PurSuiT Posted February 9, 2021 Share Posted February 9, 2021 Free PiVPN/Pihole/Unbound DNS Server for on-the-go using Linux (both the server and your computer) By: Badduxx (taken from WNYG Discord server 2/9/2021) Create the instance Create or sign into your AWS account In the services menu in the upper left part of the screen click EC2 Click Launch Instance Select Ubuntu Server 20.04 LTS (HVM), SSD Volume Type / x86 Select the entry that says “Free Tier Eligible” Click on the tab “6. Configure Security Group.” Click “Add Rule” Choose HTTP from the dropdown and specify port 80 in port range box This will allow for your http traffic to be sent and received on the server you are setting up so that your phone traffic can be forwarded successfully. Click “Add Rule” again and select custom UDP and specify port 51820 in port range box This is the port that Wireguard (which we will set up through PiVPN later in the directions) Put 0.0.0.0/0 in Source for the UDP Entry Click “Review and Launch” Click Launch Choose “Create a new keypair” from the drop down Type “pi2go” or some other word you will remember (the command line directions henceforth will use “pi2go.pem” Download Keypair to a place where you won’t delete it (I will use ~/Documents) Click Launch Click the instance ID link in the confirmation message, then again on the following Instance screen Copy/note the public IP address for your instance Open a terminal sudo chmod 400 ~/Downloads/pi2go.pem(Chmod 400 (chmod a+rwx,u-wx,g-rwx,o-rwx) sets permissions so that, (U)ser / owner can read, can't write and can't execute. (G)roup can't read, can't write and can't execute. (O)thers can't read, can't write and can't execute.) Enter the following command to log into your server using ssh ssh -i ~/Documents/pi2go.pem ubuntu@your.instance.ip -i signifies that the next entry is the private key file ubuntu is the default name on the Amazon instance The ip is the one you wrote down or copied from the new Amazon instance Type "yes" to add this key to your known hosts Enter: sudo curl -sSL https://install.pi-hole.net | bash Press enter until the installer starts working (defaults are fine) Press OK when the installer returns to exit Enter: pihole -a -p This is the command to reset the password for the web interface type and confirm your desired password Open a browser and navigate to http://your.instance.ip/admin Log into the web interface using the password you set (Optional for an expanded blocklist) If you wish, click on Group Management --> Adlists Open this text file https://1drv.ms/u/s!AsRYx5wd83COjbdrq3rFcne-rhVz8w?e=MtczFr Select All, Copy paste the morass into the address box (it will add all at once) Click Add In your terminal, run: pihole -g this updates your server with the new blocklists and also serves to update exisiting ones. Enter: sudo apt install unbound installs unbound dns server from Ubuntu's repository Enter: sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf Creates and opens the pi-hole.conf file used by unbound Copy and paste the stuff from this file: https://1drv.ms/t/s!AsRYx5wd83COjbdtM7on-ddnbcc5rg?e=rPF1Hq Ctrl+O Enter Ctrl-X Enter: sudo service unbound restart dig pi-hole.net @127.0.0.1 -p 5335 These commands start your local recursive server and test that it's operational. Enter: dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335 These commands test DNSSEC validation The first command should give a status report of SERVFAIL and no IP address. The second should give NOERROR plus an Iaddress. Go back to your pihole web interface, click on settings, then click the dns tab. uncheck any of the other upstream dns providers and type the following into "Custom 1 (IPv4)": 27.0.0.1#5335 click save Go back to your terminal (make sure you are still sshd into the amazon server) Enter: curl -L https://install.pivpn.io | bash Press enter until the end until it says to reboot. Now reboot. ssh back into your amazon server after a few minutes Enter: pivpn add type a name for your client Enter pivpn -qr select your client Install wireguard from your app store press the plus button touch scan from qr code Scan QR Code Enjoy -- If you are especially sassy (on ios anyway) to use the "On Demand" setting and have it automatically turn on depending on what networks you are connected to. If you go to your account page on aws and select billing preferences, you can set an alert if for some reason your instance starts incurring charges (I have not had that happen) Addendum for potentially better unbound performance Log into pihole admin, navigate to settings, dns, make sure dnssec is unchecked there is no reason for the pihole to check for dnssec as it will be taken care of by unbound. Enter: sudo nano /etc/dnsmasq.d/01-pihole.conf add a line or change the value of cache-size=0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.