Deploy PiRogue VPN

Hosting providers compatibility

  • Hetzner
  • Scaleway
  • Digital Ocean (incompatible)

Requirements

  • you already have a server accessible from the Internet
  • your server has a public IP address
  • your server has exactly 1 network interface
  • your server runs Debian 12
  • your server has at least 4GB of RAM and 40GB of disk

For more details, check the installation and the configuration documentations.

... in 4 steps

Deploy PiRogue VPN

Installation steps can be split into 2 phases: making sure the system is up-to-date to start with (this isn’t specific to the PiRogue ecosystem), then configuring the PiRogue PPA and installing PiRogue packages.

Make sure the system is up-to-date
sudo apt-get update
sudo apt-get dist-upgrade
Configure the PiRogue PPA and install PiRogue packages
sudo apt-get install wget
sudo wget -O /etc/apt/sources.list.d/pirogue.list https://pts-project.org/debian-12/pirogue.list
sudo wget -O /etc/apt/trusted.gpg.d/pirogue.gpg   https://pts-project.org/debian-12/pirogue.gpg
sudo apt-get update
sudo apt-get install pirogue-base

During the installation, if prompted, you will have to answer:

  • Yes to allow non-superusers to capture network traffic.

That’s done!

Get the configuration of PiRogue

After the installation of the system, it’s possible to get the current system configuration with the following command:

Get the current system configuration
pirogue-admin-client system get-configuration

And check if everything is correct.

ℹ️ Example of PiRogue configuration
pi@pirogue ➜ # Example of configuration
pi@pirogue ➜ pirogue-admin-client system get-configuration
DASHBOARD_PASSWORD: PiRogue
ENABLE_DHCP: 'True'
ENABLE_PUBLIC_ACCESS: 'False'
EXTERNAL_ADDRESS: 192.168.1.37
EXTERNAL_INTERFACE: enp0s3
EXTERNAL_NETWORKS: 192.168.1.0/24
ISOLATED_ADDRESS: 10.8.0.1
ISOLATED_INTERFACE: wg0
ISOLATED_NETWORK: 10.8.0.0/24
PUBLIC_CONTACT_EMAIL: root@pirogue.local
PUBLIC_DOMAIN_NAME: pirogue.local
PUBLIC_EXTERNAL_ADDRESS: 185.199.111.153
SYSTEM_HOSTNAME: pirogue
SYSTEM_OPERATING_MODE: wireguard
WIFI_COUNTRY_CODE: FR
WIFI_PASSPHRASE: superlongkey
WIFI_SSID: PiRogue
pi@pirogue ➜ |

Make the dashboard accessible from the Internet

Here, we assume a DNS record exists already, pointing to the public IP address of the PiRogue, requesting a certificate and adjusting the web server configuration can be done this way:

pirogue-admin-client external-network enable-public-access --domain pirogue.example.org --email contact@example.org

Once done, you can access to the dashboard on https://pirogue.example.org/dashboard. Make sure you replace pirogue.example.org with the domain name you have configured for your server and replace contact@example.org with your email address to be shared with Let’s Encrypt.

Get or change the password of the dashboard

The default username of the dashboard is admin.

As the password of the dashboard is randomly generated during the installation, the following command allows you to retrieve it.

Get the password of the dashboard
pirogue-admin-client dashboard get-configuration

The password of the dashboard can be changed with:

Change the password of the dashboard
pirogue-admin-client dashboard set-configuration --password 'mySuperSecretPassword!'