VPN

I'm choosing to run Wiregaurd VPN on a Rasberri Pi that I had sitting in a drawer. I wanted to have the VPN box as a dedicated machine on the network, so that I'm not reliant on K8s cluster availability for management of local network resources.

Assumptions

This guide captures the high level steps required to get VPN going. The assumption is that the reader has basic understanding of basic networking and Linux.

Hardware is a Rasberri Pi 3 Model B Pi3 Model B

The operating system of choice is the latest version of Rasberri Pi OS Lite 64bit, flashed to an SD card using the Pi Imager tool

Rasberri Pi 3 Model B

Installing Pi OS¶

To manage the Pi on the network via SSH, I needed to assign it a static IP address. There are 2 options:

Obtain the MAC address of eth0 interface using ifconfig and have the router assign a specific IP
Update the /etc/network/interfaces file with the appropriate config

Create a backup of /etc/network/interfaces

cp /etc/network/interfaces /etc/network/interfaces-backup-MMDDYYY

Modify the /etc/network/interfaces to the below code block, substituting the appropriate IP/SubnetMask/Gateway and DNS servers for your network

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
      address x.x.x.x
      netmask x.x.x.x
      gateway x.x.x.x
      dns-nameservers 8.8.8.8 1.1.1.1

Restart the machine

sudo shutdown -r now

SSH into the Pi, update packages, update OS and restart once again

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade && sudo shutdown -r now

Installing Wireguard VPN¶

Let's install Wireguard, which we'll be doing using PiVPN.

Wireguard

PiVPN is fantastic as it abstracts a lot of configuration complexity away from the user. However I recommend visiting the Wireguard website to understand how the software works at a high level: https://www.wireguard.com/