Pi – External VPN with Pi-Hole

Objective:

The ability to configure your mobile/roaming device to route all your internet traffic through your home connection whilst utilising your LAN based Pi-Hole blocking DNS service.

 Required:

  • 1 x Raspberry Pi (with internet connection and SD Card)
  • 1 x Windows PC with SD card reader

Resources used:

Basic Steps Involved:

  1. Download Latest Raspbian image
  2. Install win32diskimager software & write the image to the SD card drive
  3. Boot the Pi with your new SD card image
  4. Open linux terminal session
  5. Change your default pi login password
  6. Run the Pi-Hole installer – curl -sSL https://install.pi-hole.net | bash
  7. Work through the Pi-Hole wizard, leave defaults but set a Static IP
  8. Open a new linux terminal session
  9. Run the ‘pihole -a -p newpass’ command to update your admin password after setup
  10. Run the PiVPN installer – curl -L https://install.pivpn.io | bash
  11. Work through PiVPN wizard, choose either Wireguard of OpenVPN and any upstream DNS provider
  12. Port forward with your router to transmit VPN traffic directly to your Pi
  13. Run the’ PiVPN -a’ command to create a vpn client config file with .ovpn extension for OpenVPN and .conf extension for Wireguard
  14. Copy that file to your PC using Bitvise SSH client SCP transfer
  15. Upload the file to a cloud share of your choice
  16. Install an OpenVPN client app for your device
  17. Import the profile into OpenVPN by exporting the .ovpn or .conf file from the cloud share

The Magic:

OpenVPN: to get external clients be able to use your internal DNS with full Pi-Hole blocking:

  • Edit the file  “/etc/openvpn/server.conf” on your Pi using nano (text editor). Find the line similar to this “push dhcp-option DNS 8.8.8.8”, change it the VPN address of your Pi, by default it should be 10.8.0.1.
  • Edit the file “/etc/dnsmasq.conf” file to allow DNS resolution from the VPN interface. Find the line similar to this “listen-address=” Remove the comment ‘#’ and put in 127.0.0.1, ‘the local network IP of your Pi’, 10.8.0.1 (or your relevant Pi’s VPN address)

Wireguard: to get external clients be able to use your internal DNS with full Pi-Hole blocking

  • Edit the file  “/etc/pivpn/wireguard/setupvars” on your Pi using nano (text editor). Find this line “pivpnDNS1=”, change it the local network address of your pi-hole.

Now when you need to use your DNS/ad-blocking services outside your home, you can connect up your mobile device to your network via OpenVPN and you will have your full Pi-Hole blocking services available to you.

One thought on “Pi – External VPN with Pi-Hole

  1. Brilliant!! I was looking for the solution to this and it really was the magic bullet solution. The other ones didn’t mention anything the openserver server.conf. This logically makes sense that it would be routed at the openvpn server.conf. Well done. The only thing is that I wished this article would have bubbled up to the top. Excellent post!! I’m so happy

    Like

Leave a Reply to Jason Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s