Pi-hole + OpenVPN installtion

$ wget https://git.io/vpn -O openvpn-install.sh
$ chmod 755 openvpn-install.sh

SET:
Listen Address: –choose your internet facing address (eg. eth0)
Protocol: UDP (if blocked by firewall choose TCP)
Port: default is 1194, you can change this to other port such as 443/80
DNS: set to pihole’s address eg.  192.168.1.2
Client Name: MyVPN1

We now need to install pi-hole, choose your VPN’s as the interface (eg. tun0) in the installation
wizard

$ curl -sSL https://install.pi-hole.net | bash

MISC:
TO add another client, just re run the openvpn-install.sh and choose add client in the options.
The client .ovpn is located at /root
You can add other DNS to the VPN just append to the file /etc/openvpn/server.conf

push "dhcp-option DNS 1.1.1.1"

Add your LAN append again in the file:

push "route 192.168.1.0 255.255.255.0"

If you cannot use the pihole dns as it may be is blocked by pihole you can set the allowed users
of the pihole DNS, by defult this is set to LocalNet (one hop away), we do not recommend to ALLOW
FROM ALL ORIGIN since this will open your pihole to outside world and attackers will use it to a
Distributed DNS reflection attack. You can however open pihole to all origin if you are using a
firewall like iptables/ufw.

You need to setup a Dynamic DNS hostname for your OpenVPN since the IP address of your Pi will
change dynamically unless you are using a static IP (which I think is more expensive).
You can register for a free dynamic dns service at afraid.org and nsupdate.info
Edit the file /etc/openvpn/client-common.txt and edit the line:

 remote myhost.mooo.com 1194

Add the ddns record to our pi:

$ pihole -a hostrecord myhost.mooo.com 192.168.1.2

change 192.168.1.2 to your Pi VPN IP internal LAN. You also need to configure packet forwarding:

$ sudo nano /etc/sysctl.conf
 net.ipv4.ip_forward=1
 $ sudo nano /etc/default/ufw
 DEFAULT_FORWARD_POLICY="ACCEPT"
 $ sudo nano /etc/ufw/before.rules

 # APPEND THE FF. AFTER THE FILTER*
 #  WARNING: BE SURE TO CHECK YOUR SYNTAX, IF YOU SOMEHOW MISTYPED A SYNTAX IT WILL RESULT IN A UFW
 # BLOCKING EVERYTHING #START OPENVPN #NAT Table Rules *nat :POSTROUTING ACCEPT [0:0] #allow traffic from OVPN client to eth0 -A POSTROUTING -s 10.0.8.0/8 -o eth0 -j MASQUERADE COMMIT #END OPENVPN

Download OpenVPN client for Windows, OpenVPN for Android and Linux to start connecting to your Pi-holed Home VPN, you can also access your home devices using this VPN, the connection is encrypted.

Starting openvpn with GNU/Linux:
$ sudo openvpn --config MyVPN1.ovpn

Except where otherwise noted, this work is licensed under Creative Commons Attribution-ShareAlike 4.0 International License (http://creativecommons.org/licenses/by-sa/4.0/).
I hope that this post is useful to you, if you liked this post you may support me via liberapay. Thank you for your support.

Donate using Liberapay