntu MATE or  "Mate" if you prefer as a solid alternative Next thing we need to do is download Etcher Etcher is a tool that will help us write the   operating system that we just  downloaded to the micro SD card I chose Etcher because it runs  on Windows, Linux and macOS but if you have some other tool that you prefer,  such as dd or Rufus, you can use that instead After you have both Etcher and  Raspberry Pi on your computer   you can now insert the microSD  card into your computer Then, launch Etcher, choose the Raspberry  Pi OS image that you just downloaded, select your microSD card and click "Flash" This is going to take some time so feel free to  grab a cup of coffee or tea while you're waiting After the flashing is done you'll see a  new volume in "This PC" menu called "boot" Go to that volume, create a new text file, and call it "ssh". Be careful!  It's not "ssh.txt", it's  "ssh", without any extension. To do that, you need to have the "Hide  extensions for known file types" option  disabled in the File Explorer options. With that done, you can now eject  the microSD card from your computer Now put the SD card into the Raspberry Pi,   plug your Ethernet cable into  the router, and into the board Then finally plug the USB Type-C cable into it In case you want to set up your  Raspberry Pi with a monitor,  you also need to plug in the monitor, the  keyboard and the mouse into it at this point So once you've booted your Raspberry Pi up, you  will be presented with a very nice setup wizard which will actually let you skip  a huge portion of this video Just follow the instructions on the  screen and reboot your Pi when asked And now you can skip to this  timecode. See you there! Now you need to wait for about a couple of  minutes while your little computer is booting up and then let's open the browser again and  go to the router's administration panel Go to the page that lists all the  devices connected to the network and there it is! Just copy the IP  address of the Raspberry Pi here Now we need to open the command line interface On Mac and Linux it’s called Terminal, and on  Windows we're going to be using PowerShell. That's really the only difference for us,   since we're only going to be using  it to talk to our Raspberry Pi so if you're in Windows, go to the  start menu and search for PowerShell open it and type this command: "ssh pi@  [and here paste the IP of the Raspberry Pi]" you can use Cmd+C as usual on Mac, on Linux you  can use Ctrl+Shift+C or sometimes Ctrl+Alt+C and on Windows just right click on the  terminal and it's going to paste the text  Answer yes to the next question and  type "raspberry" when asked for password The password won't be shown on the screen not even the asterisks or, like, circles and that applies to all the password fields in the Linux command line  interface, so don't worry about it First thing we need to do, is change the  default password to something more secure We won't be exposing a Raspberry  Pi to the internet per se, so you'll only be able to  access it from your house because of that I won't be going in depth  about advanced SSH login security in this video but if you're interested you can  check out this tutorial of mine where I discuss different  methods of securing remote access So in order to change the password,  you need to type "passwd", type your current password ("raspberry") and then type your new password twice And that's it! Next thing we're going to do is update our   operating system to all the  latest versions of software For that, type "sudo apt  update && sudo apt upgrade" this will take a few minutes  depending on your internet speed and meanwhile you can make yourself another tea,  stare at the blinking lights on the Raspberry Pi, or sing some sea shanties After the installation is complete and you see the green command prompt again type "sudo reboot" to reboot the board. Now that we're done with the initial preparations we need to get ourselves a dynamic DNS hostname. The thing is, unless you're using  a business broadband connection your external IP address is not static it changes every week or so. IP addresses work pretty much in the  same way as physical addresses work so let's say you have a house in New York  and are waiting for an important letter But then next week you have to  move to, let's say Los Angeles how can you be sure that you get that letter? well you set up a mail forwarding service,  which gets all the letters for you and forwards them to your current address. A dynamic DNS service is kind of a mail  forwarding service, but for computers. Now there are a lot of DDNS providers out there,   some of them free, some of  them with a subscription plan. For this tutorial, I'll be using a  free plan from freedns.afraid.org That being said, you can use any service you want I am not endorsing any particular one and the only reason I chose freedns.afraid.org is because that's the first free  dynamic DNS service I've found on Google that doesn't have any weird limitations After registering in a website and  activating your account via email, click on the "add a subdomain" Here the things that we need to change are Subdomain, just put whatever you want  here, I'm going to put "wolfgangsvpn". Domain, there are a few funny domain names here to   choose from and I decided  to go with "crabdance.com" Destination, by default is going to  have your current IP address in there but we need to change it to 0.0.0.0 That way we'll be able to test if our  dynamic IP assignment software actually works after that, type in the  Captcha, and click on "Save!". Now we need to log back to  our Raspberry Pi by typing   "ssh pi@[the ip address]"  in PowerShell or terminal You can also just press the up arrow key and that will give you the  last command you entered Next enter the password that we created earlier Now we need to install a piece  of software called ddclient for that type "sudo apt install  ddclient" and press Enter it's going to ask you for a lot of things, just pretend you don't know anything  by tapping enter until it gives up Now we need to tell ddclient  which address it needs to update for that type "sudo nano /etc/ddclient.conf" let's just delete all of those  lines and replace them with this convenient template that you can  find in my text guide in the description here we need to replace several things: "login" and "password", replace them  with your afraid.org credentials and "somedomain.moo.org", replace it  with the domain name that you chose After that is done, press Ctrl+O to  save the file and Ctrl+X to exit. Another file that we need to  edit is "/etc/default/ddclient" here we need to change everything to "false" except for this option, "run_daemon", this one we need to change to "true" Once that's done, Ctrl+O, Ctrl+X Now that all the configuration is done let's restart the ddclient service by  using "sudo systemctl restart ddclient" and see what it's been up to by typing  "sudo systemctl status ddclient" As you can see it actually  says "FAILED" in all caps but if you go back to our browser and  refresh the page with our subdomain you'll see that 0.0.0.0 changed  to our actual real IP address which means it worked. Finally let's make sure that  ddclient starts automatically every time we power our Raspberry Pi on,  by typing "sudo systemctl enable ddclient" Now one last thing that we need to  do before actually setting up the VPN is making sure that our VPN is accessible  from the outside of the home network for that go to your router's admin page and go to the port forwarding settings on FritzBox routers it's called  "Permit Access" for some reason. What we need to do here is  add another device for sharing Here on most routers you'll be  able to pick a device from a list so I'm going to pick Raspberry Pi here. Then we need to create a new port forwarding entry Here in the field "Application" I'm  going to select "Other application" and for the name let's enter "WireGuard" For the protocol, make sure to select "UDP" And as for the port we need  to forward the port 51820 on a lot of routers you'll need to select  2 ports, so "from" port and "to" port just select 51820 in both, and then make sure  that Internet access is allowed via IPv4 and IPv6 Then apply the settings and that's it! As usual with computers the hardest part  of a project is often preparing for it Now we're finally ready to  actually install and set up our VPN and this is really the easiest part of the video to set it up we're going to be  using a WireGuard install script from the Github user Nyr I've been using this script in my  personal machines for a few months and it's really solid and  reliable like a clockwork Let's copy this command from the Github page Go back to our terminal and paste it. As you can see, this command  actually needs root privileges to run so we need to type "sudo  bash wireguard-install.sh" The script is going to ask us for the  hostname that we want to use for the VPN:  type your dynamic DNS domain  that we created earlier For client name just put any name you want and for "DNS" this is kind of personal preference I like to use the third option, 1.1.1.1 so if you're unsure just use that, and that's it! Let's just press F here and the  installation is going to begin So as you can see, the  Wireguard VPN is now installed and we have a big beautiful QR  code right here on the screen which we're going to use to  connect to our VPN from the phone Now you can simply download the WireGuard  application from App Store or Google Play launch the app and click on the "+" button Here choose "From a QR code"  and scan the code on the screen And that's it! Now you might want to ask  "why test it on a phone?" "Why not just use the same computer  that we're using to set everything up?" Well, the catch 22 here is that we can't  test our VPN on the home network because  ...we're already on the home network So what I'm going to do now is I'm  going to turn off the Wi-Fi on my phone and then try to connect to our  VPN on the cellular network to see if my IP changes. As you can see after  connecting to the WireGuard VPN I can now see the IP of my  home internet connection and since I'm technically browsing  the Internet from my house I can now access all of my selfhosted  network services as though I were home And that's it! Now connecting to our home baked VPN from  a computer requires a few additional steps First we need to move the configuration  files to our home directory For that, log in to the Raspberry Pi  from the terminal, and type "sudo su",   Enter and then "cp /root/*.conf /home/pi" Next we need to create a folder for all  of our WireGuard configuration files Now let's go to that folder, hold  "Shift", right click on the empty space and click "Open PowerShell window here" Here you can press the Up arrow key,  replace "ssh" with "sftp", and press Enter After you've entered the password, you can now  copy all the configuration files to your machine for that type "get *.conf" and press Enter.  Now that we're done here, let's type  exit and close the PowerShell windows. WireGuard VPN is cross-platform, meaning  you can use it on Windows, Linux and macOS For Windows, we need to download this file, click on the executable, and now we're  ready to install our configuration file Launch WireGuard from the Start menu, and  press "Add tunnel configuration from a file" Now, I'm going to create a Wi-Fi hotspot on  my phone and connect to it on my computer and try to connect to the VPN And as you can see, after refreshing the page,  my IP changes to the IP of my home network And there you go, that's how  you set up a VPN at home! Thank you for watching this  video, I hope it was helpful If you have any questions, do not hesitate  to leave them down below in the comments And as usual, I want to thank my Patreons,  the people who support this channel. People such as Tim, Mitchell Valentino,  Ray Perea, and many many others. Thank you guys for watching, once  again, and I'll see you in the next one! Goodbye!
Info
Channel: Wolfgang's Channel
Views: 244,399
Rating: undefined out of 5
Keywords:
Id: rtUl7BfCNMY
Channel Id: undefined
Length: 18min 15sec (1095 seconds)
Published: Wed Feb 24 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.