Online ads are getting more and more annoying by the day, not to mention most of the time they are inappropriate for adults let alone kids. So my daughter (10yo) set up a Pi Hole AD blocker with two Raspberry Pis (on different locations) and VPN so you can safely browse the internet even when you are not at home (using your local network).

The setup is quite easy, she managed to make it happen in less than an hour, so I’m guessing it should not be hard for anybody.

Please note that all the subnet IPs need to be changed to whatever your router or ISP provides. Our ISP’s router uses but most of you will probably use

First, install Raspberry Pi OS to your MicroSD card. I suggest doing it the easy way and just install Raspberry Pi Imager to your PC. Simply insert the MicroSD and select your OS. I suggest you use the “lite” version of the OS without a desktop so that your PI will run faster.

Once it’s done, stick the MicroSD card to your PI, connect everything and start it up!

Do a simple (with sudo of course)

apt update


apt upgrade

before starting anything and then we install Pi Hole (on both devices of course! You can also use just one Raspberry PI for this Pi Hole project if you do not have two locations available):

curl -sSL | bash

After the installation is complete, open up your browser and:

In the Pi Hole Admin page in Settings –> DNS, make sure that Listen on all interfaces, permit all origins is selected if not the queries will get blocked.

You also need Pi Hole blocklists. My large list of everything can be found on my GitHub page

These next steps are if you will be using two Raspberry Pis in your configuration, otherwise, SKIP to the part where we install TAILSCALE VPN.

Now we install Gravity Sync on both Raspberry Pis.

curl -sSL | bash

First Gravity sync should be run from your already configured Raspberry PI:

gravity-sync push

Now we tell them to sync among themselves:

gravity-sync auto
Installing the “VPN” Tailscale
(duplicate these instructions on both Raspberry Pis if you are using two)
curl -fsSL | sh

Since we are in the year 2023 let’s enable IPv6 support on these Raspberry Pis:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf

Start up Tailscale on both Pis (change this line to fit YOUR subnet):

sudo tailscale up --advertise-exit-node --advertise-routes= --accept-dns=false

You will be shown a link that you follow in your browser. Open it, create your account and you are almost done!


Once you have created your account and logged in to Tailscale click on the “three dots” next to the Machine of every Pi Hole and click “Disable key expiry”, since these PIs won’t be seen outside your network without the VPN they don’t need to re-authenticate each time. After that, we need to find “Edit route settings” from the same drop-down menu, and make sure it looks like this:

Now some claim to have issues if you use Exit nodes but I have had none so, even if you don’t use the Exit node, you will still benefit from the Pi-Hole’s protection.

After doing this copy the “Public IP’s” of your Raspberry Pis and head over to the DNS tab inside Tailscale, and set it as such:

Under Global nameservers input the IP addresses of your Raspberry Pis and click “Override local DNS”. Click Save.


And that is it. Now you can install Tailscale on any of your devices, login, enable VPN and you will be protected from ADs, Malware, and other evilness of the internet even when you are away from your local network.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.