Matthew Bell
Networking • Security

PiVPN (WireGuard) — Secure Remote Access

Built a private VPN for remote access to my home network and services. Focused on simplicity, performance, and eliminating sketchy port forwards.

← Back to Projects
ProtocolWireGuard (UDP)
RoutingSplit/Full tunnel
ReachabilityDynDNS + NAT

Goal

Reach home network resources (Jellyfin, admin panels, SMB shares) securely from anywhere.

Environment

  • Raspberry Pi - PiOS lite
  • Router with static IP & port forwarding
  • Dynamic DNS for changing WAN IPs

Steps (high level)

  1. Install PiVPN with WireGuard
  2. Reserve static IP on the router
  3. Create client profiles for mobile devices and PC.
  4. Set allowed IPs
  5. Test on all devices remotely

Troubleshooting highlight

DHCP Settings
Initiially could not connect to internet through VPN. Troubleshooting steps led me to remove automatic DHCP settings and configure manually.

Client snippet (WireGuard)

[Interface]
PrivateKey = <redacted>
Address = 10.6.0.2/24
DNS = 10.6.0.1

[Peer]
PublicKey = <server-public-key>
Endpoint = <redacted>
AllowedIPs = 10.6.0.0/24, 192.168.1.0/24  # split tunnel to home subnets
PersistentKeepalive = 25

Outcome

Fast, reliable access to the home network from anywhere. Only necessary open ports; one hardened entry point.