WireGuard is a fairly new VPN protocol which is much more secure and faster than OpenVPN or IPsec. If you are looking for a secure VPN solution, WireGuard is one of the best choices: you can set up your own WireGuard VPN on Raspberry Pi and connect all your devices to the server without worrying about the bandwidth issue or data security. This step-by-step guide will show you how.

The WireGuard VPN app is available for all major platforms, such as Windows, Mac, Linux, Android, and iOS devices that you may use to securely connect your devices to the DIY WireGuard VPN.

What You Will Need

You will need the following to create your own VPN with WireGuard.

  • Raspberry Pi 3 or 4 with power supply and case.
  • 8GB or larger microSD card.
  • Ethernet cable to connect Raspberry Pi to your router.
  • USB mouse and keyboard (optional)

Step 1: Prepare the SD Card

  1. Download the Raspberry Pi Imager tool on another computer and connect the microSD card to it.
  2. Launch Raspberry Pi Imager and click Choose OS > Raspberry Pi OS (Other) > Raspberry Pi OS (64-bit).
  3. Click Choose Storage and select your microSD card. Make sure the card is empty or has no important data.
  4. Click Write. Confirm when the prompt appears. This may take a while to complete.
  5. Once done, the SD card will be auto-ejected. Disconnect the card and connect it again.
  6. Open the File Explorer or Finder window and then open the boot partition.
  7. Create two files: ssh and wpa_supplicant.conf (if you are going to use Wi-Fi for network connection).
  8. In the wpa_supplicant.conf file, paste the following (changing AU to your own country code, and the ssid and psk values to your own router’s details) and then save it.
        country=AU
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="MyWiFiNetwork"
psk="aVeryStrongPassword"
key_mgmt=WPA-PSK
}

The ssh file remains empty with no extension.

It is highly recommended that you connect the Raspberry Pi to your network or router using an Ethernet cable for improved speed and security.

Step 2: Set Up and Install PiVPN

PiVPN is a lightweight script that we can use to install and set up WireGuard on Raspberry Pi. The steps are as follows:

  1. Insert the microSD card into Raspberry Pi.
  2. Connect the HDMI cable to the Pi and a display, such as your monitor or TV.
  3. Also, connect a USB keyboard and mouse.
  4. Turn on the power to boot up the Raspberry Pi.
  5. Configure the Raspberry Pi OS initial setup, create a local user account, install updates, and then restart. Remember the local username and password you create here.
raspberry pi initial setup screen

After the restart, open a Terminal window and run the following command to update the packages.

        sudo apt update && sudo apt full-upgrade
    
check updates and upgrade raspberry pi os

Press Y for confirmation (if a prompt appears) to continue the update process. This may take a while to complete. After updating the packages, run the following command in the Terminal window to start the PiVPN and WireGuard installation.

        curl -L https://install.pivpn.io | bash
    
installing wireguard vpn using pivpn

This will download and open the PiVPN setup wizard that we will use to install the WireGuard VPN. If you receive a curl error, make sure curl is installed by running the following command in the Terminal window and then try again.

        sudo apt install curl -y
    

Once PiVPN setup is downloaded, a setup wizard window appears (as shown below) displaying the message “This installer wizard will transform your Raspberry Pi into an OpenVPN and WireGuard server.”

message pi vpn installer for openvpn wireguard vpn installation

You need to set up or assign a static IP address to your Raspberry Pi to prevent any IP change after power loss or restart. You can reserve the IP from your router’s DHCP settings. If you have reserved the IP in your router, select Yes. If you can’t do that, select No to set up a static IP address on Raspberry Pi.

you need static ip for wireguard to work

The default user is pi, and it should be visible on this screen. However, if you have configured a profile while setting up Raspberry Pi OS (64-bit), your username will appear here. Use the arrow keys to highlight and the spacebar to select it and then press the Enter key or select OK.

select the local user that will hold the configuration

From the available options, select WireGuard and click OK or press the Enter key.

from options choose wireguard for installation

Install any required update if a prompt appears. Otherwise, on the Install WireGuard screen, select Yes. This will begin installing the WireGuard VPN server on your Raspberry Pi. Do not make any changes when asked. Keep it as the default, such as default port 51820, unless you want a different one.

default port edit change keep default wireguard vpn

Confirm the default port and select Yes. On the next screen, you need to select a DNS Provider. You can choose any based on your preference and location. If you use an ad-blocking DNS server, such as Pi-hole, you must select Custom and then enter the DNS address manually.

choose dns server or add custom dns

Confirm the selected DNS server selection and choose Yes or press Enter to proceed. You will be displayed with two options: you may use public IP or public DNS. Choose the …use this public IP option if you have a static IP assigned by your service provider. Otherwise, choose DNS Entry to use a public DNS (for dynamic IP) and set up dynamic DNS. You can choose from the best free Dynamic DNS providers.

choose public ip or use dns ddns for vpn connection

Confirm the public IP or DNS by selecting Yes. At this stage, server keys will be generated. In the next step, you need to perform an unattended upgrade. This will install the required packages.

enable unattended upgrades wireguard security

At this stage, you have completed the installation of WireGuard VPN. You must reboot Raspberry Pi for the changes to take effect.

reboot raspberry pi after installing wireguard vpn

Step 3: Connect Devices to Raspberry Pi WireGuard VPN

To connect to your Raspberry Pi WireGuard VPN, you must create a profile. In a Terminal window, enter the following command,

        sudo pivpn add
    
add user profile for wireguard vpn

Enter the details of your profile. You may name it anything, such as "MyWireGuardVPN". This will set up your profile. The configuration file for connection can be found under /home/pi/configs.

wireguard configuration file for vpn connection

You may use this configuration file for a WireGuard connection or generate a QR code for a secure WireGuard VPN connection. For this, you need to install the WireGuard VPN app on your Android or iOS device. To generate the QR code, run the following command in a Terminal window on your Raspberry Pi.

        pivpn -qr MyWireGuardVPN
    
generating a square code connecting virtual private server

On the WireGuard app on your Android or iOS device, tap the + (plus) icon and choose SCAN FROM QR CODE to scan the QR code. Enter the profile name and tap Save.

scan qr code to connect to raspberry pi wireguard vpn

Now you can use this profile to connect to your WireGuard VPN running on Raspberry Pi.

The WireGuard speed performance will depend on your network speed.

Browse Safely With WireGuard on Raspberry Pi

In this guide, we have showed you how to set up WireGuard on a Raspberry Pi 3 or 4 and connect your mobile devices to the secure VPN. You can now use your own Raspberry Pi WireGuard VPN server to securely access the web and your home network remotely. There are no subscription fees or data logging. This also provides internet service provider privacy and helps you access content securely from anywhere.