Your own VPN
- This guide will help you set up wireguard VPN with pihole as the DNS server.
What is pi-hole
Pi-hole is basically a DNS level adblocker. Now for people who are new to this,
What is DNS
- DNS stands for Domain Name Server and is basically the backbone of the modern internet. The internet works on IP addresses ie if you go 18.104.22.168 using your browser , you would be directed to google.com. Beautiful right ?
- But as humans we can't be expected to remember these ip addresses, This is where DNS comes in .So when you go to google.com on your browser , your browser asks the DNS server you have set - What is the Ip of google.com and it gets a response and hence it takes you to that ip.
- Here is a more detailed guide on how DNS works
What is Pi-hole then ?
- When you load up a site with ads, it phones home on several different domains for ads and when you use regular DNS servers, they just allow those domains to resolve .
- Now when you change your DNS to pi-hole , as soon as a site phones home for ads pi-hole blocks that DNS request and that's how the ads get blocked.
What is wireguard
- Wireguard is this new age VPN technology that consumes less battery, processing power than openvpn and is just plain faster.
What are we going to setup today ?
We are basically going to setup your own VPN server which will have it's dns set as pihole and hence give you adblocking whenever you connect to your VPN
For this setup we are going to use docker-compose paste the below into a docker-compose.yml file and then run
docker-compose up -d
in the same directory where you have saved this file
version: "3" networks: private_network: ipam: driver: default config: - subnet: 10.2.0.0/24 services: unbound: image: "klutchell/unbound:latest" container_name: unbound restart: unless-stopped hostname: "unbound" volumes: - "./unbound:/opt/unbound/etc/unbound/" networks: private_network: ipv4_address: 10.2.0.200 wireguard: depends_on: [unbound, pihole] image: linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=America/Los_Angeles # Change to your timezone - SERVERPORT=51820 #- SERVERURL=my.ddns.net #optional - For use with DDNS (Uncomment to use) - PEERS=1 # How many peers to generate for you (clients) - PEERDNS=10.2.0.100 # Set it to point to pihole - INTERNAL_SUBNET=10.6.0.0 volumes: - ./wireguard:/config - /lib/modules:/lib/modules ports: - "51820:51820/udp" dns: - 10.2.0.100 # Points to pihole - 10.2.0.200 # Points to unbound sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped networks: private_network: ipv4_address: 10.2.0.3 pihole: depends_on: [unbound] container_name: pihole image: pihole/pihole:latest restart: unless-stopped hostname: pihole dns: - 127.0.0.1 - 22.214.171.124 # Points to unbound environment: TZ: "America/Los_Angeles" WEBPASSWORD: "" # Blank password - Can be whatever you want. ServerIP: 10.1.0.100 # Internal IP of pihole DNS1: 126.96.36.199 # Unbound IP DNS2: 188.8.131.52 # If we don't specify two, it will auto pick google. # Volumes store your data between container upgrades volumes: - "./etc-pihole/:/etc/pihole/" - "./etc-dnsmasq.d/:/etc/dnsmasq.d/" # Recommended but not required (DHCP needs NET_ADMIN) # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities cap_add: - NET_ADMIN networks: private_network: ipv4_address: 10.2.0.100
- Now that you have the containers running , just do a docker-compose logs -f and you will see a qr code.
- Install the wireguard android app and scan this qr code to add this tunnel
- Now try connecting to the tunnel
- Congrats you have a vpn server now which has adblocking built into it
Configuring a split tunnel
- Wireguard also lets you configure something called a split tunnel which in my opinion is an amazing feature.
- So when you connect to your vpn server, your internet speed is bottlenecked by the speed of the VPN server.
- To get fast speeds and adblocking as well you can configure what is called a split tunnel, which means that only your dns queries will be sent to the server and all the other queries will be routed directly
- To do that change the AllowedIPs in the wireguard config to
- For troubleshooting the first step is to check if all containers are still alive
docker-compose logs -f
- Now if the containers are running properly, check if port 51820/udp is accessible over the internet.