Hi everyone, I’m looking for some feedback on using pivpn (Wireguard) on a dedicated headless Zero 2 W. I haven’t found any information on this configuration so I hope you can help. Specifically I’m interested in understanding its expected performance.
The remote site I’ll be connecting to has a 20 Mbps upload and 100 Mbps download connection. There will only ever be one client connecting at a time.
Firstly I believe it’s a supported platform. Raspberry Pi OS Lite supports it but the pivpn docs don’t specifically mention 2, only “Zero”. Does anyone know?
I understand that wifi isnt the best for a VPN server and that the Zero 2 is limited to a 2.4GHz 802.11 b/g/n but am I going to hit any limits based on the limited bandwidth at the remote site? It’s going to be placed next to a wifi router. I believe the Zero 2 performance is similar to a Pi3 which hits a wall at about 250Mbps. Will I be fine? Is there any benefit of adding a USB Ethernet adapter (the Zero 2 still has a USB 2.0 bus). Thanks.
I use a pi zero 1 for this purpose and it performs admirably. You’ll want to order a micro usb to ethernet adapter, though I suppose you don’t need to. With a vpn latency is as important as speed, and with wifi it simply won’t be as fast or reliable.
If you’re interested in built-in ad blocking I recommend that you first install Pihole, as Pivpn is designed to work with it. I also recommend using a ufw or another firewall, closing all ports except those in service. You’ll want to install fail2ban as well. If you don’t secure your vpn server a bot will hack your device in about one day and jump onto your network.
Performance even on a first gen zero is plenty for multiple clients, you can stream video and browse the web, use any app with no noticeable performance drop.
Lastly there’s a great deal more performance sitting there in a zero 2, you can easily run NextCloud or another self hosted service.
Thanks for the advice u/CallieJacobsFoster. I didn’t think of installing PiHole on this device. Same for fail2ban - it seems like just what I need.
I don’t know if this helps:
I don’t think there is any disadvantage of using wifi. Why should it be less reliable? I connect mine thought ethernet because I want to disable wifi when I am not at home and still being able to use a VPN.
Support for the platform should be no problem, since the CPU was used in a former Raspberry Pi and the installer is just basic linux commands which should work anywhere.
I am using piHole and PiVPN on a raspberry pi zero, connected via USB-Ethernet Adapter. I just checked my connection, I have 100mbit down, 40mbit up. On my phone, connected through mobile, without VPN: 25mbit down, 6mbit up, while connected to the pi via wireguard it is 15mbit down, 5mbit up, which is absolutely fine for me.
The raspberry pi zero 2 will be faster I think because my pi zero is at 100% CPU load during the download test.
Why would you need to use ufw or fail2ban? Is it really neccesary when the raspberry is behind a internet router which blocks all incoming traffic except one open port for wireguard?
As you see in my other post, my pi zero is at 100% cpu at around 15mbps, so video with multiple devices can get problematic.
I read, in this sub I’m pretty sure, that fail2ban and other additional security measures are essentially pointless if you use Wireguard. Attackers won’t know the port is even open because WG only responds if you give it a proper key. So attackers would have to randomly guess the right port AND key to get on your network.
But everything incoming is blocked by the router? Of course any device that ist compromised can download anything, if it has internet access.