Raspberry pi as a vpn router

I’d like to use my Rpi3 as a vpn router. I have my vpn server in another rpi in another country and I’d like to use my rpi to connect to it through the ethernet and create an access point so I can connect my tv to it and use it to watch Netflix.

Is there any good tutorial? Thanks.

It built in…or you can go to PiVPN
however the script in dietpi should work without the workaround

I don’t need a server. I need a client that can also act as a hotspot.


Yes, RPi3 as a WiFi router is possible - I’ve had success with this myself:


Check out the comments on Github if you have any difficulties. And as you probably know you should use a VPN for Netflix such as Sneakflix but I understand that you are hosting the VPN server itself on another RPi?

Yes, I have another rpi acting as a VPN server at my parents home in my home country.

Thanks for the link, I’ll get to it.

DietPi-Software also contains a WiFi access point solution: https://dietpi.com/forum/t/dietpi-software-details-for-all-installation-options/22/46

So overall nice setup:

  • One Pi as VPN server at home to have access to local video streaming content.
  • A second one as WiFi hotspot with native streaming abilities for abroad :slight_smile:.

I don’t know about Raspberry Pi vs VPN router. I set up a router for connecting to my VPN, therefore slow while connected to VPN. I also run VPN on my phone 24/7. My VPN allows 5 simultaneous connections with [static IP address, so I am well within the limit.

ADMIN EDIT: Content removed due to unrelated advertising

Hey, im a new poster here. BUMPING (Im in love with DietPi btw) I wonder when using the RPi3 like a VPN hotspot network settings configured after this guide ,but without piHole and im using DietPis wifi hotspot and openvpn software ( https://itchy.nl/raspberry-pi-3-with-openvpn-pihole-dnscrypt ) then say two different senarians. This is both about security and anonymity thinkings.

1. What kind of hardenings can be done, is there some security issues/vulnerabilities from outside my network over the internet? Can someone get some information about the devices?

IF SO how to configure it to be more secure?

2. What information/logs are saved as default on the device about previous connected devices for example?
Are there logs about local ips and/or MAC-adresses that can be exported?
Example: if the physical device should go into an forensic analysis, what kind of logs and others can be exported?
Are the device more unsecure if the person are in the radius of the hotspot and can try to connect etc to it? Issues than a normal Router/AP not have?

AND HOW to configure it the best way for less information etc?

Just found this…maybe it will help


Generally the vulnerabilities are exactly the two software titles that you have installed: The WiFi hotspot and the VPN software.

The hotspot is implemented with hostapd, and supports WPA2 encryption by default. WPA2 is known to have some security leaks meanwhile, but it is still very widely used, e.g. by all common home routers. EAP has better security but requires a much more complicated setup (with host and user certificates and keys, so password is not sufficient to connect), e.g. used for the eduroam network and larger company networks and such.

The VPN is implemented either with OpenVPN or WireGuard. The first is very well known and probed, the second is a very new promising approach that allows much faster transfer rates and higher security etc, but it is new and did not yet reach official stable stage: https://www.wireguard.com/
In both cases, it is essential that you keep and transfer the private keys for server and client safe and secure. In case of OpenVPN this is true for the .ovpn file which contains the private key as well. This must never be readable by anyone else as the client software or to related user. If this is the case, then the software itself can be considered as secure (both, OpenVPN and WireGuard IMO).

Assure that, as long as you only need to connect to the VPN remotely, only the related VPN port is forwarded to the RPi and no other port.

About logging, I am not 100% sure what is logged by default with hostapd, OpenVPN and WireGuard. But all persistent logs (stored on disk) can be found in /var/log. journalctl allows to see all system logs, which includes user authentication and AFAIK some from those software titles as well, but the journal by default is not stored to disk but only hold in RAM. It would be stored to disk automatically, if you create the directory /var/log/journal.

All of your questions would:

  1. Be better answered in your own thread, not in this one which is a completely different topic
  2. Be better answered by an introductory video into computer security or netsec on Youtube

Short answer is:

Anything that you connect to the internet is vulnerable to being breached (hacked).

The only truly secure way to use your Diet-Pi is to keep it off the internet completely, and do not allow the device to be connected via WiFi. That is, make sure it’s not possible for anyone to access it when connected to your network over WiFi (so don’t use WiFi on the network the Diet-Pi is connected to). This means that someone would need physical access to the Diet-Pi to break into it.

Otherwise you should learn about subnets and network zones. You can put some network devices on a zone that’s basically hidden and almost inaccessible from people outside your network.

As for logs. The Diet-Pi logs some basic things mostly for troubleshooting. However, passwords are stored encrpyted except for in the main setup file, but if you were smart you would have changed the defult password from dietpi to something else on the first setup.

See also our general security recommends: https://github.com/MichaIng/DietPi/wiki/Security-recommendation

that sound quite complicated to connect first to your Pi and than to the public WiFi. Why not installing VPN Client on your laptop directly and than connect back home to your privat VPN Server?

No need to reply to spambots :sunglasses: