Jump to content

How to setup remote PiVPN/Pihole/Unbound DNS Server


Recommended Posts

Free PiVPN/Pihole/Unbound DNS Server for on-the-go using Linux (both the server and your computer) 

By: Badduxx (taken from WNYG Discord server 2/9/2021)

Create the instance

  1. Create or sign into your AWS account 
  2. In the services menu in the upper left part of the screen click EC2 
  3. Click Launch Instance 
  4. Select Ubuntu Server 20.04 LTS (HVM), SSD Volume Type / x86 
  5. Select the entry that says “Free Tier Eligible” 
  6. Click on the tab “6.  Configure Security Group.” 
    • Click “Add Rule” Choose HTTP from the dropdown and specify port 80 in port range box 
  7. This will allow for your http traffic to be sent and received on the server you are setting up so that your phone traffic can be forwarded successfully. 
  8. Click “Add Rule” again and select custom UDP and specify port 51820 in port range box 
    • This is the port that Wireguard (which we will set up through PiVPN later in the directions) 
  9. Put in Source for the UDP Entry 
  10. Click “Review and Launch” 
  11. Click Launch 
  12. Choose “Create a new keypair” from the drop down 
  13. Type “pi2go” or some other word you will remember (the command line directions henceforth will use “pi2go.pem” 
  14. Download Keypair to a place where you won’t delete it (I will use ~/Documents) 
  15. Click Launch 
  16. Click the instance ID link in the confirmation message, then again on the following Instance screen 
  17. Copy/note the public IP address for your instance
  18. Open a terminal
    • sudo chmod 400 ~/Downloads/pi2go.pem(Chmod 400 (chmod a+rwx,u-wx,g-rwx,o-rwx) sets permissions so that, (U)ser / owner can read, can't write and can't execute. (G)roup can't read, can't write and can't execute. (O)thers can't read, can't write and can't execute.)
  19. Enter the following command to log into your server using ssh
    • ssh -i  ~/Documents/pi2go.pem ubuntu@your.instance.ip
      • -i signifies that the next entry is the private key file
      • ubuntu is the default name on the Amazon instance
      • The ip is the one you wrote down or copied from the new Amazon instance
    • Type "yes" to add this key to your known hosts
  20. Enter:
    • sudo curl -sSL https://install.pi-hole.net | bash
    • Press enter until the installer starts working (defaults are fine)
    • Press OK when the installer returns to exit
  21. Enter:
    • pihole -a -p
    • This is the command to reset the password for the web interface
    • type and confirm your desired password
  22. Open a browser and navigate to http://your.instance.ip/admin
  23. Log into the web interface using the password you set
  24. (Optional for an expanded blocklist) If you wish, click on Group Management --> Adlists
    • Open this text file https://1drv.ms/u/s!AsRYx5wd83COjbdrq3rFcne-rhVz8w?e=MtczFr
    • Select All, Copy
    • paste the morass into the address box (it will add all at once)
    • Click Add
    • In your terminal, run:
      • pihole -g
      • this updates your server with the new blocklists and also serves to update exisiting ones.
  25. Enter:
    • sudo apt install unbound
      • installs unbound dns server from Ubuntu's repository
  26. Enter:
  27. Enter:
    • sudo service unbound restart 
    • dig pi-hole.net @ -p 5335
      • These commands start your local recursive server and test that it's operational.
  28. Enter:
    • dig sigfail.verteiltesysteme.net @ -p 5335
    • dig sigok.verteiltesysteme.net @ -p 5335
      • These commands test DNSSEC validation 
      • The first command should give a status report of SERVFAIL and no IP address. The second should give NOERROR plus an Iaddress.
  29. Go back to your pihole web interface, click on settings, then click the dns tab.
    • uncheck any of the other upstream dns providers and type the following into "Custom 1 (IPv4)":
    • click save
  30. Go back to your terminal (make sure you are still sshd into the amazon server)
  31. Enter:
  32. ssh back into your amazon server after a few minutes
  33. Enter:
    • pivpn add
    • type a name for your client
  34. Enter
    • pivpn -qr
    • select your client
  35. Install wireguard from your app store
  36. press the plus button 
  37. touch scan from qr code
  38. Scan QR Code
  39. Enjoy -- If you are especially sassy (on ios anyway) to use the "On Demand" setting and have it automatically turn on depending on what networks you are connected to.
  40. If you go to your account page on aws and select billing preferences, you can set an alert if for some reason your instance starts incurring charges (I have not had that happen)  

Addendum for potentially better unbound performance 

  • Log into pihole admin, navigate to settings, dns, make sure dnssec is unchecked 
    • there is no reason for the pihole to check for dnssec as it will be taken care of by unbound. 
  • Enter: 
    • sudo nano /etc/dnsmasq.d/01-pihole.conf 
    • add a line or change the value of cache-size=0 


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.