Guess what’s one of the first things I check when planning my travel itinerary? Internet access. I’ve tried using USB 4G/5G modems with Raspberry Pi, but they turned out to be expensive, and mobile coverage wasn’t always reliable. These days, I don’t worry too much about public Wi-Fi networks, thanks to my VPN setup. But it gets tricky when I want to share that secure connection with friends or family.

While I’m fine using a hotel’s internet now, I still want to ensure that all my traffic is encrypted and my devices are protected. Tailscale did come up as a popular option. But it doesn’t let me create a hotspot. Plus, I prefer complete control over how the traffic routes for my devices. That’s why I chose the DIY route by combining features of a travel router and VPN box into my Raspberry Pi 4 unit. If it sounds like something you’d want to build, here’s what you’ll need:

• Raspberry Pi 3 or higher (I’m using a Pi 4)
• 32GB microSD card
• USB Wi-Fi adapter compatible with Raspberry Pi/Linux

I’m using a TP-Link Archer T2U Nano (AC600) USB Wi-Fi adapter with my Pi 4. Check out the list of 60 USB Wi-Fi adapters that support the Linux kernel before jumping the gun on a random one. If you prefer a wired connection, carry an Ethernet patch cable to use the hotel’s LAN port, if available. Here’s how I combined a travel router and a VPN box into a Raspberry Pi Project.

Turning Raspberry Pi into a travel router

Equipping the hotspot making capabilities

To save on mobile data while traveling, I set up my Raspberry Pi 4 as a travel router. That way, I connect it to a hotel or public Wi-Fi networks and rebroadcast that connection as a private, secure hotspot for my devices. Getting the TP-Link Archer T2U Nano to work barely took a few minutes. I used Aircrack-ng’s drivers for the RTL8811AU chipset. Next, you’ll need to build the drivers from source on your Pi.

Next, I installed RaspAP on my Pi 4, which helped me set up hotspots on my Raspberry Pi. I run it on the latest Raspberry Pi OS (Debian 13 “Trixie") and make it easy to configure Hotspot password, DHCP range, Firewall/NAT settings, and others. When installing RaspApp, I skipped its built-in OpenVPN or WireGuard options since I’m managing the VPN setup separately.

Captive portals — those annoying login pages — can be tricky. Some networks bind the connection to a MAC address. If it detects MAC spoofing, you can get disconnected or even banned. I used Raspberry Pi OS with Desktop to stay on the safe side. If you’re using a headless setup, you’ll need to plug in a screen or use VNC to complete the login.

Setting up a VPN box on Raspberry Pi

Forcing all outbound traffic through an encrypted tunnel

At home, I used to run a VPN server on my Raspberry Pi, and it worked great. But on the move, I need more plug-and-play options. So I used my SurfShark account to configure it with the WireGuard client on the Pi. After logging into SurfShark’s account, I selected manual setup, chose WireGuard protocol, and generated the key pair to use in the WireGuard configuration on the Pi. It was easy to generate different key pairs region-wise and configure them.

This setup worked like a charm. It required zero maintenance, provided anonymity via shared IP addresses, and allowed me to switch servers to view geo-blocked content. Over time, I realized I was still paying roughly $60 per year to a third-party VPN provider. But I couldn’t use custom DNS and access any of my home devices. So, I sought self-hosted options.

Making Raspberry Pi access your home resources

Check your cameras, NAS, or home lab

What I really missed was the capability to access my self-hosted services, NAS, home lab, and other devices on my home network. I tried setting up a WireGuard VPN server directly on my ASUS router (running AsusWRT-Merlin firmware), but it wasn’t a great idea. It exposed my home IP. I needed to configure a Dynamic DNS service to access my home network from outside because I don't have a static IP, and need to enable port forwarding.

Eventually, I moved my VPN setup to a VPS. There, I installed WireGuard and Unbound. I also run Unbound on my home network, and the VPS version acts as a fallback if that ever goes down. Next, I ensured IP forwarding was enabled and configured internet access using iptables. That gave me more control, better uptime, and allowed me to avoid worrying about consuming my home internet bandwidth.

Alternatively, I also use Tailscale in certain situations. It’s great when I want to connect to my home network and VPS from anywhere. I set up my VPS as an exit note to route all traffic through it when needed. That’s how I avoid meddling with my router configuration and also securely access all my devices.

A travel-ready Pi worth packing

Arming the Raspberry Pi with a travel router and a VPN box features made it the most useful travel tech I’ve built. It routes all traffic through an encrypted tunnel to secure my devices on a sketchy Wi-Fi, allowing me to peek into my home network even when I'm miles away. I’d recommend trying it if you want more control over your traffic. You can opt for a commercial VPN, self-host everything on a VPS, or even mix it all with Tailscale for hybrid access.