Raspberry Pi 3 Model B+ for VPN server?

VPN
1

I’d like to setup a VPN server at my parents house so I can securely remote into their systems for IT maintenance when I’m not physically there. I figure it’s not so good to have an open port going directly to either of their computers so I thought I should setup another computer and thought of my old Raspberry Pi 3 Model B+ in my closet that I’ve never used before. Both my parents and I are limited by 5Mbit Upstream internet so I don’t think I have to worry about speeds.

Do I need two interface? In and Out?

Is the raspberry pi 3 Model B+ suitable?

2

A rpi3 with diet pi or pios lite plus pivpn.io works great

Open port 51820 for it to work

3

Very secure. Set up a NoIP address. Go on PiVPN site, execute the command, install Wireguard with the NoIP address, forward the port on your router to your RPi with UDP and setup the NoIP account in the DDNS tab.

4

The Pi3b+ has a 100mb port internet. My internet connection is 100mb glassfiber. Would running a vpn on a 100mb port throttle my internal file transfer? Like for example when I send a file through my Gigabit router from one pc to another on my local network? (normally faster than 100mbit)

5

I’ve used both OpenVPN and WireGuard but have found that I have fewer issues using Zerotier. I set up a network and and put the client on my Mom’s Mac when I visited her, and added it to my network. Now if she has an issue I can screen share directly to the zerotier IP address and it’s secure.

6

Any pi would work fine for this. For a while I even used a first generation for it, works fine for wg.

7

To do this without opening a port, consider the following.

Setup a wg server on AWS. I pay < $5 a month for mine.

Then the pi you have is setup as a client and connects to the AWS machine.

Your laptop, phone, etc is also setup as clients.

8

I’d run OpenBSD on it with in-kernel WireGuard, and fall back to SSH tunneling as necessary. But yeah, that should work great for the bandwidth you’re taking about - given the RPi < 4 USB limitations.

9
10

Thanks, I’m looking into those options now actually. Trying to see how secure they are as that is a concern since it will be exposed to the internet via an open port.

I’m already running pihole (internal network) on dietpi on a VM so I have some experience with that.

11

I already have DNS via cloudflare so I can setup my own subdomain DDNS through their API. Not sure if PiVPN supports it.

12

I already have a Raspberry Pi 3 Model B+

13

It’s quite secure being exposed as it’s only wireguard seeing any data

Never heard of a compromise yet

14

Yes. PiVPN asks you if you want to set your IP in your config file for “client style use” or any DDNS hostname.

15

It’s still a concern. That is why I’d rather have a physically separate iface to handle the VPN. Otherwise I’d skip all this and just install wireguard directly on one of the PCs (or VM on one of the PCs)

16

I would say a tiny tiny concern though. It’s setup to be quite hardened already

17

I agree on the rpi its probably a pretty tiny concern.

I think if I just had wireguard on a PC with all my data, etc, it’s a much bigger concern (relatively speaking), Otherwise, I don’t see any point in using the pi