Configuring a VPN to your home/office with 4g/5g (no public ip needed!)


Staff member
So I lied in the title you do need a public ip but not at your house or your office.

The trick is to have something that does. Thankfully renting a vps server to run the "core" of your network has never been easier or cheaper. I am renting a 2.49/month vps to do it for work.

Equipment needed:

1x edgerouter (per site)
1x vps
open vpn on any road warrior configs

On the VPS install pivpn to get started. Its a single line command to install the VPS. You can quickly test the VPS installing openvpn onto your computer and then checking your ip (it should be that of the VPS server).

Create a client with or without a password for the edgerouter.

pivpn -a nopass

enter the user details to continue

Copy the contents of the ovpn file made here: /home/user/ovpn/profile.ovpn

Log into the cli of the edgemax router.

Do: sudo su

This will bring you into a super user of the router.

cd /config/auth

This will change directory, now you can

cat > wifi_engineering.ovpn

Right click to paste the contents of the ovpn file created on the vpn server

Press CTRL+C to cancel the command.

cat wifi_engineering.ovpn

it should have the contents of the ovpn file you just pasted.

Type exit and this will bring you back to the router.

Configuring the router to connect to the vpn is so simple.

set interfaces openvpn vtun0 config-file /config/auth/wifi_engineering.ovpn

Type commit (it will attempt to create and start the interface) and save

ow log into the web interface go to the Firewall/NAT then NAT. You need to create an outbound Source NAT. It should look similar to this:

The reason for this is that without it and without creating routing rules on the PiVPN server the connection will try to route your local lan to the server. The server without configuration has no idea who you are or where you came from. This now means that when you go out of this interface your ip will be: 10.8.0.x

Now your edgerouter is connected as a road warrior client, it will recieve a dhcp ip each time. This is ok but it wont be Ok if you are trying to run a mail server or other service that needs to be connected remotely.
Last edited: