Hacker
Professional
- Messages
- 1,044
- Reaction score
- 834
- Points
- 113
This article was written for educational purposes only. We do not call anyone to anything, only for information purposes! The author is not responsible for your actions
In this article, we will create our own VPN server that will bypass blocking and slowdowns of sites, as well as block really harmful content (trackers, ads and other garbage) on sites.
While online advertising is the main source of income that allows your favorite websites, including this one, to make money, sometimes people want to block it for various reasons, such as performance or privacy concerns. There are many blocking methods, everyone chooses them independently. These are mainly browser extensions like uBlock, AdBlock, and so on. But there is a problem: if you have many devices (including mobile ones), you need to install cutters on each device and then make sure that they work correctly. This tutorial will guide you through installing and configuring OpenVPN and Pi-hole as a network filter to block DNS-based ads for all devices connected to your network. VPN (Virtual Private Network) is a proven solution for years to ensure anonymity on the Internet, while encrypting and compressing all transmitted traffic. The essence of the technology lies in the fact that a special client program is installed on your computer, which encrypts all transmitted data “on the fly” and transparently for the user and transfers it to an intermediate computer (VPN server). The VPN server has special software that decrypts traffic and sends it in the right direction.
Configuring the Pi-Hole As the project name suggests, Pi-Hole isn't just reserved for the Raspberry Pi. You can also run it on a traditional server, and we're going to do it. Update and install new packages: sudo apt update -y && sudo apt upgrade -y Install curl: sudo apt install curl Next, all you need to do is run this simple command: curl -sSL https: //install.pi-hole. net | bash When asked if you would like to install Pi-hole on your server and provide a static IP, check yes. In the next window - Choose An Interface - the wizard will prompt you to select the interface that Pi-hole will listen on. To use Pi-hole to monitor the VPN network interface, use the arrow keys on your keyboard to select tun0 and press the space bar. Then press TAB to navigate to the options at the bottom of the screen. Once selected, press Enter to save your settings and continue.
In the next window - Choose An Interface - the wizard will prompt you to select the interface that Pi-hole will listen on. To use Pi-hole to monitor the VPN network interface, use the arrow keys on your keyboard to select tun0 and press the space bar. Then press TAB to navigate to the options at the bottom of the screen. Once selected, press Enter to save your settings and continue.
Then choose your preferred DNS. Then you can change it or put several.
You can choose to block ads (you can add your own lists later):
The installer will also ask you if you want to install a web panel, I highly recommend that you install it so that you can connect to the server with a password from anywhere on the local network and manage your DNS / blacklist and have traffic statistics. Open port 53 and 80 for our OpenVPN subnet If you have FireWall UFW installed and running, enter the following commands: ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 80 ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 53 ufw allow proto udp from 10.8.0.0/24 to 10.8.0.1 port 53 If your FireWall is disabled, then you do not need to enter anything else. For your web browser to work properly, open the ports for HTTP and HTTPS traffic in your firewall. sudo ufw allow http sudo ufw allow https You also need to allow web traffic in the 10.8.0.0/24 range to go through the VPN server at 10.8.0.1 and port 80.sudo ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 80 Restart UFW. sudo ufw reload If the firewall restarted successfully, you will see: Firewall reloaded For normal operation of the web interface, we will perform some more operations. First of all, we will set the owner and a new set of rights to configuration files and databases, if this is not done, then the web interface will work only for reading, and when you try to create any new object, you will receive an error: Error, something went wrong! While executing: attempt to write a readonly database. chown -R pihole: pihole / etc / pihole chmod -R g + rw, u + rw / etc / pihole Then add the webserver user to the pihole group: usermod -aG www-data pihole This completes the installation. To update Pi-hole itself, run the console command: pihole -up This can be done even under a regular account, in which case you will be prompted for a sudo password and elevation of rights will occur automatically.
Configuring your home router Without VPN, only through DNS I, of course, cannot close the variety of routers with this text. But for most home routers, the following points are true: 1) You can set a custom DNS server in the WAN interface settings for the router, even if the IP address is obtained dynamically from the provider 2) The router issues its address to internal clients as DNS and forwards their requests to the server specified in the WAN settings Accordingly, in this case, we need and just register the address of our Pi-Hole as a DNS server in the WAN interface settings of the home router. It is important that it is the only DNS server in the settings, if any other is specified - the router will balance requests between them according to the principle known only to him and this situation is extremely inconvenient for debugging network problems. If suddenly something went wrong and the service stopped working, it is enough to change the above setting to the address of your provider's DNS server or, for example, 8.8.8.8, and only then start to understand. With openVPN and DNS The whole idea behind a VPN is that it is a tunnel from the outside of your network to the inside. This means that you need to configure your router to allow certain connections.
In this article, we will create our own VPN server that will bypass blocking and slowdowns of sites, as well as block really harmful content (trackers, ads and other garbage) on sites.
While online advertising is the main source of income that allows your favorite websites, including this one, to make money, sometimes people want to block it for various reasons, such as performance or privacy concerns. There are many blocking methods, everyone chooses them independently. These are mainly browser extensions like uBlock, AdBlock, and so on. But there is a problem: if you have many devices (including mobile ones), you need to install cutters on each device and then make sure that they work correctly. This tutorial will guide you through installing and configuring OpenVPN and Pi-hole as a network filter to block DNS-based ads for all devices connected to your network. VPN (Virtual Private Network) is a proven solution for years to ensure anonymity on the Internet, while encrypting and compressing all transmitted traffic. The essence of the technology lies in the fact that a special client program is installed on your computer, which encrypts all transmitted data “on the fly” and transparently for the user and transfers it to an intermediate computer (VPN server). The VPN server has special software that decrypts traffic and sends it in the right direction.
Configuring the Pi-Hole As the project name suggests, Pi-Hole isn't just reserved for the Raspberry Pi. You can also run it on a traditional server, and we're going to do it. Update and install new packages: sudo apt update -y && sudo apt upgrade -y Install curl: sudo apt install curl Next, all you need to do is run this simple command: curl -sSL https: //install.pi-hole. net | bash When asked if you would like to install Pi-hole on your server and provide a static IP, check yes. In the next window - Choose An Interface - the wizard will prompt you to select the interface that Pi-hole will listen on. To use Pi-hole to monitor the VPN network interface, use the arrow keys on your keyboard to select tun0 and press the space bar. Then press TAB to navigate to the options at the bottom of the screen. Once selected, press Enter to save your settings and continue.
In the next window - Choose An Interface - the wizard will prompt you to select the interface that Pi-hole will listen on. To use Pi-hole to monitor the VPN network interface, use the arrow keys on your keyboard to select tun0 and press the space bar. Then press TAB to navigate to the options at the bottom of the screen. Once selected, press Enter to save your settings and continue.
Then choose your preferred DNS. Then you can change it or put several.
You can choose to block ads (you can add your own lists later):
The installer will also ask you if you want to install a web panel, I highly recommend that you install it so that you can connect to the server with a password from anywhere on the local network and manage your DNS / blacklist and have traffic statistics. Open port 53 and 80 for our OpenVPN subnet If you have FireWall UFW installed and running, enter the following commands: ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 80 ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 53 ufw allow proto udp from 10.8.0.0/24 to 10.8.0.1 port 53 If your FireWall is disabled, then you do not need to enter anything else. For your web browser to work properly, open the ports for HTTP and HTTPS traffic in your firewall. sudo ufw allow http sudo ufw allow https You also need to allow web traffic in the 10.8.0.0/24 range to go through the VPN server at 10.8.0.1 and port 80.sudo ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 80 Restart UFW. sudo ufw reload If the firewall restarted successfully, you will see: Firewall reloaded For normal operation of the web interface, we will perform some more operations. First of all, we will set the owner and a new set of rights to configuration files and databases, if this is not done, then the web interface will work only for reading, and when you try to create any new object, you will receive an error: Error, something went wrong! While executing: attempt to write a readonly database. chown -R pihole: pihole / etc / pihole chmod -R g + rw, u + rw / etc / pihole Then add the webserver user to the pihole group: usermod -aG www-data pihole This completes the installation. To update Pi-hole itself, run the console command: pihole -up This can be done even under a regular account, in which case you will be prompted for a sudo password and elevation of rights will occur automatically.
Configuring your home router Without VPN, only through DNS I, of course, cannot close the variety of routers with this text. But for most home routers, the following points are true: 1) You can set a custom DNS server in the WAN interface settings for the router, even if the IP address is obtained dynamically from the provider 2) The router issues its address to internal clients as DNS and forwards their requests to the server specified in the WAN settings Accordingly, in this case, we need and just register the address of our Pi-Hole as a DNS server in the WAN interface settings of the home router. It is important that it is the only DNS server in the settings, if any other is specified - the router will balance requests between them according to the principle known only to him and this situation is extremely inconvenient for debugging network problems. If suddenly something went wrong and the service stopped working, it is enough to change the above setting to the address of your provider's DNS server or, for example, 8.8.8.8, and only then start to understand. With openVPN and DNS The whole idea behind a VPN is that it is a tunnel from the outside of your network to the inside. This means that you need to configure your router to allow certain connections.
