arno/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole synced 2025-03-01 08:52:28 +00:00
Code Issues Releases Wiki Activity

Created Pi-hole VPN (markdown)

DL6ER 2016-12-18 16:15:43 +01:00
parent 82e78be2dd
commit 7bebbc84e6
1 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
Pi-hole-VPN.md Normal file

@ -0,0 +1,66 @@
This tutorial walks you through the installation of Pi-hole combined with an VPN server for secure access from remote clients. It is based on this [HowTo](https://discourse.pi-hole.net/t/pi-hole-with-openvpn-vps-debian/861) on [Discourse](https://discourse.pi-hole.net).
### Install OpenVPN server
Using the quick OpenVPN "road warrior" installer. It should be fine using the suggested defaults if you have no special needs
```bash
wget https://git.io/vpn -O openvpn-install.sh
sudo bash openvpn-install.sh
```
---
### Install Pi-hole
Chose `tun0` as networking interface. If `tun0` isn't available, the installation of the OpenVPN server failed.
```bash
curl -L https://install.pi-hole.net | bash
```
---
### Edit your VPN server settings
to use your Pi-hole as DNS server
First, get the IP of your `tun0` interface:
```
ifconfig tun0 | grep 'inet addr'
```
In my case this returns
<pre>
<b>inet addr:10.8.0.1</b> P-t-P:10.8.0.1 Mask:255.255.255.0
</pre>
Afterwards, change your settings in `/etc/openvpn/server.conf` from
```
push "dhcp-option DNS 8.8.8.8"
```
to
<pre>
push "dhcp-option DNS <b>10.8.0.1</b>"
</pre>
(where you might have to replace the IP if you found something different in the previous step)
Finally, restart your OpenVPN server.
---
### Connect from a client
There are various tutorials available for all operating systems for how to connect to an OpenVPN server. I'll demonstrate the procedure here for Ubuntu Linux (which trivially extends to Linux Mint, etc.)
1. Install the necessary network-manager plugins
```
sudo apt-get install network-manager-openvpn network-manager-openvpn-gnome
sudo service network-manager restart
```
2. Securely copy the necessary certificates from your OpenVPN server to your client (e.g. using `sftp`). They are located in `/etc/openvpn/easy-rsa/pki`
You will need:
* User Certificate: `/etc/openvpn/easy-rsa/pki/issued/client.crt`
* CA Certificate: `/etc/openvpn/easy-rsa/pki/ca.crt`
* Private Key: `/etc/openvpn/easy-rsa/pki/private/client.key`
* Private Key Password: Depending on your settings (might even be empty)
* TA Key: `/etc/openvpn/ta.key`
Further details can be found in the screenshots provided below:
---
`5.` (Optional) If your server is visible to the world, you might want to limit access to from within your new VPN: Add the line `server.bind = "10.8.0.1"` (where you might have to replace the IP depending on your result in 3.1) to your `/etc/lighttpd/lighttpd.conf` and restart `lighttpd`