Objective:
The ability to configure your mobile/roaming device to route all your internet traffic through your home connection whilst utilising your LAN based Pi-Hole blocking DNS service.
Required:
- 1 x Raspberry Pi (with internet connection and SD Card)
- 1 x Windows PC with SD card reader
Resources used:
- Latest OS Image:
https://www.raspberrypi.org/downloads/raspbian/ - Latest Pi-Hole Software:
https://pi-hole.net/ - Latest PiVPN Installer:
http://www.pivpn.io/ - Latest SD Card Image Writer:
https://sourceforge.net/projects/win32diskimager/ - Pi Password Setup:
https://www.raspberrypi.org/documentation/linux/usage/users.md - Pi-Hole Admin Console Password Change:
https://discourse.pi-hole.net/t/how-do-i-set-or-reset-the-web-interface-password/1328 - SSH/SCP Client:
https://www.bitvise.com/ssh-client-download - Wireguard IOS Client
https://apps.apple.com/us/app/wireguard/id1441195209 - Wireguard Android Client
https://play.google.com/store/apps/details?id=com.wireguard.android&hl=en_GB&gl=US - OpenVPN IOS Client:
https://itunes.apple.com/gb/app/openvpn-connect/id590379981?mt=8 - OpenVPN Android Client:
https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en_GB - Port Forward Guide For Routers:
https://portforward.com/router.htm
Basic Steps Involved:
- Download Latest Raspbian image
- Install win32diskimager software & write the image to the SD card drive
- Boot the Pi with your new SD card image
- Open linux terminal session
- Change your default pi login password
- Run the Pi-Hole installer – curl -sSL https://install.pi-hole.net | bash
- Work through the Pi-Hole wizard, leave defaults but set a Static IP
- Open a new linux terminal session
- Run the ‘pihole -a -p newpass’ command to update your admin password after setup
- Run the PiVPN installer – curl -L https://install.pivpn.io | bash
- Work through PiVPN wizard, choose either Wireguard of OpenVPN and any upstream DNS provider
- Port forward with your router to transmit VPN traffic directly to your Pi
- Run the’ PiVPN -a’ command to create a vpn client config file with .ovpn extension for OpenVPN and .conf extension for Wireguard
- Copy that file to your PC using Bitvise SSH client SCP transfer
- Upload the file to a cloud share of your choice
- Install an OpenVPN client app for your device
- Import the profile into OpenVPN by exporting the .ovpn or .conf file from the cloud share
The Magic:
OpenVPN: to get external clients be able to use your internal DNS with full Pi-Hole blocking:
- Edit the file “/etc/openvpn/server.conf” on your Pi using nano (text editor). Find the line similar to this “push dhcp-option DNS 8.8.8.8”, change it the VPN address of your Pi, by default it should be 10.8.0.1.
- Edit the file “/etc/dnsmasq.conf” file to allow DNS resolution from the VPN interface. Find the line similar to this “listen-address=” Remove the comment ‘#’ and put in 127.0.0.1, ‘the local network IP of your Pi’, 10.8.0.1 (or your relevant Pi’s VPN address)
Wireguard: to get external clients be able to use your internal DNS with full Pi-Hole blocking
- Edit the file “/etc/pivpn/wireguard/setupvars” on your Pi using nano (text editor). Find this line “pivpnDNS1=”, change it the local network address of your pi-hole.
Brilliant!! I was looking for the solution to this and it really was the magic bullet solution. The other ones didn’t mention anything the openserver server.conf. This logically makes sense that it would be routed at the openvpn server.conf. Well done. The only thing is that I wished this article would have bubbled up to the top. Excellent post!! I’m so happy
LikeLike