Objective:
The ability to configure your mobile/roaming device to route all your internet traffic through your home connection whilst utilising your LAN based Pi-Hole blocking DNS service.
Required:
- 1 x Raspberry Pi (with ethernet connection, monitor, USB keyboard/mouse)
- 8GB+ SD Card
- Windows PC with SD card reader
- your own internet connected network
- time to kill
Resources used:
- Latest OS Image:
https://www.raspberrypi.org/downloads/raspbian/ - Latest Pi-Hole Software:
https://pi-hole.net/ - Latest PiVPN Installer:
http://www.pivpn.io/ - Latest SD Card Image Writer:
https://sourceforge.net/projects/win32diskimager/ - Pi Password Setup:
https://www.raspberrypi.org/documentation/linux/usage/users.md - Pi-Hole Admin Console Password Change:
https://discourse.pi-hole.net/t/how-do-i-set-or-reset-the-web-interface-password/1328 - SSH/SCP Client:
https://www.bitvise.com/ssh-client-download - OpenVPN IOS Client:
https://itunes.apple.com/gb/app/openvpn-connect/id590379981?mt=8 - OpenVPN Android Client:
https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en_GB - Port Forward Guide For Routers:
https://portforward.com/router.htm
Basic Steps Involved:
- Download Raspbian Jessie system image
- Install win32diskimager software & write the image to the SD card drive
- Boot the Pi with your new SD card image
- Open linux terminal session
- Change your default pi login password
- Run the Pi-Hole installer – curl -sSL https://install.pi-hole.net | bash
- Work through the Pi-Hole wizard, leave defaults but set a Static IP
- Open a new linux terminal session
- Run the ‘pihole -a -p newpass’ command to update your admin password after setup
- Run the PiVPN installer – curl -L https://install.pivpn.io | bash
- Work through PiVPN wizard, leave defaults and choose any upstream provider
- Port forward with your router to transmit OpenVPN traffic directly to your Pi
- Run the’ PiVPN -a’ command to create a vpn client config file with .ovpn extension
- Copy that file to your PC using Bitvise SSH client SCP transfer
- Upload the file to a cloud provider of your choice
- Install an OpenVPN client app for your device
- Import the profile into OpenVPN by exporting the .ovpn file from the cloud file store
The Magic Bullet Solution:
The real trick is specified below to get external clients be able to use your internal DNS with full Pi-Hole blocking:
- Edit the file “/etc/openvpn/server.conf” on your Pi using nano (text editor). Find the line similar to this “push dhcp-option DNS 8.8.8.8”, change it the VPN address of your Pi, by default it should be 10.8.0.1.
- Edit the file “/etc/dnsmasq.conf” file to allow DNS resolution from the VPN interface. Find the line similar to this “listen-address=” Remove the comment ‘#’ and put in 127.0.0.1, ‘the local network IP of your Pi’, 10.8.0.1 (or your relevant Pi’s VPN address)
Brilliant!! I was looking for the solution to this and it really was the magic bullet solution. The other ones didn’t mention anything the openserver server.conf. This logically makes sense that it would be routed at the openvpn server.conf. Well done. The only thing is that I wished this article would have bubbled up to the top. Excellent post!! I’m so happy
LikeLike