I’ve had a Raspberry Pi running Pi-hole for a couple years now, and I’ll always have one from now on. I’ve heard there may be some issues with encryted DNS, but no doubt the open source community will figure out a solution.

I’ve also been setting up more self-hosted services on my home network, and some of them I don’t actually want to open up to the internet. They all have internet access (for the most part), but I cannot access the services outside of my home network. This has been okay, but then I installed Nextcloud. I really wanted a way to access that data on the go, but I still wasn’t sure if I wanted to put my Nextcloud outside of the home firewall yet.

So instead, I set up a VPN on the same Raspberry Pi running Pi-hole. It’s been running perfectly so far! Once I turn on the VPN, I can upload and download files to Nextcloud. It also gives me access to some other services like Home Assistant.

To get the VPN set up, I used the incredibly easy-to-use package called PiVPN. Running the command below on your Pi will pull the necessary packages, install them, and start the install process.

curl -L https://install.pivpn.io | bash

The install process walks you through the process in a pretty simple way. If you have some basic networking and Linux knowledge, you will be fine. If you like a little more help, I’d suggest this walkthrough from PiMyLifeUp with step-by-step screenshots to help get through the installer. The screenshots are a little old, but they include the important parts.

There must have been an update to the installer since the screenshots were taken. The installer will now detect if you have Pi-hole running and offer to setup ad-blocking on your VPN connections. Of course I said yes, and after a reboot, everything was ready to go.

There are some additional changes to make if you have some issues with the Pi-hole section of the setup. Several people online pointed to this tutorial from Marc Stan. Again, the data is a little older, but it may be helpful if you have issues.

In particular, he mentions editing /etc/openvpn/server.conf to include

push "dhcp-option DNS 10.8.0.1"

so that OpenVPN will forward DNS requests to your Pi-hole.

In addition, edit /etc/pihole/setupVars.conf to add "PIHOLE_INTERFACE=tun0" below the entry already there. It will end up looking like this:

PIHOLE_INTERFACE=eth0 # change to wlan0 if using a wifi connection
PIHOLE_INTERFACE=tun0 # this is the new addition

Lastly, create and edit the file /etc/dnsmasq.d/02-ovpn.conf and add the single line:

interface=tun0

Now the PiVPN and Pi-hole are both working and talking to each other. The next step is to create a new OvenVPN profile.

Enter

pivpn add

and you will be walked through the process of creating a new user. You’ll need to give the user a name and a password. PiVPN will spit out a .ovpn profile that you can then download and open in the OpenVPN application to connect to the VPN.

There are several ways to go about transfering the profile to another computer, but getting it onto an iPhone can be a particular pain. Luckily, python is running on our Raspberry Pi, so we can use the ability to create a simple HTTP server.

Run the command below in the folder holding the OpenVPN profile:

python -m SimpleHTTPServer 8080

Then, go to http://IP.OF.YOUR.PI:8080 and should see a link to the profile. Click it to download the profile and open it up in the OpenVPN app on your phone. It will ask for the password you set earlier, and once you enter it in you should be all set. Turn off wifi, and test that you can connect to your home nextwork.