This post is about combing the previous post of creating a Wireguard VPN gateway for your network on a Raspeberry Pi, with a Pi-hole using Unbound on the very same Raspberry Pi (or any device or VM of your choosing). Why use Pi-hole and Unbound is well explained here. Using VPN you add another layer of security so your local provider, your government or any third party cannot mess with your DNS requests. At the same time you avoid DNS leaks if you want to use VPN on a client of yours but also want to filter your request using Pi-hole. Well if you landed in this page you probably know what i am talking about.
Step 1
So you have to first follow the steps of this post to setup the Wireguard VPN.
Step 2
Then you have to install Pi-hole using
curl -sSL https://install.pi-hole.net | bash
or follow this
One thing to be careful: since the gw0 tunnel will be up, set the correct ip address and gateway in the Pi-hole installer.
Step 3
Now its time to setup Unbount. This is very well documented in the Pi-hole docs
Step 4
Final step is to update the iptables rules from the step one to allow your clients to access the webserver of pi-hole, make the DNS requests as well as get the DHCP addressing from the Pi-hole, which is highly advisable.
sudo iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT sudo iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT sudo iptables -A INPUT -i eth0 -p udp --dport 67 -j ACCEPT sudo iptables -A INPUT -i eth0 -p udp --dport 68 -j ACCEPT sudo netfilter-persistent save sudo netfilter-persistent reload
Conclusion
Now you have a Raspberry Pi that can act as a DNS server, DHCP server and a gateway to route your traffic through the VPN provider of your choice. So go ahead and set the DNS and gateway in your pc’s to use the IP of the Pi-hole, so they can use the Pi-hole filtering and route the traffic through the VPN or you can use just the DNS and route your traffic through your ISP butat the same time keep the DNS requests routed throught the Pi-hole filtes and then through the VPN connection.
It is always a matter of who you trust more. Your government, your ISP provider or a VPN provider.
... 