Raspberry Pi and Meshify VPN Service

We love Raspberry Pi’s! If you don’t have one you should get one. They are a great introduction to Linux, and work great with our service. We recommend a Raspberry Pi 4 with 4GB of memory. Parts of the Meshify Agent were written on a Pi, and we have Pi specific builds in our Debian repo. With a Raspberry Pi on your home network you can use Meshify VPN service and enable subnet routing, allowing you to access your entire home network from anywhere. Plus, the device itself has many capabilities. You can run your web server, media player, video conferencing server. It’s a powerful little box.

Overview

Our service allows you to quickly and correctly configure WireGuard in a scalable manner. If you’ve ever setup WireGuard by hand, you already know how difficult it is to maintain and synchronize configurations. That’s where we come in. We provide a control panel that lets you fully configure WireGuard to meet your needs, and will automatically update your hosts in near real-time as changes are made.

We employ a zero-trust model for our service. What does that mean? In short, all access is validated and there is no trust between devices by default. We allow you to use your Google or Microsoft accounts to sign-in to our service. While we do offer an option of signing up with us directly, we’d rather you maintain one less password and use your existing authentication provider, with all of it’s multi-factor authentication (if enabled). Enterprise customers will be happy to know we can integrate with your Google or Azure IAM to automatically give your employees access.

Installation on Raspberry Pi

First, let’s install the Meshify Agent on your Raspberry Pi. We support both the 32-bit and 64-bit Raspberry Pi OS variants. Open a terminal and enter the following:

# Add the meshify.app repo as an installation source
curl -s --compressed https://ppa.meshify.app/KEY.gpg | sudo apt-key add -
sudo curl -s --compressed -o /etc/apt/sources.list.d/meshify.list https://ppa.meshify.app/meshify.list
sudo apt update

# Install wireguard if not already installed
sudo apt install wireguard resolvconf rdesktop

# Install meshify-client & meshifyagent
sudo apt install meshify-client meshifyagent

# enable meshify on startup
sudo systemctl enable meshify
sudo systemctl start meshify

meshifyagent &

# Install Remote Desktop for Pi (optional, but very useful)
sudo apt install xrdp
sudo nano /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Ctrl-X to save the file

Copy and paste the code block above into the terminal window to install Meshify Agent. It will automatically install the version appropriate for your Pi. If you don’t already have one, the next thing to do is make a mesh.

To make a mesh, use a browser to login to the Meshify Admin and click on Meshes. Click “Create New Mesh”. Name your mesh “pi-net”, and use “10.10.10.0/24” for the subnet.

You’ll find the Meshify Agent under Internet options. Login using the same credentials you used previously.

raspberry pi

Click “Add to Mesh” and complete the form. Click Submit and a few seconds later, your pi will be configured.

Enable Subnet Routing

Enabling subnet routing allows you to connect to other machines besides the Raspberry Pi. To do this, login to the Admin Console and click on “Hosts”, and then click the edit icon for your pi. Click “Advanced Configuration”.

Enable subnet routing, UPnP, and Meshify DNS. Add your home’s local subnet, 192.168.0.0/24 in the example above, to the Allowed IPs. Click Submit, and then go back and edit the entry again. You’ll notice that PostUp and PostDown scripts have been written for you. These are the proper values for a Raspberry Pi using the wired connection, eth0.

Raspberry Pi 4s come with two network connections. We recommend the wired connection connected directly to your internet gateway. However, if that’s not possible it also has built-in Wi-Fi. It’s not as fast or efficient as the wired connection, but it works. If you’re using Wi-Fi, modify the PostUp and PostDown scripts to point to wlan0 instead of eth0.

Add your External IP Address

You’ll need to add your external IP address and pick a port number for your Raspberry. We like to use 31415 for the port number for Pis. If you have multiple devices in your home network with Meshify VPN Service, you should use a different port for each of them. If you have the same host in multiple meshes, each mesh should get a unique port.

Enter your public endpoint information and save it. With UPnP enabled, we open the port on your router automatically.

Test your Connection

Using your laptop with Meshify VPN service installed, you should now be able to connect back to your Pi directly, as well as all the other machines in your home. The packets for your home network are routed through the Pi after being securely transported using WireGuard. The reverse happens with the responses, with the Pi securely encrypting the traffic back to your laptop.

Note that enabling Meshify DNS does not cause name resolution for machines in your home network that do not have a Meshify Agent. However, you can connect to them by IP address, or you can add your home resolver to the DNS servers list. Doing this can impact performance of normal web browsing. Feel free to test this yourself.

More Info

Check out our Getting Started Guide to learn more about making your own VPN, with or without a Pi.