Metadata
Tested with: Ubuntu 24.04, PiHole 5.18.3, PiVPN
Last Update: Nov 2024
Requirements
- You need some Linux distribution of your choice like Ubuntu for instance.
- Make sure you have a static IP set up for your machine or VM.
1. Install PiVPN
# download installer script
wget https://install.pivpn.io -O installpivpn.sh
# run it
sudo bash installpivpn.sh
- Do you want to force routing IPv6 to block the leakage? Yes
- Choose your local user to store your data
- Choose VPN: WireGuard
- Choose port for WireGuard connection: 51820 (=default)
- Choose DNS provider: PiVPN-is-local-DNS
- Choose your preferred DNS entry or IP address
- Enable unattended upgrades: Yes
- Reboot: Yes
2. Install PiHole
# download installer script
wget https://install.pi-hole.net -O installpihole.sh
# run it
sudo bash installpihole.sh
- Static IP needed: Continue
- Choose an interface for the WAN connection: ens18
- As written in the requirements, I have already set up a static IP, so I choose to Skip the “Static IP Address” screen
- Choose your favourite DNS provider
- Include “StevenBlack’s Unified Hosts List”: Yes
- Install the Admin Web interface: Yes
- Install lighttpd and PHP modules: Yes
- Enable query logging: Yes
- Choose your privacy option: 0 (=default)
- A final installation summary screen will show your generated admin password.Write that down or change it.
# changing the admin password for web interface
pihole -a -p
- Reboot your machine.
- You can access the admin interface now: http://IP/admin
3. Add powerful adlists
- Go to Web GUI > settings > Teleporter > Restore
- Download adlists2004.tar.gz (this is my personal list with currently 74 adlists)
- Unselect everything except Adlists
- If you import this adlist at a later time, make sure to unselect “Clear existing data”. Otherwise your customized files will get deleted.
- Choose adlist2004.tar.gz as file input and click on Restore
- Go to Web GUI > Tools > Update Gravity > Update
Further Configuration
Keep in mind that the default setting for WireGuard is ALLOWED_IPS=”0.0.0.0/0, ::0/0″. This means all traffic will be sent through the VPN tunnel. If you plan to make just some specific IPs availabe then you need to change the config file accordingly:
# edit the config defaults for WireGuard
sudo nano /etc/pivpn/wireguard/setupVars.conf
- pivpnDNS1=IP_OF_THIS_MACHINE
- pivpnDNS2=10.137.96.1 (this is OpenDNS as fallback, in case the UDP-connection fails for some reason/inactivity)
- ALLOWED_IPS=”YOUR_NET/24″
# some useful commands
# adding a new profile
sudo pivpn -a -n <PROFILE_NAME>
# show QR code to transfer it to a mobile device
sudo pivpn -qr
# show enabled clients
sudo pivpn -l
# show currently connected clients
sudo pivpn -c
# updating pihole
sudo pihole -up
# updating pivpn (currently disabled in favour of using apt)
sudo pivpn -up