Transform your Raspberry Pi into a secure VPN gateway with TorGuard OpenVPN. This comprehensive guide covers all Raspberry Pi models and OS versions, from the original Pi to the latest Pi 5, including setup for headless operation, auto-connect on boot, and advanced configurations.
🥧 Why Use VPN on Raspberry Pi?
- Whole Network Protection: Route all devices through VPN
- 24/7 Operation: Low power consumption for always-on VPN
- Projects: Secure IoT devices, media servers, home automation
- Privacy: Hide all network traffic from ISP
- Ad Blocking: Combine with Pi-hole for network-wide ad blocking
Raspberry Pi Compatibility
| Pi Model | Performance | Max VPN Speed | Recommended Use |
|---|---|---|---|
| Pi Zero W/2W | Basic | 5-15 Mbps | IoT devices, light browsing |
| Pi 3B/3B+ | Good | 20-40 Mbps | Home network, streaming |
| Pi 4 (2GB+) | Excellent | 50-100 Mbps | Full network gateway |
| Pi 5 | Best | 100-200 Mbps | High-speed gateway |
Prerequisites
- Raspberry Pi with Raspberry Pi OS (formerly Raspbian) installed
- Internet connection (Ethernet recommended for gateway setup)
- Active TorGuard VPN subscription
- SSH access enabled (for headless setup)
- Basic command line knowledge
Step 1: Access Your Raspberry Pi
Option A: Direct Access
Connect keyboard, mouse, and monitor directly to Pi.
Option B: SSH Access (Headless)
# From Linux/Mac
ssh [email protected]
# Or use IP address
ssh [email protected]
# From Windows (use PuTTY or Windows Terminal)
# Default credentials:
# Username: pi
# Password: raspberry (CHANGE THIS!)
Security: Change default password immediately with
passwd
Step 2: Update Your System
# Update package lists
sudo apt update
# Upgrade installed packages
sudo apt upgrade -y
# Optional: Full distribution upgrade
sudo apt full-upgrade -y
# Clean up
sudo apt autoremove -y
sudo apt autocleanStep 3: Install OpenVPN and Dependencies
# Install OpenVPN and required packages
sudo apt install openvpn openresolv unzip wget curl -y
# For network management (optional but recommended)
sudo apt install network-manager network-manager-openvpn -yStep 4: Download TorGuard Configuration Files
# Navigate to OpenVPN directory
cd /etc/openvpn
# Download TorGuard configs (choose one)
# TCP configs (more reliable, slightly slower)
sudo wget https://torguard.net/downloads/OpenVPN-TCP-Linux.zip
# UDP configs (faster, recommended)
sudo wget https://torguard.net/downloads/OpenVPN-UDP-Linux.zip
# Extract configs
sudo unzip -j OpenVPN-*-Linux.zip
# Make DNS update script executable
sudo chmod +x update-resolv-conf
# Clean up
sudo rm OpenVPN-*-Linux.zipStep 5: Configure Authentication
Create Credentials File
# Create auth file
sudo nano /etc/openvpn/auth.txt
# Add your credentials (2 lines only):
your_torguard_username
your_torguard_password
# Save and exit (Ctrl+X, Y, Enter)
# Secure the file
sudo chmod 600 /etc/openvpn/auth.txt
sudo chown root:root /etc/openvpn/auth.txtUpdate Config Files
# Add auth file reference to all configs
sudo sed -i 's/auth-user-pass/auth-user-pass \/etc\/openvpn\/auth.txt/g' /etc/openvpn/*.ovpn
# Optional: Add kill switch to configs
echo "persist-tun
persist-key" | sudo tee -a /etc/openvpn/*.ovpnStep 6: Test VPN Connection
# List available servers
ls /etc/openvpn/*.ovpn
# Test connection (replace with your chosen server)
sudo openvpn /etc/openvpn/TorGuard.USA-LA.ovpn
# In another terminal/SSH session, check IP
curl -s https://api.ipify.org && echo
# Or
curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'Look for "Initialization Sequence Completed" to confirm connection.
Step 7: Setup Automatic Connection (Systemd Method)
Modern Method (Recommended)
# Copy chosen config to .conf extension
sudo cp /etc/openvpn/TorGuard.USA-LA.ovpn /etc/openvpn/torguard.conf
# Enable and start OpenVPN service
sudo systemctl enable openvpn@torguard
sudo systemctl start openvpn@torguard
# Check status
sudo systemctl status openvpn@torguard
# View logs if needed
sudo journalctl -u openvpn@torguard -fAlternative: Multiple VPN Management
# Create VPN switching script
sudo nano /usr/local/bin/vpn-switch
#!/bin/bash
# VPN Server Switcher
case "$1" in
us)
sudo systemctl stop openvpn@*
sudo systemctl start openvpn@torguard-usa
;;
uk)
sudo systemctl stop openvpn@*
sudo systemctl start openvpn@torguard-uk
;;
stop)
sudo systemctl stop openvpn@*
;;
status)
sudo systemctl status openvpn@*
;;
*)
echo "Usage: vpn-switch {us|uk|stop|status}"
;;
esac
# Make executable
sudo chmod +x /usr/local/bin/vpn-switchStep 8: Verify VPN Connection
# Check network interfaces
ip addr show | grep tun0
# Verify external IP
echo "VPN IP: $(curl -s https://api.ipify.org)"
# Check for DNS leaks
nslookup google.com
# Test connectivity
ping -c 4 google.comAdvanced Configurations
VPN Kill Switch (iptables)
# Create kill switch script
sudo nano /etc/openvpn/killswitch.sh
#!/bin/bash
# VPN Kill Switch
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -p udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 53 -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Make executable and add to startup
sudo chmod +x /etc/openvpn/killswitch.shPi as VPN Gateway
# Enable IP forwarding
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Configure NAT
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Save iptables rules
sudo apt install iptables-persistent -yDNS Configuration
# Use TorGuard DNS
echo "nameserver 10.8.0.1
nameserver 10.10.0.1" | sudo tee /etc/resolv.conf
# Prevent overwriting
sudo chattr +i /etc/resolv.confPerformance Optimization
For Raspberry Pi 4/5
# Use AES hardware acceleration
# Add to /boot/config.txt
echo "arm_64bit=1" | sudo tee -a /boot/config.txt
# In OpenVPN config, prefer AES-128
echo "cipher AES-128-GCM" | sudo tee -a /etc/openvpn/torguard.confReduce Logging
# Add to OpenVPN config
echo "verb 3
mute 20" | sudo tee -a /etc/openvpn/torguard.confTroubleshooting
Connection Fails
- Check credentials:
cat /etc/openvpn/auth.txt - Verify time sync:
timedatectl status - Try different server/protocol
- Check firewall:
sudo iptables -L
Slow Speeds
- Switch to UDP protocol
- Try closer server location
- Use lighter encryption: AES-128
- Check CPU usage:
htop
DNS Not Working
# Fix DNS resolution
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
# Use traditional resolv.conf
sudo rm /etc/resolv.conf
echo "nameserver 1.1.1.1
nameserver 1.0.0.1" | sudo tee /etc/resolv.confMonitoring and Management
Create Status Script
sudo nano /usr/local/bin/vpn-status
#!/bin/bash
echo "=== VPN Status ==="
echo "Service: $(systemctl is-active openvpn@torguard)"
echo "Interface: $(ip addr show tun0 2>/dev/null | grep -q tun0 && echo "UP" || echo "DOWN")"
echo "VPN IP: $(curl -s https://api.ipify.org 2>/dev/null || echo "No connection")"
echo "DNS: $(cat /etc/resolv.conf | grep nameserver)"
sudo chmod +x /usr/local/bin/vpn-statusWeb Dashboard (Optional)
Install PiVPN for web-based management:
curl -L https://install.pivpn.io | bashRaspberry Pi VPN Use Cases
| Project | Description | Additional Setup |
|---|---|---|
| Pi-hole + VPN | Network-wide ad blocking with VPN | Install Pi-hole after VPN |
| Secure IoT Gateway | Protect smart home devices | Configure DHCP on Pi |
| Travel Router | Portable VPN access point | Setup hostapd for WiFi |
| Media Server | Secure Plex/Jellyfin access | Port forwarding rules |
✅ Setup Complete Checklist
- System updated and secured
- OpenVPN installed and configured
- Credentials file created and secured
- VPN connection tested and working
- Auto-start configured with systemd
- Kill switch enabled (optional)
- Performance optimized for Pi model
Need Raspberry Pi VPN Help?
Our support team can assist with Pi-specific configurations, performance optimization, and advanced gateway setups.
Get Pi Support