Tag: vpn

Setting up a VPN server with adblocker in Cloud (Pi-hole + PiVPN)

What is Pi-hole?

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software. We will use Pi-hole to create a adblocker for our devices .

What is PiVPN?

PiVPN is one of the simplest way to setup and manage a VPN .

What you need ?

  • A linux Cloud Server(VPS)

What we are making?

We are going to create our wireguard VPN server with Pi-hole as an adblocker to block all those unwanted ads from all of our devices.

Step 1: Creating and Configuring Linux Virtual Machine

Create a Linux virtual machine with minimal configuration . I am using ubuntu (1 GB memory , 1v CPU). we will configure firewall by opening necessary ports on it as follows.

Allowed ports in server firewall

step 2: Setting up Wireguard using PiVPN

Simply run the command to install pivpn:

curl -L https://install.pivpn.io | bash

Choose the default setting mostly , choose your favorite dns provider , and complete the setup.

step 3: Modifying wg0.conf file

open wg0.conf file in your favorite editor :

sudo nano /etc/wireguard/wg0.conf

and add these two lines:

PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

So , it looks roughly like this:

/etc/wireguard/wg0.conf

Now restart wireguard like :

sudo systemctl restart wg-quick@wg0.service

enable wireguard on boot:

sudo systemctl enable wg-quick@wg0.service

Step 4: Adding a Client Configuration

$ pivpn add

if you want to connect using a mobile client , you can also generate a qr code after adding a client:

$ pivpn -qr

you can transfer the .conf file to your local machine using tools such as scp , and running this command on your local machine will let you use the remote server as your vpn:

sudo install -o root -g root -m 600 Downloads/random1.conf /etc/wireguard/wg0.conf

Now for later step to your adblocker to work effectively , you need to edit the .conf file you transferred to your local machine and change the dns server to 10.6.0.1 .

It would look something like this:

Changing DNS to 10.6.0.1 is very important for adblocker to work properly.

Step 5: Installing docker

sudo apt install docker.io

adding the user to docker group to run command without sudo:

sudo usermod -aG docker azureuser
newgrp docker

Save and run this script ( if your wireguard IP is not 10.6.0.1 , modify accordingly):

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

docker run -d \
    --name pihole \
    -p 10.6.0.1:53:53/tcp -p 10.6.0.1:53:53/udp \
    -p 10.6.0.1:80:80 \
    -p 10.6.0.1:443:443 \
    -e TZ="America/Chicago" \
    -v "$(pwd)/etc-pihole/:/etc/pihole/" \
    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 --dns=1.1.1.1 \
    --restart=unless-stopped \
    pihole/pihole:latest

printf 'Starting up pihole container '
for i in $(seq 1 20); do
    if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
        printf ' OK'
        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/"
        exit 0
    else
        sleep 3
        printf '.'
    fi

    if [ $i -eq 20 ] ; then
        echo -e "\nTimed out waiting for Pi-hole start start, consult check your container logs for more info (\`docker logs pihole\`)"
        exit 1
    fi
done;

After this your Pi-hole+PiVPN server will be running perfectly. You can change the password of Pi-hole web interface by running this command after entering into docker container:

docker exec -it pihole bash    # getting a terminal in docker container

pihole -a -p             # to change the password

NOTES to configure client properly :

  • Change DNS in .conf file of client to , DNS=10.6.0.1
  • Change the wifi property of clients when connected to router , replacing default dns by 10.6.0.1 .
  • If your browser uses DNS over https , then the pihole(ad blocking feature) won’t work properly for that specific browser(although vpn will work fine).

Also , try to flush dns cache if needed:

sudo systemd-resolve --flush-caches

Finally verify that DNS is set to 10.6.0.1 by using dig or nslookup command. Also enable and install wireguard in client devices . For wireguard installation refer this guide.

As we can see our vpn + adblocker setup is working perfectly:

You can add more blacklists and filters to pi-hole from web admin interface. Also you can change many properties of it from there.

I hope this guide has been helpful ! For any query , feel free to comment below 🙂

Design a site like this with WordPress.com
Get started