Having a hard time figuring out to set up a a VPN Service like Ghost VPN or Nordvpn with PiHole.
Currently I have installed PiHole with unbound and pivpn to tunnel my traffic back to my home network for times that I am outside of my house.
However, with this setup I don’t think I can use the VPN service on my devices. Is there a way to set up a VPN Service such that my isp can’t see my traffic… some thing like the following…
Device–> pihole-> vpn service (cyberghost) → internet
can the raspberry pi act aa a vpn router down stream from the pihole?
Any help is greatly appreciated.
Ideally you would want VPN software running in client mode on your router to tunnel the traffic from your home network through the VPN after the DNS is filtered by pihole. Not all routers support this. Note that your internet traffic does not actually go through the pihole.
Ahh ok… is there a way to run the vpn software on the same raspberry pi? Or maybe a different one? Such that I can route traffic from pi hole raspberry to the one with the vpn? My router doesn’t support the option to run vpn software
Tldr: yes it should be possible, but it requires some fairly good networking skills…
It is possible but it may require another physical ethernet interface on the pi. Installing VPN software on the router is definitely the easier option.
You would need the VPN to be in client mode and you would also need the proper routing in place so that the traffic is sent to the pi first, then the pi sends the traffic through the VPN tunnel, which will travel encrypted through your router out to the internet. That will probably be the trickiest part to get right. Remember a packet needs a route to get to it’s destination, but it also needs a complete route back to get any response. Even seasoned networking people sometimes forget that.
You could have it such that your router supplies IPs to the non-vpn network, including one interface on the pi. Then the other interface of the pi would be static in another network range. Pihole could supply that network with IPs using the builtin DHCP server and of course DNS. Since it is the gateway to that secondary network, it can direct all traffic going out to the internet over the VPN.
Look at the documentation for OpenVPN. Your situation is probably like the section called “Including multiple machines on the client side when using a routed VPN (dev tun)” on this page, although this is geared toward connecting to a VPN server that you control. You can get around this by setting up NAT on the machine running OpenVPN (the pi) so the other end thinks all requests came from the client and the client can send the responses back to where they came from.
If that is too confusing, then it will be much easier for you to simply buy a different router that supports VPN (or add a firewall appliance or use a small pc with at least 2 network ports plus a firewall OS like opnsense, pfsense, ipfire, etc…)