Your own VPN

What is pi-hole

Pi-hole is basically a DNS level adblocker. Now for people who are new to this,

What is DNS

What is Pi-hole then ?

What is wireguard

What are we going to setup today ?

We are basically going to setup your own VPN server which will have it's dns set as pihole and hence give you adblocking whenever you connect to your VPN

Docker-compose file

For this setup we are going to use docker-compose paste the below into a docker-compose.yml file and then run

docker-compose up -d

in the same directory where you have saved this file

docker-compose.yml

version: "3"

networks:
  private_network:
    ipam:
      driver: default
      config:
        - subnet: 10.2.0.0/24

services:
  unbound:
    image: "klutchell/unbound:latest"
    container_name: unbound
    restart: unless-stopped
    hostname: "unbound"
    volumes:
      - "./unbound:/opt/unbound/etc/unbound/"
    networks:
      private_network:
        ipv4_address: 10.2.0.200

  wireguard:
    depends_on: [unbound, pihole]
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles # Change to your timezone
      - SERVERPORT=51820
      #- SERVERURL=my.ddns.net #optional - For use with DDNS (Uncomment to use)
      - PEERS=1 # How many peers to generate for you (clients)
      - PEERDNS=10.2.0.100 # Set it to point to pihole
      - INTERNAL_SUBNET=10.6.0.0
      
    volumes:
      - ./wireguard:/config
      - /lib/modules:/lib/modules
    ports:
      - "51820:51820/udp"
    dns:
      - 10.2.0.100 # Points to pihole
      - 10.2.0.200 # Points to unbound
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

    restart: unless-stopped
    networks:
      private_network:
        ipv4_address: 10.2.0.3

  pihole:
    depends_on: [unbound]
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    hostname: pihole
    dns:
      - 127.0.0.1
      - 8.8.8.8 # Points to unbound
    environment:
      TZ: "America/Los_Angeles"
      WEBPASSWORD: "" # Blank password - Can be whatever you want.
      ServerIP: 10.1.0.100 # Internal IP of pihole
      DNS1: 8.8.8.8 # Unbound IP
      DNS2: 8.8.8.8 # If we don't specify two, it will auto pick google.
    # Volumes store your data between container upgrades
    volumes:
      - "./etc-pihole/:/etc/pihole/"
      - "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    networks:
      private_network:
        ipv4_address: 10.2.0.100

Step 2

Configuring a split tunnel

Troubleshooting


Revision #2
Created 20 June 2021 16:16:30 by Manav Sethi
Updated 21 June 2021 07:03:22 by Manav Sethi