Pi-hole, Wireguard and Privoxy. Providing an ad-blocking VPN protected proxy server.
Build your own internal ad blocker - also serving as a VPN protected proxy server. Give you anonmous, ad-free internet access across your home network.
In this tutorial I'll detail setup using Wireguard - but the same approach can be used with the OpenVPN client.
Get your Raspberry Pi up and running First of your going to need a Raspberry Pi - a model 2 or later is preferable - along with a Micro SD Card, monitor and keyboard.
- Download the latest (lite) version of Rasbian from here - https://www.raspberrypi.org/downloads/raspbian/
- Flash this to your SD card using a tool like Etcher (https://www.balena.io/etcher/)
- Insert the flashed SD card into the Raspberry Pi - and for this intial bit of setup you'll also need it connected to a monitor and keyboard as well.
- Boot the device and login with the default credentials (Username: pi) (Password: raspberry). It' best practce to now set a custom password. Runn the
passwd
command to set your own password. - Next we need to enabled SSH access so we can work on the Pi remotely. Run the command
sudo raspi-config
to open the configurator tool. - Selection option (5) 'INTERFACE OPTIONS' and select 'P2 SSH' from the list to enable SSH access to the Raspberry Pi.
- Enter the command
ifconfig
to reveal network information - an 'inet' value will be shown your connected network adapters - make note of the releant number - you'll need this to connect remotley to the Raspberry Pi. - Ideally you'll want to set this as a reserver (fixed) IP for this machine via your router configuration page
- Download a tool like Putty (https://putty.org/) and connect to the Raspberry Pi from your desktop / laptop PC uing the IP address from the step above - the username 'pi' and the password you specified in step 4.
- Once you've into your Raspberry Pi - it's best practice to ensure all packages are up to date. Run
sudo apt-get update && sudo apt-get upgrade -y
to check for new packages and install any updates.
See full installation instructions here - https://github.com/pi-hole/pi-hole/#one-step-automated-install
For the quick and easy option -
curl -sSL https://install.pi-hole.net | bash
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. (https://www.wireguard.com/)
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install raspberrypi-kernel-headers
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list
sudo apt-get install dirmngr
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable
sudo apt-get update
sudo apt-get install wireguard
sudo reboot
From here follow the instructions from your VPN provider. I recommend https://mullvad.net/
See the guide from anudeepND (https://github.com/anudeepND) - here - https://github.com/anudeepND/pihole-unbound
Privoxy is a proxy server application used to route internet traffic. By empoying a proxy server on a machine connected to the internet via VPN - we get the benefits of that VPN connected. The same proxy server can be used across devices on your network - from computers, phones, tablets and more.
- Install Privoxy using the command
sudo apt-get install privoxy -y'
. - Open the configuration file with the command `sudo nano /etc/privoxy/config'.
- Look for the line
listen-address 127.0.0.0:8118
- this is the address and port the proxy server is running on. - Update the listen address IP to match the IP address of the Raspberry Pi server you are connected to.
- Restart the Privoxy service with
sudo service privoxy restart
Set your router primary DNS settings to the IP address of your Raspberry Pi server. All request made by devices on the network will be resolved via the Unbound DNS resolver and adverts blocked by Pi-hole.
With Privoxy running - your device acts as a proxy server than can be used by any device on the network. Configure your application to use the proxy server at the address and port specified for the listen-address
during Privoxy setup.