How to: Install PiHole (DNS-Adblocker) and PiVPN (Wireguard) on Ubuntu

Metadata

Tested with: Ubuntu 24.04, PiHole 5.18.3, PiVPN
Last Update: Nov 2024

Requirements

  • You need some Linux distribution of your choice like Ubuntu for instance.
  • Make sure you have a static IP set up for your machine or VM.

1. Install PiVPN

# download installer script
wget https://install.pivpn.io -O installpivpn.sh

# run it
sudo bash installpivpn.sh
  • Do you want to force routing IPv6 to block the leakage? Yes
  • Choose your local user to store your data
  • Choose VPN: WireGuard
  • Choose port for WireGuard connection: 51820 (=default)
  • Choose DNS provider: PiVPN-is-local-DNS
  • Choose your preferred DNS entry or IP address
  • Enable unattended upgrades: Yes
  • Reboot: Yes

2. Install PiHole

# download installer script
wget https://install.pi-hole.net -O installpihole.sh

# run it
sudo bash installpihole.sh
  • Static IP needed: Continue
  • Choose an interface for the WAN connection: ens18
  • As written in the requirements, I have already set up a static IP, so I choose to Skip the “Static IP Address” screen
  • Choose your favourite DNS provider
  • Include “StevenBlack’s Unified Hosts List”: Yes
  • Install the Admin Web interface: Yes
  • Install lighttpd and PHP modules: Yes
  • Enable query logging: Yes
  • Choose your privacy option: 0 (=default)
  • A final installation summary screen will show your generated admin password.Write that down or change it.
# changing the admin password for web interface
pihole -a -p
  • Reboot your machine.
  • You can access the admin interface now: http://IP/admin

3. Add powerful adlists

  • Go to Web GUI > settings > Teleporter > Restore
  • Download adlists2004.tar.gz (this is my personal list with currently 74 adlists)
  • Unselect everything except Adlists
  • If you import this adlist at a later time, make sure to unselect “Clear existing data”. Otherwise your customized files will get deleted.
  • Choose adlist2004.tar.gz as file input and click on Restore
  • Go to Web GUI > Tools > Update Gravity > Update

Further Configuration

Keep in mind that the default setting for WireGuard is ALLOWED_IPS=”0.0.0.0/0, ::0/0″. This means all traffic will be sent through the VPN tunnel. If you plan to make just some specific IPs availabe then you need to change the config file accordingly:

# edit the config defaults for WireGuard
sudo nano /etc/pivpn/wireguard/setupVars.conf
  • pivpnDNS1=IP_OF_THIS_MACHINE
  • pivpnDNS2=10.137.96.1 (this is OpenDNS as fallback, in case the UDP-connection fails for some reason/inactivity)
  • ALLOWED_IPS=”YOUR_NET/24″
# some useful commands

# adding a new profile
sudo pivpn -a -n <PROFILE_NAME>

# show QR code to transfer it to a mobile device
sudo pivpn -qr

# show enabled clients
sudo pivpn -l

# show currently connected clients
sudo pivpn -c

# updating pihole
sudo pihole -up

# updating pivpn (currently disabled in favour of using apt)
sudo pivpn -up

Credits