Setup IP forwarding

It can use the ISP router directly, but this means that all the routing decisions must take place in the routing table of the lan hosts and this might not be possible or convenient.

Hi again guys!

I would like to install PiVPN and make my RPi4 a VPN server too.
I had previously installed WireGuard from dietpi-software and choose the client option, can I just install PiVPN from dietpi-software now and make a VPN server too?

Thanks in advance!

I don’t know if you can select it again from the dietpi-software, as it will be selected. The configuration will be different and I am not sure if it can be combined in one file or you should run 2 instances. Keep in mind that you’ll need to make some routing manipulations to send the server traffic always via the ISP and not the VPN client.

Hi @trendy

I tought about doing 2 separate configurations like 2 different interfaces, I don’t want to change the current configuration we setup together, I was thinking about adding a new one if that makes sense.

Please let me know :wink:

In wireguard there is no concept of server and client, everything is a node. You can connect from a node to every other node if you configured both nodes correctly.
If you have already wireguard installed you can add the configs manually, or if you want interactive config, then install PiVPN too.
PiVPN also makes a backup from the existing wireguard config (/etc/wireguard) and creates an archive with the backed up files into /etc (see https://github.com/pivpn/pivpn/blob/20d3a4ccd4f2d080d6f9a13a74e6369aa9d54476/auto_install/install.sh#L3060.

So the easiest way would be maybe to configure it manually without PiVPN, like you did for the first virtual interface. Create a new conf file like wg1.conf with your desired settings and share this new created public key to the nodes you want connect with.

1 Like

Understood! Will try and get back to you :wink:

do you like to use DietPi as server and client the same time? What is the exact use case?

1 Like

Yes.

I currently have the RPi4 as a VPN client, I connect to the VPN when needed and have a couple of LAN devices which use the RPi4 as both gateway and dns, traffic goes to the RPi4 and then to the router when VPN is down or to the VPN when it’s up.

I now would like to make my RPi4 a VPN server too so I can connect from my phone or work pc when not at home.

AFAIK WireGuard works with interfaces so should be possible to be both client of a VPN and server for a VPN? Does it makes sense?

yes, if WG is already installed, you can configure it as server. Without issues. It should be possible to use native WG or PiVPN if you need a wrapper script around Wireguard. However some manuell configs might be needed to have interfaces configured right way.

How do you start the client session today?

Just to make sure, I want to make a new conf which has nothing to do with the previous one you and trendy helped me setup.

Installing PiVPN now that I already have WireGuard shouldn’t make any problem to the current setup right?

Can you please explain this?

wg-quick up [wg-interface]

client configs and server configs are different files. It should be possible to use them in parallel.

Can you share following

ls -la /etc/wireguard/

Just installed PiVPN, added a client and boom I’m connected to my LAN :sunglasses:
Super easy and straightforward thanks to both dietpi-software and pivpn setup :heart_eyes:

/etc/wireguard/ has now 2 .conf files, the one you and trendy helped me a couple of months ago and the new one made by PiVPN with currently just one client.

Seems everything great, should try turning on the first VPN we made and see.

EDIT: Just tried, my work pc doesn’t have access to internet if I connect the RPi4 to the first VPN as a client.

:crazy_face:

Yes it requires additional iptables rules to allow forwarding between both wg interfaces.

Another one, you need to ensure wg client and wg server have different interface names. Like wg0 for server and wg1 for client.

Yes, I tought that was the problem. Can you or @trendy help… again…? :face_with_hand_over_mouth:

Yes, this was correct, the conf I use to connect the RPi4 to VPN as a client has different name from the server one.

Could you post here the configurations and some more runtime configs?

head -n -0 /etc/wireguard/*.conf
ip -4 addr; ip -4 ro list table all; ip -4 ru
iptables-save -c

Hi @trendy
You want these while the RPi4 is connected as a client?

Sorry guys for having bothered you again, I just understood that I don’t really need to add a VPN server to my setup which is just perfect as is.

Thanks anyway for your help as always! :wink:

1 Like