Taking your hole mobile
Protecting your browsing goes beyond just blocking malware locally.
WATCH YOUR BACK “You’re convinced that various exploitative tracking networks are watching your every move. In this you are, of course, correct.”
Your home is your castle. We get that. You pull up the drawbridge, bar the windows, and keep you and yours safe from internet threats. And you can stay safe in your castle as long as you like – boarded up like a hermit from fear of what lies outside your walls. But at some point, you or a family member will need to leave the bunker and venture into the wasteland beyond the gates.
Maybe working from home isn’t an option any more; it could be that your plan to home-school the kids overlooked your own unenviable academic record; perhaps you need to explore the grocery aisles of your local Lidl in search of something to prevent the inevitable onset of scurvy and rickets.
As you cross the moat and set your feet on the public pavement, a glance at the signal bars on your phone shows a Wi-Fi signal strength of two, then one, then zero. Your phone latches on to the nearest mobile mast, and you’re no longer attached to your own network and no longer under the protection of Pi-hole.
You get ads as you browse the news at the bus stop, and you’re convinced that various exploitative tracking networks are watching your every move. In this you are, of course, correct.
Away from home
Search online for virtual private networks (VPNs), and you’ll see page after page of results for SEO-optimised affiliate websites telling you how to get the fastest speeds, stream games, or watch foreign TV. These are disingenuous attempts to skirt legality by disguising their true purpose – which is, obviously, piracy.
At their core, VPNs are a technology to create a secure and encrypted connection over the internet. They enable you to access the internet as though you were connected to your own private network, even when you’re using mobile data, or sipping the free Wi-Fi along with your pint in ’Spoons.
By passing all of your data through a VPN on your Raspberry Pi, you’re masking your true location, ensuring all your data is encrypted, and you’re also enjoying the benefits of ad- and-tracker free browsing as afforded you by Pi-hole.
Setting up a VPN at home can be difficult and timeconsuming, and we’ve previously devoted entire features to it within this magazine.
PiVPN, however, is designed to be as simple and easy to install as possible, and as its name suggests, was built with the Raspberry Pi in mind.
At its core, PiVPN is a set of scripts used to install and set up both WireGuard and OpenVPN.
While the PiVPN project offers a variety of methods you can use to install the software, we feel it’s in the spirit of things to use the neat one-liner. So, open a terminal and enter:
$ curl -L https://install.pivpn.io | bash
The script makes sure any installed packages are up to date, and installs any dependencies you don’t already have on your system.
You can click through most of the screens, but pay attention to the one titled DHCP Reservation. You should have already made sure that your Raspberry Pi has a static IP address, and clicking the default No option gets PiVPN to try to set it up again. Things can get complicated, and comments on the process in the script reveal: Not really robust and correct, we should actually check for dhcpcd, not the distro, but works on Raspbian and Debian. It doesn’t exactly fill us with confidence. The user should be the one you’re logged in as.
Later on in the setup process, the script asks you to make the choice between using WireGuard and OpenVPN. OpenVPN is older, more configurable, flexible and has arguably better documentation and compatibility, while WireGuard is its younger, hipper rival, boasting minimalistic design, easy configuration and lower latency.
From a purely pragmatic point of view, we recommend WireGuard because it uses less power, which means your phone battery will last longer.
Accept the default WireGuard port of 51820 and, most importantly, when PiVPN detects that you have
Pi-hole installed, choose Yes when asked whether you want to use it as the DNS server for the VPN.
PiVPN checks your public IP address, so take a note of it before you click through.
After a few minutes, the PiVPN
installation completes – and dishes up yet another subtle Star Trek quote in the corner of your screen – and you’re returned to the command line.
You need to create client profiles for each of your devices, so enter the following command to start the process: $ pivpn add
PiVPN prompts you to enter a name for the client. Make this as descriptive as possible, because in six months’ time, you’re not going to remember that device3 is your son’s iPhone, and device5 is your nephew’s Nintendo Switch.
As you’d expect, PiVPN generates encryption keys and updates the server. The new config is placed in a newly minted configs directory within your home
directory. Take a minute to email this to yourself in case you need it while you’re away from your network.
We also consider it worthwhile to set up a few spare device profiles for use in an emergency.
Mobile VPN
With almost everything now set up to connect your mobile devices to PiVPN and bring them under the protection of the ever-vigilant Pi-hole, you’re going to need an app.
If you went for the sensible WireGuard option, open your app store of choice, then search for and install a client app for WireGuard. We went with WG Tunnel on FDroid. Other client apps are available.
Click the blue plus button, and you have the option of adding your config from a file, adding from a QR code, or creating one from scratch.
Because you’re going to have to do this for every mobile device in your household, we recommend using the QR code option.
Back in the terminal, enter:
$ pivpn -qr
From the list, select the device you’re setting up. Point your phone at the computer screen, and wait.
You’re returned to the Tunnels screen in the mobile app, with one single randomly named VPN tunnel next to a toggle switch. Simply flick the toggle switch to protect your traffic from snoopers, then go out and do the shopping.