Pihole, OpenVPN, DNSCrypt

Preparing the Pi

Fixing iptables

On the Kali linux pi image I used, I had to fix iptables to use a legacy NAT mode:

$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
  0            /usr/sbin/iptables-nft      20        auto mode
* 1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

Initially, 0 was selected. Select the one called iptables-legacy.

Installing OpenVPN

wget https://git.io/vpn -O openvpn-install.sh
chmod 755 openvpn-install.sh
sudo ./openvpn-install.sh

This will ask you which interface the openvpn server should bind to. Select the one that is public-facing (the internet).

I used the default port 1194, defaults for everything else.

Checking OpenVPN Interface

OpenVPN will create a tun0 interface. Get its IP address:

ifconfig tun0 | grep 'inet'

Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection.

Edit /etc/openvpn/server.conf

Add the tun0 interface by adding the line

push "dhcp-option DNS <IP-ADDR-OF-TUN0-INTERFACE>"

Also comment out any other push "dhcp-option DNS lines.

Now restart the OpenVPN server:

sudo systemctl restart openvpn