diff --git a/Pi-hole-VPN.md b/Pi-hole-VPN.md
new file mode 100644
index 0000000..ecc03c4
--- /dev/null
+++ b/Pi-hole-VPN.md
@@ -0,0 +1,66 @@
+This tutorial walks you through the installation of Pi-hole combined with an VPN server for secure access from remote clients. It is based on this [HowTo](https://discourse.pi-hole.net/t/pi-hole-with-openvpn-vps-debian/861) on [Discourse](https://discourse.pi-hole.net).
+
+### Install OpenVPN server
+Using the quick OpenVPN "road warrior" installer. It should be fine using the suggested defaults if you have no special needs
+```bash
+wget https://git.io/vpn -O openvpn-install.sh
+sudo bash openvpn-install.sh
+```
+---
+### Install Pi-hole
+Chose `tun0` as networking interface. If `tun0` isn't available, the installation of the OpenVPN server failed.
+```bash
+curl -L https://install.pi-hole.net | bash
+```
+---
+
+### Edit your VPN server settings
+to use your Pi-hole as DNS server
+
+First, get the IP of your `tun0` interface:
+```
+ifconfig tun0 | grep 'inet addr'
+```
+In my case this returns 
+<pre>
+<b>inet addr:10.8.0.1</b>  P-t-P:10.8.0.1  Mask:255.255.255.0
+</pre>
+
+Afterwards, change your settings in `/etc/openvpn/server.conf` from
+```
+push "dhcp-option DNS 8.8.8.8"
+```
+to
+<pre>
+push "dhcp-option DNS <b>10.8.0.1</b>"
+</pre>
+(where you might have to replace the IP if you found something different in the previous step)
+
+Finally, restart your OpenVPN server.
+
+---
+### Connect from a client
+There are various tutorials available for all operating systems for how to connect to an OpenVPN server. I'll demonstrate the procedure here for Ubuntu Linux (which trivially extends to Linux Mint, etc.)
+
+1. Install the necessary network-manager plugins
+```
+sudo apt-get install network-manager-openvpn network-manager-openvpn-gnome
+sudo service network-manager restart
+```
+
+2. Securely copy the necessary certificates from your OpenVPN server to your client (e.g. using `sftp`). They are located in `/etc/openvpn/easy-rsa/pki`
+
+You will need:
+
+* User Certificate: `/etc/openvpn/easy-rsa/pki/issued/client.crt`
+* CA Certificate: `/etc/openvpn/easy-rsa/pki/ca.crt`
+* Private Key: `/etc/openvpn/easy-rsa/pki/private/client.key`
+* Private Key Password: Depending on your settings (might even be empty)
+* TA Key: `/etc/openvpn/ta.key`
+
+Further details can be found in the screenshots provided below:
+
+
+---
+`5.` (Optional) If your server is visible to the world, you might want to limit access to from within your new VPN: Add the line `server.bind = "10.8.0.1"` (where you might have to replace the IP depending on your result in 3.1) to your `/etc/lighttpd/lighttpd.conf` and restart `lighttpd`
+