Creating a Secure and Affordable Home VPN Using Raspberry Pi 5 and WireGuard

Introduction

I have always been fascinated by how information moves safely across the internet. That curiosity eventually led me to take on a weekend project, building my own home virtual private network using a Raspberry Pi 5 and WireGuard.

My goal was simple: to create a fast, private, and secure connection that would let me access my home network from anywhere in the world. What started as a small experiment quickly became one of the most rewarding setups I have ever built. It challenged me to think about how encryption, firewalls, and automation all work together to protect data.

In this post, I share how I set everything up, the tools I used, and the security measures that helped turn a small single board computer into a reliable home virtual private network server.

What Is This Project About?

This setup transforms a small Raspberry Pi 5 into a personal VPN server using WireGuard (via PiVPN). It allows me to:

• Securely access my home network remotely

• Encrypt all my internet traffic

• Learn practical system-hardening techniques

By combining DuckDNS, UFW, and Fail2Ban, the Pi becomes a lightweight yet robust VPN hub that automatically updates, blocks suspicious logins, and maintains uptime.

The System in a Nutshell

Each client (laptop, phone, or tablet) uses its own encrypted WireGuard profile to connect back home securely.

Tools and Environment

How I Set It Up ?

1. Flash the OS

Using Raspberry Pi Imager, I installed Raspberry Pi OS Lite (64-bit), enabled SSH, set a hostname (e.g. raspberrypi-vpn), and created credentials.

2. Connect & Update

ssh <username>@<hostname>.local 
sudo apt update && sudo apt full-upgrade -y 

3. Secure SSH Access

ssh-keygen -t ed25519 
ssh-copy-id <username>@<hostname>.local 

4. Add Security Layers

sudo apt install unattended-upgrades fail2ban -y 

5. Assign a Static IP

interface eth0 
static ip_address=192.168.0.10/24 
static routers=192.168.0.1 
static domain_name_servers=192.168.0.10

6. Install WireGuard via PiVPN

curl -L https://install.pivpn.io | bash

7. Set Up DuckDNS

   Create a DuckDNS account and schedule an update script every 5 minutes with cron.

8. Router Port Forwarding

   Forward UDP 51820 → 192.168.0.10. 9

9. Enable Firewall

sudo ufw allow 22/tcp 
sudo ufw allow 51820/udp 
sudo ufw enable

10. Create Client Profiles

pivpn add 
pivpn -qr 

Scan the QR code in the WireGuard app to connect.

Testing the Connection

Disconnect from home Wi-Fi, enable the VPN, and visit whatismyipaddress.com. Your IP should match your home network’s public IP.

sudo wg show

Troubleshooting

VPN Connects but No Internet

sudo nano /etc/default/ufw 
# Set: DEFAULT_FORWARD_POLICY='ACCEPT' 
sudo ufw disable && sudo ufw enable 
sudo systemctl restart wg-quick@wg0 

SSH Not Connecting via IP (ssh <username>@<ip_address>)

ssh <username>@<hostname>.local

Reflections

This project was more than a technical exercise, it was a deep dive into network security and system hardening. Now, whether I’m at a café or abroad, I can connect safely to my home network, powered by a Raspberry Pi.

Resources

• Raspberry Pi Imager

• PiVPN Installer

• WireGuard Documentation

• DuckDNS