Online ads are getting more and more annoying by the day, not to mention most of the time they are inappropriate for adults let alone kids. So my daughter (10yo) set up a Pi Hole AD blocker with two Raspberry Pis (on different locations) and VPN so you can safely browse the internet even when you are not at home (using your local network).
The setup is quite easy, she managed to make it happen in less than an hour, so I’m guessing it should not be hard for anybody.
Please note that all the subnet IPs need to be changed to whatever your router or ISP provides. Our ISP’s router uses 192.168.64.0/255 but most of you will probably use 192.168.1.0/255.
First, install Raspberry Pi OS to your MicroSD card. I suggest doing it the easy way and just install Raspberry Pi Imager to your PC. Simply insert the MicroSD and select your OS. I suggest you use the “lite” version of the OS without a desktop so that your PI will run faster.
Once it’s done, stick the MicroSD card to your PI, connect everything and start it up!
Do a simple (with sudo of course)
before starting anything and then we install Pi Hole (on both devices of course! You can also use just one Raspberry PI for this Pi Hole project if you do not have two locations available):
curl -sSL https://install.pi-hole.net | bash
After the installation is complete, open up your browser and:
In the Pi Hole Admin page in Settings –> DNS, make sure that Listen on all interfaces, permit all origins is selected if not the queries will get blocked.
You also need Pi Hole blocklists. My large list of everything can be found on my GitHub page
These next steps are if you will be using two Raspberry Pis in your configuration, otherwise, SKIP to the part where we install TAILSCALE VPN.
Now we install Gravity Sync on both Raspberry Pis.
curl -sSL https://gravity.vmstan.com | bash
First Gravity sync should be run from your already configured Raspberry PI:
Now we tell them to sync among themselves:
Installing the “VPN” Tailscale
(duplicate these instructions on both Raspberry Pis if you are using two)
curl -fsSL https://tailscale.com/install.sh | sh
Since we are in the year 2023 let’s enable IPv6 support on these Raspberry Pis:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
Start up Tailscale on both Pis (change this line to fit YOUR subnet):
sudo tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24 --accept-dns=false
You will be shown a link that you follow in your browser. Open it, create your account and you are almost done!
Once you have created your account and logged in to Tailscale click on the “three dots” next to the Machine of every Pi Hole and click “Disable key expiry”, since these PIs won’t be seen outside your network without the VPN they don’t need to re-authenticate each time. After that, we need to find “Edit route settings” from the same drop-down menu, and make sure it looks like this:
Now some claim to have issues if you use Exit nodes but I have had none so, even if you don’t use the Exit node, you will still benefit from the Pi-Hole’s protection.
After doing this copy the “Public IP’s” of your Raspberry Pis and head over to the DNS tab inside Tailscale, and set it as such:
Under Global nameservers input the IP addresses of your Raspberry Pis and click “Override local DNS”. Click Save.
And that is it. Now you can install Tailscale on any of your devices, login, enable VPN and you will be protected from ADs, Malware, and other evilness of the internet even when you are away from your local network.