PiVPN was designed for setup on a Raspberry Pi, but its just as easy to setup on Ubuntu. You’ll need an Linux machine connected to your network and you’ll also need to open the WAN ports to allow access to the VPN from outside. This is typically done with port forwarding – any traffic coming from the internet should be re-directed to the PiVPN box (only). To get setup, run the following CURL on the console:

curl -L https://install.pivpn.io | bash

Further details about the build itself may be found on GitHub at: https://github.com/pivpn/pivpn/wiki. The setup will take you through the process of installation in a step-by-step manner.


For security – its recommended that you change the port from the default 1194 to another port which only you know. This will be mapped or port forwarded through your ISP router. i.e. from the Internet to the  LAN machine IP of your Raspberry Pi. 
Select No for best compatibility – but reduced security
Choose your level of encryption. The larger the encryption key size, the longer it will take to run and set up but the more secure the encryption is as the key is longer. A 2048-bit key is recommended. 
Key Generation should take some time to complete.

In the next stage you’ll be ask for a public DNS entry you’d like to use, or whether you’d like to use an IP address. This is the address which the OVPN configuration which address as the host of the VPN service. The IP address is your public IP exposed to the internet. You can find this with: https://www.google.co.uk/search?q=whats+my+ip&oq=whats+my+ip.

Depending on your ISP your IP may change periodically – termed dynamic. You can use another service like DynDNS or NoIP to provide a free reference from a virtual URL to your changing IP. Essentially, the DynamicDNS service you use will periodically update the entry it has associated with a free URL and your IP.

You can sign-up for a free Dynamic IP at: https://www.noip.com

NoIP will provide a URL like yourdomain.ddns.net. Use this URL as your DNS entry.  

In the next stage you’ll be prompted to setup the external DNS use for lookup by the VPN. I suggest using Google’s DNS service which is typically secure. 

Once setup is complete its recommended that one reboot the Linux box. Do this and remember to run: sudo apt-get update when restarting. The PiVPN service should now be running. The next step is to create Keys and then distribute these keys to your devices.

Adding a VPN Client
To check that the VPN Service is running execute the following command at the console: pivpn

The result should show the usage information pertaining the PiVPN. If you fail to see a usage guide, then the installation may be incorrect and you’ll need to try and re-install. To create a new Client Key use the command: pivpn add or the pivpn add nopass to setup a key without a password. A key without a password will not prompt the user for a password each time they connect to the VPN or use the key so it represents a less secure key, but may be more convenient in certain scenarios. The prompts will take one through the process of creating a key, providing a password and a filename for the key. Once complete, the OVPN keys will be written to your local directory ~/ovpn where they may be picked up for usage.

Distributing OVPN Client Keys
It’s recommended that you distribute your keys securely. You’ll need to copy the keys with something like WinSCP or an SFTP connection and then place those keys onto the clients. You could use Whatsapp Messenger or another secure chat to send the keys to yourself or others. The next stage is that the client devices have the OVPN keys imported for usage with their OVPN Client software. Once complete, the client can open a connection to the OVPN Server you’ve setup and start using the service.

Happy VPNing…