Category: Tech

Setting up a VPN server with adblocker in Cloud (Pi-hole + PiVPN)

What is Pi-hole?

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software. We will use Pi-hole to create a adblocker for our devices .

What is PiVPN?

PiVPN is one of the simplest way to setup and manage a VPN .

What you need ?

  • A linux Cloud Server(VPS)

What we are making?

We are going to create our wireguard VPN server with Pi-hole as an adblocker to block all those unwanted ads from all of our devices.

Step 1: Creating and Configuring Linux Virtual Machine

Create a Linux virtual machine with minimal configuration . I am using ubuntu (1 GB memory , 1v CPU). we will configure firewall by opening necessary ports on it as follows.

Allowed ports in server firewall

step 2: Setting up Wireguard using PiVPN

Simply run the command to install pivpn:

curl -L https://install.pivpn.io | bash

Choose the default setting mostly , choose your favorite dns provider , and complete the setup.

step 3: Modifying wg0.conf file

open wg0.conf file in your favorite editor :

sudo nano /etc/wireguard/wg0.conf

and add these two lines:

PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

So , it looks roughly like this:

/etc/wireguard/wg0.conf

Now restart wireguard like :

sudo systemctl restart wg-quick@wg0.service

enable wireguard on boot:

sudo systemctl enable wg-quick@wg0.service

Step 4: Adding a Client Configuration

$ pivpn add

if you want to connect using a mobile client , you can also generate a qr code after adding a client:

$ pivpn -qr

you can transfer the .conf file to your local machine using tools such as scp , and running this command on your local machine will let you use the remote server as your vpn:

sudo install -o root -g root -m 600 Downloads/random1.conf /etc/wireguard/wg0.conf

Now for later step to your adblocker to work effectively , you need to edit the .conf file you transferred to your local machine and change the dns server to 10.6.0.1 .

It would look something like this:

Changing DNS to 10.6.0.1 is very important for adblocker to work properly.

Step 5: Installing docker

sudo apt install docker.io

adding the user to docker group to run command without sudo:

sudo usermod -aG docker azureuser
newgrp docker

Save and run this script ( if your wireguard IP is not 10.6.0.1 , modify accordingly):

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

docker run -d \
    --name pihole \
    -p 10.6.0.1:53:53/tcp -p 10.6.0.1:53:53/udp \
    -p 10.6.0.1:80:80 \
    -p 10.6.0.1:443:443 \
    -e TZ="America/Chicago" \
    -v "$(pwd)/etc-pihole/:/etc/pihole/" \
    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 --dns=1.1.1.1 \
    --restart=unless-stopped \
    pihole/pihole:latest

printf 'Starting up pihole container '
for i in $(seq 1 20); do
    if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
        printf ' OK'
        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/"
        exit 0
    else
        sleep 3
        printf '.'
    fi

    if [ $i -eq 20 ] ; then
        echo -e "\nTimed out waiting for Pi-hole start start, consult check your container logs for more info (\`docker logs pihole\`)"
        exit 1
    fi
done;

After this your Pi-hole+PiVPN server will be running perfectly. You can change the password of Pi-hole web interface by running this command after entering into docker container:

docker exec -it pihole bash    # getting a terminal in docker container

pihole -a -p             # to change the password

NOTES to configure client properly :

  • Change DNS in .conf file of client to , DNS=10.6.0.1
  • Change the wifi property of clients when connected to router , replacing default dns by 10.6.0.1 .
  • If your browser uses DNS over https , then the pihole(ad blocking feature) won’t work properly for that specific browser(although vpn will work fine).

Also , try to flush dns cache if needed:

sudo systemd-resolve --flush-caches

Finally verify that DNS is set to 10.6.0.1 by using dig or nslookup command. Also enable and install wireguard in client devices . For wireguard installation refer this guide.

As we can see our vpn + adblocker setup is working perfectly:

You can add more blacklists and filters to pi-hole from web admin interface. Also you can change many properties of it from there.

I hope this guide has been helpful ! For any query , feel free to comment below 🙂

Hosting your own Public Minetest Server

-Jeux Gratuit Présentation "Minetest" MINECRAFT-LIKE FPS ...

What is Minetest ?

Minetest (server) is a near-infinite-world block sandbox game and a game engine, inspired by InfiniMiner, Minecraft, and the like. It’s free and open source software and is available for Linux-based systems, FreeBSD, Microsoft Windows, MacOS, and Android.

Hosting a public minetest server on a debian/ubuntu vps(cloud server)

First step, choosing the Minetest version:

export branch=$(printf "Enter Minetest version: " >&2;read r;echo "$r")

It will ask you to enter a Minetest version. You can enter any numeric version, but you probably want one of these:

  • master: Latest development state (5.4.0-dev)
  • stable-0.4: Stable release in the 0.4 series (0.4.17.1) [UNSUPPORTED]
  • stable-5: Stable release in the 5 series (5.3.0)

After you’ve done that just paste the one-line script into your terminal, taken from here:

(sudo apt-get install -y unzip g{it,cc,++} {c,}make zlib1g-dev lib{sqlite3,curl4-openssl,luajit-5.1,leveldb}-dev&&cd $(mktemp -d)&&wget downloads.sourceforge.net/irrlicht/irrlicht-1.8.4.zip -O irr.zip&&unzip -q irr.zip&&git clone https://github.com/minetest/minetest -b $branch&&cd minetest&&git clone https://github.com/minetest/minetest_game -b $branch games/minetest_game&&cmake . -DBUILD_CLIENT=0 -D{BUILD_SERVER,RUN_IN_PLACE,ENABLE_LEVELDB}=1 -DIRRLICHT_INCLUDE_DIR=$PWD/../irrlicht-1.8.4/include&&make -j$(nproc) package&&p=$(echo minetest-*.tar.gz)&&cp "$p" ~&&printf '\n\n\e[1;32mBuild successful, an archive called "%s" was placed in your home folder.\nTo run the server, extract the archive and run the executable inside the 'bin/' folder\e[0m\n' "$p")||printf '\n\n\e[1;31mBuild failed, review log output above to identify and fix the issue.\e[0m\n'

It will ask you for your password once in the beginning. Once it’s done you’ll have a .tar.gz archive in your home folder, you can extract it anywhere you’d like and run minetestserver from there like a portable installation.

so , extract the tar file as:

tar -xf minetest-5.4.0-linux.tar.gz

then cd into extracted directory , you should modify the minetest.conf file , to modify the game behaviour.

After that open the firewall on the port you want to run the server using ufw:

sudo ufw enable
sudo ufw allow 30000
sudo ufw allow ssh  #so that the vps login work later
sudo ufw status

well after that we can change the game by adding game in games folder, add other textures in textures folder , mods in mods folder and so on from where you extracted the .tar.gz archive( or your minetestserver installation) .

To run the server do:

warning are of no worries as they arise from additional mods added

Now since the server is running alright , any person who wants to connect to your minetest server can connect using minetest gui client they have on their devices , on the specific port your server is running . You can configure your minetest.conf file to control the behaviour of game as you wish.

Other installations options:

  • use minetest-server package which is present in debian/ubuntu official package repository(although not recommended due to very old versions).
  • Install into debian using Backports .
  • Install into ubuntu using ppa.

Hope this guide helps you in creating the latest version of your own public minetest server 🙂

Design a site like this with WordPress.com
Get started