Here you can find some useful shell scripts in order to setup WireGuard VPN server and Pi-hole network-wide ad blocker on a Linux server as easily as possible.
A VPN (Virtual private network) extends your private network (e.g. the LAN in your office) across a public network (usually the Internet) so that the remote or mobile users and branch offices can connect to the private network remotely through the Internet in a secure way and access to corporate applications and private resources such as IP cameras, fax machines, private servers, etc.
The major applications of VPNs are:
- Remote access to corporate resources such as shared documents in a private network, printers, fax machines, IP cameras, private servers etc.
- Encrypt your transfering data and make your internet surfing more secure in a public unsecure Internet connection. (e.g. WIFI connection in hotels)
- Stay anonymous on the Internet.
- Get around Internet censorship, geo-blocking and sanctions in some countries.
There are a bunch of tunneling protocols in order to make a VPN. For example PPTP, L2TP, IKEv2/IPSec, OpenVPN and of course WireGuard.
Among these all, WireGuard seems to be the most interesting. It is lite (about 4,000 lines of code), fast and secure. So in 2020, WireGuard was officially added to the Linux kernel 5.6 release (so also Android kernels) by Linus Torvalds.
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole, intended for use on a private network.
The application acts as a DNS server for a private network (replacing any pre-existing DNS server provided by another device or the ISP), with the ability to block advertisements and tracking domains for users' devices without installing any client-side software.
Because Pi-hole blocks domains at the network level, it is able to block advertisements, such as banner advertisements on a webpage, but it can also block advertisements in unconventional locations, such as on Android, iOS and smart TVs.
Using VPN services, Pi-Hole can block domains without using a DNS filter setup in a router. Any device that supports VPN can use Pi-Hole on a cellular network or a home network without a DNS server configured.
Here you can follow the instructions step by step to setup a VPN/AdBlocker server using WireGuard and Pi-hole.
WireGuard and Pi-hole are really lite softwares so that you can run them on a lite Linux instance with 1 vCore and 1GB of RAM without any problem.
The scripts are tested on Ubuntu 20.04 but you can run them on Debian, Fedora, CentOS and Arch Linux.
You can buy a cheap Linux IaaS from these cloud providers for the VPN server:
| Cloud Provider | Location | Price (starting at) | Traffic |
|---|---|---|---|
| Vultr | Worldwide (USA is recommended because of sanctions!) | $3.50/month | - |
| Digital Ocean | Worldwide (USA is recommended because of sanctions!) | $5/month | - |
| Hetzner | Germany (Finland did not work as VPN server for me!) | €3/month | 20 TB |
Run the following commands to download the scripts:
wget -O - https://github.com/xei/wireguard-setup-scripts/archive/master.tar.gz | tar xz
cd wireguard-setup-scripts-master
Run the following command to setup the WireGuard server:
sudo ./setup-wireguard-server.sh
You have to answer some questions in order to configure the server. However you can leave the default values.
Enter a private IPv4 for WireGuard server: 10.0.0.1
Enter a private IPv6 for WireGuard server: fd42:42:42::1
Enter a port [1-65535] for WireGuard to listen: 51820
Enter a name for WireGuard network interface: wg0
When you see the message WireGuard is setup successfully. you can go on.
Run the following command to start Pi-hole installer:
sudo ./setup-pihole.sh
For more information about installer wizard vistit the official documentation.
Run the following command to create a new client (here named xei-pc):
sudo ./create-new-peer.sh xei-mobile
This command will generate a QR code that can be scanned by Wireguard client mobile application. It also generate a config file in /etc/wireguard/peers/xei-mobile/ directory that can be used instead of the QR code.
Note that you can not connect to the VPN as one client with more than one devices at the same time. You have to create different clients for different devices. for example xei-pc and xei-mobile.
You have to modify the client's config file and change
DNSsection to something like1.1.1.1or8.8.8.8if you are not going to setupPi-holeor other DNS servers.
You can remove a client by running the following command:
sudo ./revoke-peer.sh xei-mobile
xei-mobile is the name of the client you want to remove.
You can remove the WireGuard server completely by running the following command:
sudo ./remove-wireguard-server.sh
Note that the above script will remove the directory /etc/wireguard and its contents including all peers' config files. Backup the direcory if it is necessary.
Note that the above script will not remove Pi-hole. In order to remove Pi-hole visit its official documentation.
When you create a new peer (client) with the above command, a config file will be generated in /etc/wireguard/peers/client-name/ directory that should be imported to WireGuard client application.
WireGuard client application is available in almost all platforms:
Download WireGuard client application for Windows
Download WireGuard client application for macOS
Download WireGuard client application for Linux
Download WireGuard client application for Android
Download WireGuard client application for iOS
This repository is heavily inspired by a great similar repository by angristan.
Give a ⭐ if this project helped you!