It is possible to get the benifits of Network Wide adblocking of Pihole outside of home network. In this tutorial, we will be achieving this by configuring a VPN wireguard tunnel using PiVPN.
Important Information
This tutorial assumes that you have a Raspberry Pi setup with Rasberry Pi OS and Pi-hole configured on it. If you don't know what it is, hop here to know how to set it up.
Visit the PiVPN site for more information. This is a set of shell scripts initially developed by @0-kaladin that serve to easily turn your Raspberry Pi (TM) into a VPN server using two free, open-source protocols:
SSH into Raspberry Pi and run anyone of the following command.
To install from Stable branch
curl -L https://install.pivpn.io | bash
To install from Test/Development branch
curl -L https://test.pivpn.io | TESTING= bash
How it works
The script will first update your APT repositories, upgrade packages, and install WireGuard (default) or OpenVPN. We will be going with wireguard since it is newer, more secured and easier on battery of clients.
Installation Wizard
- The first thing that script will configure is a static IP address. Since we have already configured a static IP address for Pi-Hole. We will select Yes when the installer prompts for DHCP reservation to keep our static IP.
- Check the IPs when the wizard displays current network settings.
- IP address should be static IP of your RaspberryPi.
- Gateway should be IP address of your router.
- You will be warned that you can potentially run into IP conflicts when using this method. The way around that is to use DHCP reservation in router. However, most routers should be smart enough to stop this from being a problem.
- You will be prompted to specify a local user to store the WireGuard configuration files. Since I haven't configured any additional users in my pi, I'll select default user.
- Here, we will be prompted to select VPN we want to install. Select WireGuard and press the ENTER key to continue.
- This screen will allow you to change the port the WireGuard uses on your Raspberry Pi. Defaule wireguard port is
51820
. You can keep it the same or change it to any other port except default/reserved ports for other applications.
Make a note of port you'll be entering here since we'll be NAT Forwarding(Opening) the same port from our router to the internet
Press the ENTER key to confirm the specified port.
- We will be prompted to specify the DNS provider that we want to use for our VPN clients. The installer will automatically detect Pihole installed and will prompt to use it as DNS. Select Yes to confirm.
- The wizard will now prompt whether we want to use a Public IP or a DNS Name. Using your public IP address is the easiest option. However, this should only be used if you have a static IP address. Your public IP will be fetched by the script. Press the ENTER key to confirm.
Make sure to contact ISP and request for a static IP prior setting this VPN up
VPN won't work in most cases where static IP isn't assigned to you by ISP. ISPs DHCP server dynamically assigns IP address to you and that dynamically assigned internal IP is never directly exposed to the internet. Which means, you can never connect to your internal network from internet.
- The PiVPN script will now generate the server key that WireGuard requires. Press the ENTER key again.
- This screen will give you a quick rundown about unattended-upgrades and why you should enable them.
- You can now enable the unattended-upgrades by selecting the Yes option.
- You have now successfully installed the WireGuard VPN software to your Raspberry Pi.
- You will be asked whether you want to restart your Raspberry Pi before continuing. Confirm by selecting Yes option.
Router Configuration
In order to successfully connect to our configured Pivpn from the internet we'll need to open the wireguard port we setup above to the internet.
-
Login to the Router's admin page. Typically it is
192.168.0.1
or192.168.1.1
-
Goto advanced settings and search for NAT forwarding/Port Forwarding option.
-
Input details as below.
- Name: WireguardVPN
- Device IP: <Static IP of your raspberrypi/IP of your pihole>
- External Port: 51820
- Internal Port: 51820
- Protocol: UDP
-
Select Save/Enable.
-
Reboot Router.
Adding Clients
- To begin creating a new profile for WireGuard, we need to run the following command.
pivpn add
- You will be prompted to type a name for client. Type a name of your choice and press Enter.
- A profile will be created and saved in default path /home/pi/configs.
- Type 'pivpn -qr'
- Input serial number of your added client.
- A QR code will be generated on your screen.
- If you're using Android/IOS client, Download Wireguard application from PlayStore/App Store.
- Select '+' icon and select scan.
- Scan the displayed QR code, input name of your choice.
- VPN is successfully configured on your client.
- To check connected clients on your Pivpn, type
pivpn -c
Troubleshooting
- If you're facing issues with connection or unable to connect at all.
type
pivpn -d
check if your pivpnHOST is your public IP.
Goto https://whatismyipaddress.com/ to see your PublicIP.
and make sure pivpnDNS1 is set to IP address of your Pihole.
If above values aren't correct, input below command to access conf file and edit values.
sudo nano /etc/pivpn/wireguard/setupVars.conf
To save, press Ctrl+X --> Y --> Enter
- If you're able to access local devices from VPN but have no internet access. Make sure that you have 'Listen to All Interfaces, All Origins' enabled in your PiHole DNS settings.
Happy Adblocking :)