DEV Community

Cover image for Ad blocking VPN with DNS over HTTPS on a Raspberry Pi4
Ahsan Nabi Dar
Ahsan Nabi Dar

Posted on

Ad blocking VPN with DNS over HTTPS on a Raspberry Pi4

Originally Posted https://darnahsan.medium.com/ad-blocking-vpn-with-dns-over-https-on-a-raspberry-pi4-d2c608895211 Published on August 13th, 2020

I recently bought a Raspberry Pi4 with just an idea of setting up an OpenVPN node for fun. Once it arrived it felt like a COVID19 impulse buy ๐Ÿ˜… when I could have gotten an instance in cloud for as low as 4 SGD and use it for almost 3 years to break even the cost. So I started exploring what more could I do, while doing more and more DuckDuckGo searches I realized I could set up an Ad blocking DNS using PiHole. As there is now the hype of DoHโ€Šโ€”โ€ŠDNS over HTTPS, so I explored if I could do that and yes there was a way OSS FTW. Once I settled on Pi hole and cloudflared for an Ad blocking DoH for home network, I wanted to setup a VPN which would not just be a VPN but an Ad blocking VPN. I have been using and advocating ppl to use Blokada to run a localhost VPN and block ads on their devices and I do that on my mobile, tablet and even TV but when I had to use a VPN and turn off bloakda there would be a wave of #Ads that would hit me. My initial pick was based on the most commonly known option OpenVpn but turns out the Raspberry Pi4 doesnโ€™t have the power to do crypto efficiently but I thought it was a compromise worth making that is when I stumbled across WireGuard protocol the new kid on the block which is simpler and faster and less resource hungry than OpenVpn and simpler to setup also ๐Ÿ˜…. Once settled on all the components it was time to set them up on the Pi and setup some port forwarding on the router. God bless Docker as I didnโ€™t wanted to install each of these and run into dependency pains on ARM64 architecture. Hooked it all using Docker Compose and now I have a VPN that has Ad blocking built in and at home a WiFi that blocks all ads on my devices. The biggest win of running the VPN from home is the residential IP I get as most of the VPNs use data centers that give limited speed and bandwidth and have a bad reputation and are blocked by service providers. It feels like an achievement ๐Ÿ˜‚ so will put out the repo for anyone to be able to run this setup at home and #ReclaimYourInternet. Yes there are plenty of tutorials over how to set them up but not all 3 together so it takes some effort to know what you have to do. I know ppl would think can just install a plugin such as Adblocker in broswer and get done with it at home but then again they are collecting all the data its just that they sell it "anonymised". Block them at the source and protect your data. The results are pretty decent, the latency is lower and the upload speeds are similar on the VPN. Overall its a win win utilisation of the Pi4. ๐Ÿ˜

Also donโ€™t forget all those commercial VPN services you pay for log every bit of your browsing history and then they lose it on the internet and it ends up for sale on the #DarkWeb. Never trust anyone with your browsing history ๐Ÿ˜œ

As committed here is the repo for #Constantine a setup for an Ad blocking #VPN with #DNS over #HTTPS using #cloudflared + #pihole + #WireGuard. Currently running on a #RaspberryPi4 #Docker composed

OSS

GitHub logo ahsandar / constantine

Ad blocking VPN with DNS over HTTPS using cloudflared + pihole + WireGuard. Currently running on a Raspberry Pi 4 Docker Composed

On github its a mirror of a private gitlab repo

Constantine

Constanine

Ad blocking VPN with DNS over HTTPS using cloudflared + pihole + WireGuard. Currently running on a Raspberry Pi 4

Pi hole

VARS

export TZ=<set value> # set timezone for your origin for e.g. Asia/Singapore
export WEBPASSWORD=<set value> # set password for pi hole dashboard
export DNS1=<set value> # set to the docker IP assigned to cloudflared
export DNS2=<set value> # set any public DNS Quad9 Cloudflare Google OpenDNS

Cloudflared

VARS

export CLOUDFLARED_DNS1=<set value> # set any public DNS Quad9 Cloudflare Google OpenDNS
export CLOUDFLARED_DNS2=<set value> # set any public DNS Quad9 Cloudflare Google OpenDNS

WireGuard

VARS

export PEERS=<set value> #total number of peers
export PUID=<set value> # find usinng -> id <username&gt
export PGID=<set value> # find usinng -> id <username&gt

To run

Turn off local resolver

Use the script local_resolver_stop.sh

./local_resolver_stop.sh

If you stop the containers, localโ€ฆ

Top comments (0)