Comments (5)
Brilliant!
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
Yes, this is possible. Do you have a static IP? It is important to do this very carefully, because creating a public DNS resolver is frowned upon, open dns resolvers can be the targets of cache poisoning attacks.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
Yes, I'd want to do this and restrict on the server side to only my IP ranges.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
This is how you would do it. Follow these portions of the guide:
- Google Cloud Login and Account Creation
- Compute Engine Virtual Machine Setup
- Debian Update & Upgrade
- Pi-Hole Installation
After completing the Pi-Hole Installation step, go to http://your-external-ip/admin/settings.php?tab=dns
and click Settings and navigate to DNS. Under Interface Listening Behavior you want to choose the 3rd radio button: Listen on all interfaces, permit all origins. I want to bring your attention to the warning here:
this option should not be used on devices which are directly connected to the Internet. This option is safe if your Pi-hole is located within your local network, i.e. protected behind your router, and you have not forwarded port 53 to this device. In virtually all other cases you have to make sure that your Pi-hole is properly firewalled.
To ensure everything is properly firewalled:
- Log into Google Cloud Console: https://console.cloud.google.com/
- Ensure your Project is selected in the blue bar at the top (next to the words "Google Cloud Console); by default it should be
- Click the Hamburger Menu at the top left, click VPC Network and click Firewall Rules
- Click default-allow-http in the table
- Click Edit at the top of the page
- Add the static IP address from the location you plan on accessing Pi-Hole from, this is going to protect your admin panel
- Click the Save button
- Click the Hamburger Menu at the top left, click VPC Network and click Firewall Rules
- Click Create Firewall Rule at the top of the page
- Set the Name to
allow-dns
, set your static IP address from the location you plan on making your DNS queries from under Source filter, and enable both the tcp and udp checkboxes. In the Input field beside tcp: write53
, and in the Input field beside udp: write53
. - Click Save.
You can use "your-external-ip" that Google Compute Engine has assigned to you as your DNS server now. You will not be able to use the Private DNS Server option on Android 9, even if you map a hostname to the Google Compute Engine IP address, because your cellular provider will not give you a static IPv4 address on your mobile phone. You can define the DNS server on WiFi networks, however.
Feel free to close this issue if this answers your question, happy to elaborate further if needed.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
@rajannpatel - First of all thanks for your awesome guide! Superb work!
In addition to what is discussed in this issue, I was just wondering if one can possibly setup an OpenVPN server on home router and connect GCP VM with PiHole to it using OpenVPN client & use its IP as DNS server?
I have just basic networking knowledge so don't know whether this would be a recommended way to do it, though I would really love to have your inputs on this.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
Related Issues (20)
- Question - Mikrotik support
- VPN Works Fine But Ads Still Show
- Following steps for PiVPN install leads to Entering Cutom Domain HOT 2
- Ubuntu 18.04 Gnome config issues HOT 1
- Unable install app or download Gmail attachments while connected to VPN HOT 2
- I could not get the full vpn to work from windows unless I recreated the google VM with a new network interface with "Forwarding = ON" HOT 5
- guide how to setup Split Tunnel VPN on DD-WRT ROUTERS
- Suggestion: Fees warning for users outside North-America.
- Updated install guide with Wireguard since PiVPN now supports it. HOT 2
- split tunnel not working HOT 1
- TCP 443 Full Tunnel and TCP 443 Split Tunnel does NOT work from Windows 10 HOT 1
- Guide feedback HOT 5
- Non-working tcp443 profile HOT 2
- Can't install since Pi-hole v5 HOT 2
- how to delete/disable a client from the server? HOT 1
- systemctl enable openvpn@server_tcp443.service HOT 1
- throttled... HOT 2
- CN Verification fails out-of-the-box
- How to set Google cloud instance as a DNS Server & VPN HOT 2
- This guide nerver works with Google Cloud platform anymore !!! HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.