How to Set Up WireGuard on a Raspberry Pi!

In this tutorial, we will look at how to set up WireGuard on a Raspberry Pi using PiVPN! Easy instructions that will help you set up the WireGuard VPN.

WireGuard is awesome! Up until WireGuard, the gold standard for VPNs has been OpenVPN, which is still a great VPN option. However, WireGuard is a faster alternative that’s somewhat easier to implement. It also has the benefit of being a lot simpler than OpenVPN, which doesn’t seem important, but it is.

We will focus on how to set up WireGuard on a Raspberry Pi, but if you’re already using OpenVPN, the overall functionality will be similar.

Ultimately, more complex systems have more attack points, so if you care about security, WireGuard might be your answer. In this tutorial, we will look at how to set up WireGuard on a Raspberry Pi, but it’s important to note that you can install WireGuard on various types of devices.

It’s best to run PiVPN and WireGuard on a Raspberry Pi 4, but if you have at least a Raspberry Pi 3 B+, that should be fine. This is because only the Raspberry Pi 3 B+ and Raspberry Pi 4 have gigabit ethernet, which is preferable for PiVPN and WireGuard.  

1. How to Set Up WireGuard on a Raspberry Pi

Thanks to a handy script (PiVPN), installing WireGuard VPN Server on a Raspberry Pi is very simple. Generally, you want to ensure the script you’re running is trusted. This is a known and trusted script, but I still urge you to review it. We will look at how to set up WireGuard on a Raspberry Pi below.

1. Open Terminal on your Raspberry Pi and run the command below, which will execute a script to install PiVPN (which has WireGuard built-in).

curl -L https://install.pivpn.io | bash
wireguard raspberry pi - running the pivpn command

2. Wait for the process to install the necessary packages. When it’s done, you will be brought to a screen that will inform you that PiVPN will allow you to install OpenVPN or WireGuard on a Raspberry Pi. Select OK.

How to Set up WireGuard on a Raspberry Pi - pivpn automated installer screenshot

3. The next screen will inform you that you need to set a static IP address. It’s best to set a static IP address in your router’s settings, as you are ensuring that DHCP does not try and give this address to any other devices.

However, certain routers (mostly ISP provided ones) do not allow you to complete DHCP reservations. If you can’t set a static IP address for your Raspberry Pi in your router, set a static IP address on the Raspberry Pi by following the instructions.

I specified a static IP address in my router so I am going to skip this step.

wireguard raspberry pi - viewing the dhcp reservation in pivpn

4. You will now need to select a local user. If you’ve created a different user (outside of the default pi user), you will have the option here.

wireguard raspberry pi - adding a user to pivpn

5. You will be asked to select a VPN type. Select WireGuard.

How to Setup WireGuard on a Raspberry Pi - selecting wireguard in pivpn

6. You might be prompted to install the latest kernel update. If you are, select Yes to proceed. If it doesn’t, skip to the next step to proceed.

NOTE: If you need to update the kernel, you will be required to restart this process after your Raspberry Pi reboots (start from step 1).

wireguard raspberry pi - installing wireguard and proceeding

7. WireGuard will now install.

wireguard raspberry pi isntall

8. You will be asked to enter the port you’d like to use (default is 51820). It’s probably best to keep it as the default, but if you have a reason to change it, you can do that here.

NOTE: This is UDP port 51820.

wireguard raspberry pi - using port 51820 for wireguard

9. Select Yes.

wireguard raspberry pi - confirming port is correct

10. You now need to select the DNS provider you’d like to use. Select Custom if you’d like to use your own DNS server, or any of the public DNS providers if you don’t want to use a local DNS server.

wireguard raspberry pi - selecting a dns provider in pivpn

11. I am using a local Pi-hole DNS server that I already have configured, so I added the IP address there. If you are using a public DNS provider, you can skip this step.

NOTE: The IP addresses (192.168.1.197,192.168.1.198) are my local DNS servers. This will not work for you so ensure you use your local DNS servers or a public DNS provider!

wireguard raspberry pi - adding dns servers in pivpn

12. The DNS servers that you select will now be listed. Select Yes.

wireguard raspberry pi - confirming the vpn servers are correct

13. You will now be prompted to use your public IP address or public DNS entry. If you have a static IP address, you are free to use this address. However, if you have a dynamic external IP address, you will need to set up DDNS. You can learn how to do that here.

wireguard raspberry pi - specifying a static external IP address or ddns hostname to connect to for clients

14. If you selected to use a dynamic DNS address, you can enter that information here. At the next screen, select Yes to confirm that it is correct.

wireguard raspberry pi - entering the ddns hostname or static IP address

15. You will now be prompted that the server keys will be generated. Select OK. The next step will tell you that the VPN Server will check for unattended-upgrades, and a periodic reboot will be required.

This is a great option. Enable unattended-upgrades (unless you have a good reason not to) and proceed. The packages will now install.

wireguard raspberry pi - confirguring unattended updates so the system stays up to date

16. The installation is now complete! Reboot your system.

confirming installation complete

1.1 VPN Connection Types – How to Set Up WireGuard on a Raspberry Pi

This section is important for future steps (so you know what kind of profiles you’d like to create). We will be creating either a split-tunnel VPN, full-tunnel VPN, or both in later steps.

Split-Tunnel VPN: Traffic is only sent through your network if it is attempting to access an internal resource. Your IP address when navigating to a site outside of your network will be the IP address of the network that you are currently on.

Full-Tunnel VPN: All traffic is sent through your home network. Your IP address for internal and external requests will be your home network.

I created a very basic image below that explains this, but we will look at how to configure both in later steps. It’s important to note that both connection types will allow you to access your local network. This only shows how traffic is routed differently to external networks.

NOTE: This is not the exact network flow. I am simplifying the process as much as I can.

split-tunnel vs. full-tunnel vpn. full-tunnel routes all traffic through VPN, while split-tunnel only routes local traffic.

1.2 Configuration File Changes

The two changes that we will make below are in the wg0 config file. Run these commands to open the config file:

sudo su
nano /etc/wireguard/wg0.conf

With the file open, proceed to the next steps.

1.2.1 PostUp & PostDown – How to Set Up WireGuard on a Raspberry Pi

This section is a little tricky because these lines will be mandatory if you’re interested in using a split-tunnel VPN profile. If you are using full-tunnel only, there’s a chance that everything will work without adding the PostUp and PostDown lines to the config file. So in summary, add these lines if you intend on using a split-tunnel VPN profile.

If you only intend on using full-tunnel, you might not need to add these lines as all traffic will be routed through your Raspberry Pi. If you don’t add them and you can’t access local resources or connect to the internet when you’re connected to your VPN, come back to this section and add these two lines.

I will do my best to break down everything in these commands so there’s some sort of explanation as to what these changes do.

  • PostUp: command that is executed when you connect to your WireGuard VPN.
    • IPTables: What the system should do with certain packets. A table is created with these rules so the system knows what to do when it receives a packet. These are what the different command-line parameters mean.
    • Masquerade: IP address will be rewritten from source (wg0) to destination (eth0). In layman’s terms, the traffic appears as if it originates from the Raspberry Pi as opposed to the source device. When traffic comes in and is sent to your client device (where you are connected to the VPN), the traffic will have the destination IP rewritten from eth0 (Raspberry Pi) to wg0 (WireGuard network). You still need a static route if you’d like to access your VPN clients!
  • PostDown: command that is executed when you disconnect from your WireGuard VPN to undo everything that we did in the “PostUp” command.

Add these lines to the config file to create an IP table when you connect to WireGuard and masquerade your IP address. NOTE: You might need to change eth0 to be the network interface of your device. However, since you’re using a Raspberry Pi, it’s most likely eth0.

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Save the file and exit!

adding postup/postdown rules to the interface in wireguard

1.3 VPN Profile Creation – How to Set Up WireGuard on a Raspberry Pi

This is the section where we will create our VPN profiles. I will be creating both, a split-tunnel VPN and full-tunnel VPN, but feel free to only create profiles for the VPN types you’d like.

1. Run the command below to add a profile.

sudo pivpn add
vpn profile creation in pivpn

2. Navigate to the configs folder. There will be two config files, one for our split-tunnel profile and one for our full-tunnel.

cd configs
navigating to the configs folder

3. By default, WireGuard is configured as full-tunnel. For this reason, we can leave the full-tunnel file alone and edit the split-tunnel file.

nano PiVPN-ST.conf
creating a client file in pivpn

4. The only change that we have to make here is the AllowedIPs line. By default, AllowedIPs is set as 0.0.0.0/0 which means that all traffic will go through your home network (full-tunnel VPN). To change this so that only local traffic is sent through WireGuard, we need to change this line to our local IP range.

For most people, it will be 192.168.1.0/24 or 192.168.0.0/24. If you aren’t sure what your IP range is, you can look in your router’s configuration under LAN Setup. If you’d like to have VPN clients talk to each other, you need to add the VPN subnet as well (10.6.0.0/24). Change this file to have your local IP range and save it.

configuring a split-tunnel client

5. The configuration file setup process is now complete!

1.4 Persistent Keep-Alive – How to Set Up WireGuard on a Raspberry Pi

WireGuard attempts to be as quiet as possible, meaning that it only sends and receives packets when it needs to. For this reason, clients behind a NAT or firewall might be required to keep the connection alive even when it’s not in use. To do this, you need to make a change in the configuration file.

A scenario where this is normally needed is when you have an off-site server that always needs to stay connected to your VPN server. This line will ensure the connection will not close.

1. Run these commands to open the configuration file.

sudo su
nano /etc/wireguard/wg0.conf

2. You will see the VPN profiles that you configured. Add the line below to the profiles where you would like the connection to stay active.

PersistentKeepalive=25
setting a persistent keep alive so the connection stays alive

1.5 Port Forwarding – How to Set Up WireGuard on a Raspberry Pi

We now need to port forward UDP port 51820 on our router to our Raspberry Pi. Port forwarding will be completely different on every brand’s router settings page.

This is a great guide that shows how to port forward on a few different brands of routers, but the best thing to do is try and google the name of your router and port forwarding. Example: Netgear port forwarding

  1. Create a port forwarding rule for UDP port 51820 to your Raspberry Pi’s IP address. In the example below, 192.168.1.30 is the IP address of my Raspberry Pi.
port forwarding rules on router

1.6 Static Route Configuration – How to Set Up WireGuard on a Raspberry Pi

This step is not required unless you need to access VPN devices from your home network. This is an old screenshot, so ignore the IP addresses listed and ensure you are putting the correct info into yours.

Your home network and VPN network will be on different subnets which means that your local devices will only be able to talk to the machines on its subnet (VPN network will see both).

In order to have your local network talk to your VPN network (in my case, 192.168.1.X and 10.5.0.X), a static route will need to be configured in your router.

I cannot go over the setup steps for this as each router is different, but below is a screenshot of the static route that I configured. The Gateway IP Address will be the IP address of your Raspberry Pi (since that’s where your VPN is running). The 10.5.0.0/24 subnet is where you will need to enter the IP range you are using (as defined in the WireGuard).

static route settings on router for vpn subnet and local subnet to communicate

1.7 Accessing/Testing WireGuard Config Files

WireGuard offers applications for almost all devices that you can use. They are fairly basic, but ultimately, you only need to use them to connect to your VPN so there’s no need for them to be complex! We will look at how to set up WireGuard on a Raspberry Pi for mobile and computer applications below!

1.7.1 WireGuard Mobile Application – How to Set Up WireGuard on a Raspberry Pi

One of my favorite WireGuard features is the ability to generate a QR code and scan that code with your phone. It makes everything so much easier. Not that dealing with config files is particularly hard (and there are situations where you will still need to use config files), but taking out your phone and quickly scanning a QR code is awesome.

If you’d like to generate a QR code to scan, it’s pretty easy. First, ensure that you have the WireGuard application installed on your phone or tablet.

1. Run this command to generate a QR code.

pivpn -qr [PROFILE_NAME]
generating a qr code for pivpn

2. A QR code will be generated. Scan this code with your phone, import the profile and you’re done!

NOTE: This QR holds all information to connect to your VPN. Do not share this image with anyone unless you’d like them to get your VPN profile.

There are situations where the QR code does not pass the correct information to the mobile client. Ensure that the information in the mobile client is correct before proceeding.

3. Scan the QR code with the WireGuard smartphone application. Add the new entry and connect using an outside network. You should be able to connect to all of your local resources!

NOTE: If you test the split-tunnel config file, your external IP address should be your cell phone providers and if you test the full-tunnel, it should be your home ISP’s IP address.

1.7.2 Computer Application – How to Set Up WireGuard on a Raspberry Pi

The process we just went over is how to set up WireGuard on a Raspberry Pi using a mobile device, but if you are setting it up on a PC, you will need to copy the config files over to your device and add them to the application. You can download the application for your device here.

NOTE: You don’t need to physically copy the file, you can simply copy the contents of the file and create your own [VPN_PROFILE].conf file if it’s easier.

1.8 WireGuard Performance – How to Set Up WireGuard on a Raspberry Pi

After you install WireGuard on your Raspberry Pi 4 or 3B+, you might feel that the performance isn’t as “fast” as you expected. The reason is because you’re limited by the upload speed of your local network.

For example, if your ISP provides 25Mbps upload speeds, your download speeds through the Raspberry Pi VPN tunnel will be capped at a maximum of 25Mbps (real-world usage will be less).

This doesn’t mean that the performance will be bad, but you will certainly have slower speeds than you would if you were sitting at home on your local network.

2. Conclusion – How to Set Up WireGuard on a Raspberry Pi

This tutorial showed how to set up WireGuard on a Raspberry Pi. If you have an old Raspberry Pi laying around or you’re comfortable buying an additional device, this is a great way to use an awesome VPN product with amazing performance.

Thanks for checking out the tutorial on how to set up WireGuard on a Raspberry Pi. If you have any questions on how to set up WireGuard on a Raspberry Pi, please leave them in the comments! You can also leave them in the comments of the YouTube video if you have any questions on how to set up WireGuard on a Raspberry Pi!

This Post Has 198 Comments

  1. Max G

    What a great step by step procedure, THANK YOU! I am somewhat of a novice in the the vpn world and your tutorial was just what I needed.

    The results of my installation are as stated in Section 8 Item 3 and I can access my files remotely on my phone. So it appears everything is working. I do have a couple questions though.

    1. I was surprised to see the home ip address does not change when going to whatismyip.com. After thinking about it though, I believe this is because the duckdns.org ddns is not the vpn server so the home ip would remain unchanged. Am I understanding this correctly?

    2. With Split Tunnel and Full Tunnel profiles created, does the PiVPN with Wireguard default to the Full Tunnel mode? If the full tunnel mode throttles my streaming TV, is it possible to switch it to split tunnel and how would I do that?

    1. WunderTech

      Glad that it helped!

      1. Yes, these are home VPN’s, which means that you use them to access local resources and for that reason, it will appear like you’re home (home IP address) when you’re not actually home.

      2. Yes, it will default to full tunnel, but it should be as easy as disconnecting from the full tunnel VPN and connecting to the split tunnel VPN.

  2. Murat

    Hey WunderTech,
    Thanks for the tutorial!
    I have followed your tutorial to the letter, but I seem to be having trouble getting a connection through the VPN.
    I have setup wireguard, created a profile (FT), copied it across to my android using a QR code. I can activate the connection using the app, and I can see the connection using the -c command, but I am unable to navigate to any websites from my phone while the connection is active.
    What could I have done wrong?

    1. WunderTech

      Just to confirm, you are on an external network right? Also, have you specified a valid DNS server to use?

      1. Murat

        Yes and yes, but I think you can ignore me completely. It looks like data transfer is broken on android 12 beta when using a VPN. Explains why it just suddenly stopped working.

        Thanks for replying anyway!

        1. WunderTech

          Got it – not a problem!

  3. RAW

    Hi, I have gone through your tutorials, I have set up split tunnel Wireguard pi VPN with free ddns domain and google dns server and not added any route in router. I have created couple of clients and tested the connections. Everything works fine however my VPN client public IP address and location does not change after connecting to VPN. Do you have any idea if I am missing anything?
    Thanks in advance!

    1. RAW

      Hi again, I have read above comments and learn that i need to set up full tunnel connection for that. I can confirm VPN client’s Public IP address and location does change in full tunnel connection. Nice tutorial! thank you very much!

      1. WunderTech

        Glad you got it working!

  4. Richard

    Thank you so much.

    Additionally, i go to pihole (on my rasp pi) and edit the settings, specifically the Upstream DNS server, i choose: “Listen to all interfaces, allow all origings”.

    This is to keep a second router with a DHCP function working properly. Wireguard installation changes this setting without notice.

    1. WunderTech

      Is the second router giving out IP addresses to a different subnet?

  5. Matteo

    I have two questions (preface: I am a complete newbie)

    -I would like to use this setup as my VPN server instead of Synology+OpenVPN. The Synology NAS and the Raspberry Pi will be on the same local network. If I understood right, I would need to install a client only if I am trying to enter the VPN remotely, correct? So I don’t need to setup anything on the NAS. Is this right?

    -Is it possible to use the same raspberry as the DNS server and VPN server?

    1. WunderTech

      1. That is correct. You will set up the VPN server on the Pi, connect to it whenever you’re outside of your local network, and then you’ll be able to access all local resources (including your NAS).
      2. You can, though I believe that the setup is slightly different. There are a few tutorials online I believe, but following the two tutorials I have for them might not work properly (since they’re both occupying the same Raspberry Pi).

      1. Matteo

        Thank you very much! I really appreciate the work you do, you saved me a lot of time!

        1. WunderTech

          Thanks for the kind words, glad that the information helps!

  6. Danny

    I’m using Adguard on my Raspberry Pi, and I want to set up wireguard by PiVPN.
    Adguard Home works if I set the DNS up.
    For PiVPN, I set it up with mostly the default setting by clicking OK to the next step.
    I’ve forward my port (should be correctly set up but not so sure), and added those two lines you mentioned. Though once I connected the VPN, I couldn’t connect to the Internet.
    Anything I could do to resolve this problem?

    Also, where could I send my debug message privately?

    1. WunderTech

      When you set up WireGuard, what are you using as the DNS server? Are you sure that it’s an internet issue and not a DNS issue? I haven’t run WireGuard + AdGuard Home, but a bunch of people run WireGuard + Pi-hole so I don’t think that would be the problem.

      1. Danny

        Hi WunderTech,

        Thanks for replying. I tried your tutorial on port forwarding, though found out that seems not working on my router. Here is how I set it:
        Local External
        IP Address Start Port End Port IP Address Start Port End Port Prot Description Enabled
        192.168.0.18 51820 51820 192.168.0.18 51820 51820 BOTH Yes

        I used http://www.portchecktool.com and put in 192.168.0.18. Seems not a valid port.

        I tried a few DNS servers: Google, my home IP address, 192.168.0.18. Though none of those worked out.
        Any suggestions?

        Best,
        Zhenyu

        1. WunderTech

          The port that you’ll have to check is 51820 – the 192.168.0.18 is the IP address. However, you sent me a TCP port checker and WireGuard uses UDP. So I would use this site instead: https://www.ipvoid.com/udp-port-scan/

          Google “what is my IP”, and put your external IP address in the first line of “IPv4 Address”, then put 51820 in as the second. Agree to the terms and you can see if it’s open.

          1. Danny

            It says:
            Port Type Status Service
            51820 UDP Open|filtered unknown

            PLAT=Raspbian
            OSCN=buster
            USING_UFW=0
            IPv4dev=eth0
            dhcpReserv=1
            IPv4addr=192.168.0.18/24
            IPv4gw=192.168.0.1
            install_user=pi
            install_home=/home/pi
            VPN=wireguard
            pivpnPORT=51820
            pivpnDNS1=192.168.0.18
            pivpnDNS2=
            pivpnHOST=my external IP address here.

            Am I setting up correct?

          2. Danny

            Also, here is one of my wireguard profile for my computer:
            [Interface]
            PrivateKey =
            Address = 10.6.0.2/24
            DNS = 192.168.0.18

            [Peer]
            PublicKey =
            PresharedKey =
            Endpoint = MyExternalIPAddress:51820
            AllowedIPs = 0.0.0.0/0, ::0/0

          3. WunderTech

            From this info, it looks correct – other than DNS. Are you running a DNS server at 192.168.0.18? If not, change that to something public (like 8.8.8.8 or 1.1.1.1) and test again.

      2. Steve

        Is there a way to troubleshoot the following issue. On a raspberry piW with pihole and unbound, decided to follow the full tutorial and it went well. But, when I activated wireguard from my mobile device and scaned the qr code it could not reach anything on the internet. And i could not connect to my pc with duckdns. I sudo -u pivpn and I will try installing it again in case i missed a step but I am not sure i know where the fault lies. Is there a chance to be a router issue?

        1. WunderTech

          WireGuard has a bug (some versions of it, at least) where the QR code doesn’t always work. Can you open your mobile app and ensure that the correct information was properly passed to the application?

          1. Steve

            Well, I did and after i changed dns to 1.1.1.1, i was able to reach the internet but still i am anable to connect from the outside to my ddns. And i checking through putty the sudo wg situation, there isn’t a handshake as it should. I am rather troubled by all of this….

          2. WunderTech

            I am a little confused on what you mean by “connect from the outside to my DDNS”? DDNS ensures that the domain name being used is always updated with your external IP address. Typing that into a web browser won’t necessarily do anything unless you’re exposing something on your local network (via port forwarding).

  7. Steve

    Well yes, for that reason I have opened a port. So in theory it should give me the ability to connect to my system/server with wireguard at least for pihole on the go. It doesnt though and i am perplexed.

    1. WunderTech

      What is your goal for using WireGuard? You want a full-tunnel VPN connection that will use Pi-hole as DNS? This shouldn’t be too difficult to get working, but if 1.1.1.1 worked as your DNS server, then it’s a Pi-hole issue. What are you setting as the DNS server when you try and get Pi-hole working?

  8. Danny

    Hi WunderTech,

    Thanks for your help above. Though when I changed my DNS server as Google, when I created a PiVPN profile, and added to my device. My device could not connect to the Internet as before.

    Here is my PiVPN debug report:
    ::: Generating Debug Output
    :::: PiVPN debug ::::
    =============================================
    :::: Latest commit ::::
    Branch: master
    Commit:
    Author: Orazio
    Date: Wed Sep 15 17:52:17 2021 +0200
    Summary: Important change to custom MTU handling (mainly to fix issue #1357)
    =============================================
    :::: Installation settings ::::
    PLAT=Raspbian
    OSCN=buster
    USING_UFW=0
    IPv4dev=eth0
    IPv4addr=192.168.0.18/24
    IPv4gw=192.168.0.1
    install_user=pi
    install_home=/home/pi
    VPN=wireguard
    pivpnPORT=51820
    pivpnDNS1=8.8.8.8
    pivpnDNS2=8.8.4.4
    pivpnHOST=REDACTED
    INPUT_CHAIN_EDITED=0
    FORWARD_CHAIN_EDITED=0
    pivpnPROTO=udp
    pivpnMTU=1420
    pivpnDEV=wg0
    pivpnNET=10.6.0.0
    subnetClass=24
    ALLOWED_IPS=”0.0.0.0/0, ::0/0″
    UNATTUPG=1
    INSTALLED_PACKAGES=()
    =============================================
    :::: Server configuration shown below ::::
    [Interface]
    PrivateKey = server_priv
    Address = 10.6.0.1/24
    MTU = 1420
    ListenPort = 51820
    ### begin zwu-sam ###
    [Peer]
    PublicKey = zwu-sam_pub
    PresharedKey = zwu-sam_psk
    AllowedIPs = 10.6.0.2/32
    ### end zwu-sam ###
    =============================================
    :::: Client configuration shown below ::::
    [Interface]
    PrivateKey = zwu-sam_priv
    Address = 10.6.0.2/24
    DNS = 8.8.8.8, 8.8.4.4

    [Peer]
    PublicKey = server_pub
    PresharedKey = zwu-sam_psk
    Endpoint = REDACTED:51820
    AllowedIPs = 0.0.0.0/0, ::0/0
    =============================================
    :::: Recursive list of files in ::::
    ::::[4m/etc/wireguard shown below ::::
    /etc/wireguard:
    configs
    keys
    wg0.conf

    /etc/wireguard/configs:
    clients.txt
    zwu-sam.conf

    /etc/wireguard/keys:
    server_priv
    server_pub
    zwu-sam_priv
    zwu-sam_psk
    zwu-sam_pub
    =============================================
    :::: Self check ::::
    :: [OK] IP forwarding is enabled
    :: [OK] Iptables MASQUERADE rule set
    :: [OK] WireGuard is running
    :: [OK] WireGuard is enabled (it will automatically start on reboot)
    :: [OK] WireGuard is listening on port 51820/udp
    =============================================
    :::: Having trouble connecting? Take a look at the FAQ:
    :::: https://docs.pivpn.io/faq
    =============================================
    :::: WARNING: This script should have automatically masked sensitivity ::::
    :::: information, however, still make sure that PrivateKey, PublicKey ::::
    :::: and PresharedKey are masked before reporting an issue. An example key ::::
    :::: that you should NOT see in this log looks like this: ::::
    :::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::
    =============================================
    :::: Debug complete ::::
    :::
    ::: Debug output completed above.
    ::: Copy saved to /tmp/debug.log
    :::

    1. WunderTech

      There’s nothing that I see that’s out of the ordinary. When you connect to WireGuard (even if it doesn’t work), can you check to see if the client is connected through the terminal?

      1. Danny

        Hi WunderTech,

        Appreciate again for your help.
        After connecting to the wireguard VPN on my laptop, I could still not connect to the Internet.
        Here is the VPN profile on my laptop:
        [Interface]
        PrivateKey =
        Address = 10.6.0.3/24
        DNS = 8.8.8.8, 8.8.4.4

        [Peer]
        PublicKey =
        PresharedKey =
        Endpoint = My_IP_Address:51820
        AllowedIPs = 0.0.0.0/0, ::0/0

        I figured when I connect the VPN, the listening port is 54851.
        And data only shows sent out, not receiving.

        Anything I did wrong over these setups?

        1. WunderTech

          When you say that the listening port is 54851, did you change that? Generally, that should be 51820 which matches what the client is connecting to.

          1. Danny

            No, I didn’t change the listening port. And I realized it changed every time I connect the WireGuard VPN.

          2. WunderTech

            That is most likely the issue, however, I am not sure why it keeps changing. The listening port and server port should both be the same (51820).

  9. Steve

    First of all thanks for all the time you are taking to troobleshoot. Well, a full or split tunnel vpn with wireguard using pi-hole/unbound as dns and have the ability of remote access. My setting is a custom 127.0.0.1#5335 and i think pi-hole is working.

    1. WunderTech

      Glad to try and help! Is Unbound working without WireGuard connected? If it is, what do you have set as the DNS address for the WireGuard client?

      1. Steve

        Yes it does work without it cause i had set it about a month prior. You don’t mean the duckdns adress or i understand something wrong? A lot of steps were done by pivpn and maybe i have missed something!

        1. WunderTech

          From what I’ve read (haven’t tried it myself), the process is not as simple as just setting up WireGuard and Unbound separately. Have you searched Google to see how to implement it? I’m afraid that following both of my tutorials would mean that one or the other would work, but not both at the same time.

          1. Steve

            Ahh this then poses an entire different set of issues i hadn’t realise they exist. Thank you i’ll try and find a solution for that and come back with my findings or pihole and wireguard alone 😛

  10. Foad

    Hi there,

    I have been trying to setup Wireguard VPN on Raspberry pi 4GB using PiVPN. The process is successful when using LAN (my raspberry LAN ip is different from eth0 ip). But when I used the eth0 to set it up (meaning I connect the raspberry pi to my router with a cable) I can’t get the VPN to work. I have also changed the Port forwarding IP on my router according to LAN/eth0 IP. Am I doing anything wrong? I just want to do this thinking that it would improve the internet speed!

    Thank you for your help!

    1. WunderTech

      When you say that the Eth0 IP is different than the LAN IP address, what exactly do you mean? Are you using Wi-Fi or anything? Generally, the LAN IP address and the Eth0 IP address should be the same.

Comments are closed.