PiVPN Notes

Install via the highly-regarded curl and bash combo.

curl -L https://install.pivpn.io | bash

You must run pivpn debug after this! This will add MASQUERADE rules to iptables. Else you won’t be able to access devices on the local network. Here’s some sample output from iptables-save:

# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jan 22 20:23:02 2024
*filter
:INPUT ACCEPT [539667:80844193]
:FORWARD ACCEPT [9052:4464611]
:OUTPUT ACCEPT [329479:41880851]
-A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
-A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 58120 -m comment --comment wireguard-input-rule -j ACCEPT
-A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
-A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
COMMIT
# Completed on Mon Jan 22 20:23:02 2024
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jan 22 20:23:02 2024
*nat
:PREROUTING ACCEPT [66794:5901902]
:INPUT ACCEPT [66250:5815572]
:OUTPUT ACCEPT [49939:3627320]
:POSTROUTING ACCEPT [50130:3649317]
-A POSTROUTING -s 192.116.240.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
-A POSTROUTING -s 192.236.34.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
-A POSTROUTING -s 192.134.161.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
-A POSTROUTING -s 192.165.64.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
COMMIT
# Completed on Mon Jan 22 20:23:02 2024

and an accompanying client configuration:

[Interface]
PrivateKey = <Whatever_This_is>
Address = 192.116.240.2/24
DNS = 192.168.1.7, 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = <Whatever_This_is>
PresharedKey = <Whatever_This_is>
AllowedIPs = 0.0.0.0/0
Endpoint = 171.172.173.174:58120