We love Raspberry Pi’s! If you don’t have one you should get one. They are a great introduction to Linux, and work great with our service. We recommend a Raspberry Pi 4 with 4GB of memory. Parts of the Meshify Agent were written on a Pi, and we have Pi specific builds in our Debian repo. With a Raspberry Pi on your home network you can use Meshify VPN service and enable subnet routing, allowing you to access your entire home network from anywhere. Plus, the device itself has many capabilities. You can run your web server, media player, video conferencing server. It’s a powerful little box.
Our service allows you to quickly and correctly configure WireGuard in a scalable manner. If you’ve ever setup WireGuard by hand, you already know how difficult it is to maintain and synchronize configurations. That’s where we come in. We provide a control panel that lets you fully configure WireGuard to meet your needs, and will automatically update your hosts in near real-time as changes are made.
We employ a zero-trust model for our service. What does that mean? In short, all access is validated and there is no trust between devices by default. We allow you to use your Google or Microsoft accounts to sign-in to our service. While we do offer an option of signing up with us directly, we’d rather you maintain one less password and use your existing authentication provider, with all of it’s multi-factor authentication (if enabled). Enterprise customers will be happy to know we can integrate with your Google or Azure IAM to automatically give your employees access.
Installation on Raspberry Pi
First, let’s install the Meshify Agent on your Raspberry Pi. We support both the 32-bit and 64-bit Raspberry Pi OS variants. Open a terminal and enter the following:
# Add the meshify.app repo as an installation source curl -s --compressed https://ppa.meshify.app/KEY.gpg | sudo apt-key add - sudo curl -s --compressed -o /etc/apt/sources.list.d/meshify.list https://ppa.meshify.app/meshify.list sudo apt update # Install wireguard if not already installed sudo apt install wireguard resolvconf rdesktop # Install meshify-client & meshifyagent sudo apt install meshify-client meshifyagent # enable meshify on startup sudo systemctl enable meshify sudo systemctl start meshify meshifyagent & # Install Remote Desktop for Pi (optional, but very useful) sudo apt install xrdp sudo nano /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 # Ctrl-X to save the file
Copy and paste the code block above into the terminal window to install Meshify Agent. It will automatically install the version appropriate for your Pi. If you don’t already have one, the next thing to do is make a mesh.
To make a mesh, use a browser to login to the Meshify Admin and click on Meshes. Click “Create New Mesh”. Name your mesh “pi-net”, and use “10.10.10.0/24” for the subnet.
You’ll find the Meshify Agent under Internet options. Login using the same credentials you used previously.
Click “Add to Mesh” and complete the form. Click Submit and a few seconds later, your pi will be configured.
Enable Subnet Routing
Enabling subnet routing allows you to connect to other machines besides the Raspberry Pi. To do this, login to the Admin Console and click on “Hosts”, and then click the edit icon for your pi. Click “Advanced Configuration”.
Enable subnet routing, UPnP, and Meshify DNS. Add your home’s local subnet,
192.168.0.0/24 in the example above, to the Allowed IPs. Click Submit, and then go back and edit the entry again. You’ll notice that PostUp and PostDown scripts have been written for you. These are the proper values for a Raspberry Pi using the wired connection,
Raspberry Pi 4s come with two network connections. We recommend the wired connection connected directly to your internet gateway. However, if that’s not possible it also has built-in Wi-Fi. It’s not as fast or efficient as the wired connection, but it works. If you’re using Wi-Fi, modify the PostUp and PostDown scripts to point to
wlan0 instead of
Add your External IP Address
You’ll need to add your external IP address and pick a port number for your Raspberry. We like to use
31415 for the port number for Pis. If you have multiple devices in your home network with Meshify VPN Service, you should use a different port for each of them. If you have the same host in multiple meshes, each mesh should get a unique port.
Enter your public endpoint information and save it. With UPnP enabled, we open the port on your router automatically.
Test your Connection
Using your laptop with Meshify VPN service installed, you should now be able to connect back to your Pi directly, as well as all the other machines in your home. The packets for your home network are routed through the Pi after being securely transported using WireGuard. The reverse happens with the responses, with the Pi securely encrypting the traffic back to your laptop.
Note that enabling Meshify DNS does not cause name resolution for machines in your home network that do not have a Meshify Agent. However, you can connect to them by IP address, or you can add your home resolver to the DNS servers list. Doing this can impact performance of normal web browsing. Feel free to test this yourself.
Check out our Getting Started Guide to learn more about making your own VPN, with or without a Pi.