Originally Posted https://darnahsan.medium.com/ad-blocking-vpn-with-dns-over-https-on-a-raspberry-pi4-d2c608895211 Published on August 13th, 2020
I recently bought a Raspberry Pi4 with just an idea of setting up an OpenVPN node for fun. Once it arrived it felt like a COVID19 impulse buy ๐ when I could have gotten an instance in cloud for as low as 4 SGD and use it for almost 3 years to break even the cost. So I started exploring what more could I do, while doing more and more DuckDuckGo searches I realized I could set up an Ad blocking DNS using PiHole. As there is now the hype of DoHโโโDNS over HTTPS, so I explored if I could do that and yes there was a way OSS FTW. Once I settled on Pi hole and cloudflared for an Ad blocking DoH for home network, I wanted to setup a VPN which would not just be a VPN but an Ad blocking VPN. I have been using and advocating ppl to use Blokada to run a localhost VPN and block ads on their devices and I do that on my mobile, tablet and even TV but when I had to use a VPN and turn off bloakda there would be a wave of #Ads that would hit me. My initial pick was based on the most commonly known option OpenVpn but turns out the Raspberry Pi4 doesnโt have the power to do crypto efficiently but I thought it was a compromise worth making that is when I stumbled across WireGuard protocol the new kid on the block which is simpler and faster and less resource hungry than OpenVpn and simpler to setup also ๐ . Once settled on all the components it was time to set them up on the Pi and setup some port forwarding on the router. God bless Docker as I didnโt wanted to install each of these and run into dependency pains on ARM64 architecture. Hooked it all using Docker Compose and now I have a VPN that has Ad blocking built in and at home a WiFi that blocks all ads on my devices. The biggest win of running the VPN from home is the residential IP I get as most of the VPNs use data centers that give limited speed and bandwidth and have a bad reputation and are blocked by service providers. It feels like an achievement ๐ so will put out the repo for anyone to be able to run this setup at home and #ReclaimYourInternet. Yes there are plenty of tutorials over how to set them up but not all 3 together so it takes some effort to know what you have to do. I know ppl would think can just install a plugin such as Adblocker in broswer and get done with it at home but then again they are collecting all the data its just that they sell it "anonymised". Block them at the source and protect your data. The results are pretty decent, the latency is lower and the upload speeds are similar on the VPN. Overall its a win win utilisation of the Pi4. ๐
Also donโt forget all those commercial VPN services you pay for log every bit of your browsing history and then they lose it on the internet and it ends up for sale on the #DarkWeb. Never trust anyone with your browsing history ๐
As committed here is the repo for #Constantine a setup for an Ad blocking #VPN with #DNS over #HTTPS using #cloudflared + #pihole + #WireGuard. Currently running on a #RaspberryPi4 #Docker composed
OSS
ahsandar / constantine
Ad blocking VPN with DNS over HTTPS using cloudflared + pihole + WireGuard. Currently running on a Raspberry Pi 4 Docker Composed
On github its a mirror of a private gitlab repo
Constantine
Ad blocking VPN with DNS over HTTPS using cloudflared + pihole + WireGuard. Currently running on a Raspberry Pi 4
Pi hole
VARS
export TZ=<set value> # set timezone for your origin for e.g. Asia/Singapore
export WEBPASSWORD=<set value> # set password for pi hole dashboard
export DNS1=<set value> # set to the docker IP assigned to cloudflared
export DNS2=<set value> # set any public DNS Quad9 Cloudflare Google OpenDNS
Cloudflared
VARS
export CLOUDFLARED_DNS1=<set value> # set any public DNS Quad9 Cloudflare Google OpenDNS
export CLOUDFLARED_DNS2=<set value> # set any public DNS Quad9 Cloudflare Google OpenDNS
WireGuard
VARS
export PEERS=<set value> #total number of peers
export PUID=<set value> # find usinng -> id <username>
export PGID=<set value> # find usinng -> id <username>
To run
Turn off local resolver
Use the script local_resolver_stop.sh
./local_resolver_stop.sh
If you stop the containers, localโฆ
Top comments (0)