Pi-hole is free and open source software to block ads and tracking domain. It is released under the GNU General Public License. The biggest advantage is ad blocking on all devices on the network from your smartphone to your tablets including all desktop computers. It even blocks in app ads on iOS and Android/Windows devices. The benefits are as follows:
- Blocks all advertisements using network-level DNS based blocking.
- Works with both apps and websites regardless of operating system.
- You can pair your Pi-hole with a VPN software such as OpenVPN for on-the-go ad-blocking and save on data 3G/4G/LTE costs.
- You can get improved privacy and security due to blocking of ads and tracking codes.
This tutorial provides step-by-step instructions for configuring an OpenVPN server on a Debian or Ubuntu Linux v14.04/16.04 LTS including Pi-hole ad blocking software. The steps are as follows.
Type the following two commands:
$ wget https://git.io/vpn -O openvpn-install.sh
$ sudo bash openvpn-install.sh
Just follow on screen instructions to install the OpenVPN server. See our step-by-step guide for more detailed information on setting up an OpenVPN server on Linux.
Installing Pi-hole on a Linux server
At this stage I am assuming that you have a working OpenVPN server. The client is also configured to OpenVPN on OSX/Windows/Linux/FreeBSD/iOS/Andriod devices.
Note down your OpenVPN server IP address
Type the following command:
$ ip a show dev tun0
Please note down 10.8.0.1/24 IP address. You also need to provide tun0 as an interface name including your default gateway IP address such as 192.168.2.254:
$ ip r | grep default
default via 192.168.2.254 dev br0 onlin
Our sample setup
Pi-hole was designed for Raspberry PI hardware but works with Ubuntu and Debian based Linux distro. In this example, I am setting up on a Ubuntu 16.04 LTS server.
Run the install command as follows:
$ wget -O basic-install.sh https://install.pi-hole.net
$ sudo bash basic-install.sh
You will see progress on screen as follows:
This installer will transform your device into a network-wide ad blocker. The Pi-hole is a SERVER so it needs a STATIC IP ADDRESS to function properly.
Choose an interface for Pi-hole
Select protocols for dns server
Setup a static IP address (select No)
Next enter OpenVPN’s server IP address as follows:
Finally enter your default router/gateway IP address:
Confirm the settings:
Setup upstream DNS IP address
And you are done:
Type the following command on Pi-hole to see if DNS is working or not:
$ host cyberciti.biz 10.8.0.1
Using domain server: Name: 10.8.0.1 Address: 10.8.0.1#53 Aliases: cyberciti.biz has address 188.8.131.52 cyberciti.biz mail is handled by 1 aspmx.l.google.com. cyberciti.biz mail is handled by 10 aspmx2.googlemail.com. cyberciti.biz mail is handled by 10 aspmx3.googlemail.com. cyberciti.biz mail is handled by 5 alt1.aspmx.l.google.com. cyberciti.biz mail is handled by 5 alt2.aspmx.l.google.com.
Now try to lookup ad server IP address:
$ host pagead2.googlesyndication.com 10.8.0.1
Using domain server: Name: 10.8.0.1 Address: 10.8.0.1#53 Aliases: pagead2.googlesyndication.com has address 10.8.0.1
As you can see 10.8.0.1 is not a valid public IP address hence any ads coming from pagead2.googlesyndication.com will be served by our own Pi-hole.
Update OpenVPN config to push our PI-hole dns server
Type the following command:
$ sudo vi /etc/openvpn/server.conf
Delete or comment out existing DNS entries:
#Stop using Google DNS for our OpenVPN
#push "dhcp-option DNS 184.108.40.206"
#push "dhcp-option DNS 220.127.116.11"
Next add our PI-Hole DNS IP address:
push "dhcp-option DNS 10.8.0.1"
Save and close the file. Restart the OpenVPN server:
$ sudo systemctl restart openvpn@server
Open port 53 and 80 for our OpenVPN subnet
Type the following commands:
$ ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 80
$ ufw allow proto tcp from 10.8.0.0/24 to 10.8.0.1 port 53
$ ufw allow proto udp from 10.8.0.0/24 to 10.8.0.1 port 53
Now reconnect all OpenVPN clients and you should able to browser everything without ads on your mobile devices. You can view PI-hole stats with the following url:
You can white-list or blacklist certain domains.
And there you have it, Pi-hole installed and configured on Debian or Ubuntu Linux along with an OpenVPN server. See Pi-hole.net for more information.