A Guide for WireGuard VPN Setup with Pi-Hole Adblock and Unbound DNS
13 hours ago
- #VPN
- #Wireguard
- #Self-Hosting
- The author switched from Mullvad VPN to a self-hosted Wireguard setup for more control over DNS and network access.
- A VPS is used as the central hub in a hub-and-spoke topology, handling inter-device communications and serving as an exit node for internet traffic.
- Devices are assigned static IPs within the 10.10.10.0/24 range, with the VPS at 10.10.10.1.
- The VPS setup includes SSH key authentication, changing the default SSH port, disabling root login, and configuring unattended upgrades.
- UFW (Uncomplicated Firewall) is configured to allow only SSH and Wireguard ports, with logging enabled and ping requests disabled.
- Wireguard is installed and configured with the VPS acting as a server, using pre-shared keys for each client device.
- Pi-Hole is installed on the VPS to provide DNS-based ad-blocking, with Unbound set up as a recursive DNS resolver for privacy.
- Client devices connect to the VPS via Wireguard, using configuration files with unique keys and the VPS as the DNS server.
- Local DNS records are added to Pi-Hole to allow access to home network resources via custom domain names (e.g., emby.home.server).
- Performance testing is done using iperf3 to check connection speeds between the VPS and clients.
- The guide concludes with recommendations to support open-source projects like Wireguard, Pi-Hole, and Unbound.