diff --git a/docs/guides/vpn/Android-Connected.png b/docs/guides/vpn/Android-Connected.png new file mode 100644 index 0000000..e87ab34 Binary files /dev/null and b/docs/guides/vpn/Android-Connected.png differ diff --git a/docs/guides/vpn/Android-Import-1.png b/docs/guides/vpn/Android-Import-1.png new file mode 100644 index 0000000..64495b7 Binary files /dev/null and b/docs/guides/vpn/Android-Import-1.png differ diff --git a/docs/guides/vpn/Android-Import-2.png b/docs/guides/vpn/Android-Import-2.png new file mode 100644 index 0000000..99a18e8 Binary files /dev/null and b/docs/guides/vpn/Android-Import-2.png differ diff --git a/docs/guides/vpn/Android-Import-3.png b/docs/guides/vpn/Android-Import-3.png new file mode 100644 index 0000000..e086196 Binary files /dev/null and b/docs/guides/vpn/Android-Import-3.png differ diff --git a/docs/guides/vpn/Android-Import-4.png b/docs/guides/vpn/Android-Import-4.png new file mode 100644 index 0000000..3e58a8c Binary files /dev/null and b/docs/guides/vpn/Android-Import-4.png differ diff --git a/docs/guides/vpn/Android-Pi-hole.png b/docs/guides/vpn/Android-Pi-hole.png new file mode 100644 index 0000000..14ac359 Binary files /dev/null and b/docs/guides/vpn/Android-Pi-hole.png differ diff --git a/docs/guides/vpn/NetworkManager1.png b/docs/guides/vpn/NetworkManager1.png new file mode 100644 index 0000000..4b5082f Binary files /dev/null and b/docs/guides/vpn/NetworkManager1.png differ diff --git a/docs/guides/vpn/NetworkManager2.png b/docs/guides/vpn/NetworkManager2.png new file mode 100644 index 0000000..2c59b27 Binary files /dev/null and b/docs/guides/vpn/NetworkManager2.png differ diff --git a/docs/guides/vpn/NetworkManager3.png b/docs/guides/vpn/NetworkManager3.png new file mode 100644 index 0000000..ac08f45 Binary files /dev/null and b/docs/guides/vpn/NetworkManager3.png differ diff --git a/docs/guides/vpn/NetworkManager4.png b/docs/guides/vpn/NetworkManager4.png new file mode 100644 index 0000000..6c19c66 Binary files /dev/null and b/docs/guides/vpn/NetworkManager4.png differ diff --git a/docs/guides/vpn/NetworkManager5.png b/docs/guides/vpn/NetworkManager5.png new file mode 100644 index 0000000..ca0e360 Binary files /dev/null and b/docs/guides/vpn/NetworkManager5.png differ diff --git a/docs/guides/vpn/NetworkManager6.png b/docs/guides/vpn/NetworkManager6.png new file mode 100644 index 0000000..d17e636 Binary files /dev/null and b/docs/guides/vpn/NetworkManager6.png differ diff --git a/docs/guides/vpn/NetworkManager7.png b/docs/guides/vpn/NetworkManager7.png new file mode 100644 index 0000000..5564cdc Binary files /dev/null and b/docs/guides/vpn/NetworkManager7.png differ diff --git a/docs/guides/vpn/VPNclients.png b/docs/guides/vpn/VPNclients.png new file mode 100644 index 0000000..7b12de0 Binary files /dev/null and b/docs/guides/vpn/VPNclients.png differ diff --git a/docs/guides/vpn/VPNdashboard.png b/docs/guides/vpn/VPNdashboard.png new file mode 100644 index 0000000..3f48580 Binary files /dev/null and b/docs/guides/vpn/VPNdashboard.png differ diff --git a/docs/guides/vpn/android-client.md b/docs/guides/vpn/android-client.md index 6e2b037..f098074 100644 --- a/docs/guides/vpn/android-client.md +++ b/docs/guides/vpn/android-client.md @@ -5,18 +5,18 @@ 3. Copy the mentioned file (`/root/android.ovpn`) to your Android device (e.g. SD card) and import it in the app: - ![](http://www.dl6er.de/pi-hole/openVPN/Android-Import-1.png) + ![](Android-Import-1.png) - ![](http://www.dl6er.de/pi-hole/openVPN/Android-Import-2.png) + ![](Android-Import-2.png) - ![](http://www.dl6er.de/pi-hole/openVPN/Android-Import-3.png) + ![](Android-Import-3.png) - ![](http://www.dl6er.de/pi-hole/openVPN/Android-Import-4.png) + ![](Android-Import-4.png) 4. Connect to your OpenVPN server - ![](http://www.dl6er.de/pi-hole/openVPN/Android-Connected.png) + ![](Android-Connected.png) 5. You are ready to go! - ![](http://www.dl6er.de/pi-hole/openVPN/Android-Pi-hole.png) \ No newline at end of file + ![](Android-Pi-hole.png) \ No newline at end of file diff --git a/docs/guides/vpn/clients.md b/docs/guides/vpn/clients.md index c811813..9637791 100644 --- a/docs/guides/vpn/clients.md +++ b/docs/guides/vpn/clients.md @@ -62,14 +62,14 @@ You will need: * TA Key: `/etc/openvpn/ta.key` Further details can be found in the screenshots provided below: -![](http://www.dl6er.de/pi-hole/openVPN/conn_type.png) -![](http://www.dl6er.de/pi-hole/openVPN/keys.png) -![](http://www.dl6er.de/pi-hole/openVPN/general.png) -![](http://www.dl6er.de/pi-hole/openVPN/security.png) -![](http://www.dl6er.de/pi-hole/openVPN/tls.png) +![](NetworkManager3.png) +![](NetworkManager4.png) +![](NetworkManager5.png) +![](NetworkManager6.png) +![](NetworkManager7.png) Your whole network traffic will now securely be transferred to your Pi-hole. -![](http://www.dl6er.de/pi-hole/openVPN/VPNclients.png) +![](VPNclients.png) ### Windows diff --git a/docs/guides/vpn/dual-operation.md b/docs/guides/vpn/dual-operation.md index ac53990..9b546a3 100644 --- a/docs/guides/vpn/dual-operation.md +++ b/docs/guides/vpn/dual-operation.md @@ -67,4 +67,4 @@ rtt min/avg/max/mdev = 18.740/18.894/19.017/0.189 ms ### Important last step The undocumented `pihole -a -i all` command is simply what runs when you choose _Listen on all interfaces, permit all origins (make sure your Pi-hole is firewalled)_, which if you've read this far in the tutorial, you should understand that we don't want you to knowingly or unknowing set up an open resolver. -![screenshot at 2017-07-08 01-20-28](https://user-images.githubusercontent.com/16748619/27980105-b11fbc3c-637b-11e7-843e-4ec6702d6286.png) \ No newline at end of file +![screenshot](listening-behavior.png) \ No newline at end of file diff --git a/docs/guides/vpn/listening-behavior.png b/docs/guides/vpn/listening-behavior.png new file mode 100644 index 0000000..1aa82c0 Binary files /dev/null and b/docs/guides/vpn/listening-behavior.png differ diff --git a/docs/guides/vpn/only-dns-via-vpn.md b/docs/guides/vpn/only-dns-via-vpn.md index 665d32c..a71d56b 100644 --- a/docs/guides/vpn/only-dns-via-vpn.md +++ b/docs/guides/vpn/only-dns-via-vpn.md @@ -17,7 +17,7 @@ Remember to replace the locations of your keys and the address/host name of your When using the Network Manager, you will have to do some additional setting on the client side of things: -![](http://www.dl6er.de/pi-hole/openVPN/local.png) +![](NetworkManager1.png) #### Alternative 1: Disable Network Manager's internal DNS server @@ -36,7 +36,7 @@ When connecting your DNS server will now be properly picked up and used by your You can also set the address of the DNS server manually (use the device which actually connects to the internet, e.g. `eth0`): -![](http://www.dl6er.de/pi-hole/openVPN/manualDNS.png) +![](NetworkManager2.png) After doing either alternative, you should see: ``` @@ -46,7 +46,7 @@ pi.hole has IPv6 address A:B:C:D:E:F (outside address of your VPN server) The web interface of your Pi-hole will be visible at `http://pi.hole/admin/` (even with the recommended firewall configuration mentioned on another subpage) -![](http://www.dl6er.de/pi-hole/openVPN/VPNdashboard.png) +![](VPNdashboard.png) --- ## Troubleshooting diff --git a/docs/guides/vpn/overview.md b/docs/guides/vpn/overview.md index 90b987d..30fe149 100644 --- a/docs/guides/vpn/overview.md +++ b/docs/guides/vpn/overview.md @@ -1,29 +1,21 @@ >This tutorial is tailored for setting up OpenVPN on a cloud-hosted virtual server (such as [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1)). If you wish to have this working on your home network, you will need to tailor Pi-hole to listen on `eth0` (or similar), which we explain in [this section of the tutorial](dual-operation.md). -# High-level Overview +### High-level Overview Using a VPN is a responsible, respectful, and safe way to access your Pi-hole's capabilities remotely. Setting up a DNS server has become a simple task with Pi-hole's automated installer, which has resulted in many people knowingly--or unknowingly--creating an open resolver, which aids in DNS Amplification Attacks. We do not encourage open resolvers but there are always people wanting access to their ad-blocking capabilities outside of their home network, whether it's on their cellular network or on an unsecured wireless network. This article aims to provide a step-by-step walk-through on setting up a server running Pi-hole and OpenVPN so you can connect to your Pi-hole's DNS from anywhere. This guide should work for a private server installed on your private network, but it will also work for cloud servers, such as those created on [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1). -**This tutorial walks you through the installation of Pi-hole combined with an VPN server for secure access from remote clients**. Via this VPN, you can: +**This tutorial walks you through the installation of Pi-hole combined with an VPN server for secure access from remote clients**. + +Via this VPN, you can: - use the DNS server and full filtering capabilities of your Pi-hole from everywhere around the globe - access your admin interface remotely - encrypt your Internet traffic -If you don't want a full-tunnel, we provide a wiki of how to [set up your server to exclusively route DNS traffic, but nothing else via the VPN](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Only-route-DNS-via-VPN). On another optional page, we describe how to set up Pi-hole + VPN in such a way that it is [usable both locally (no VPN) and from remote (through VPN)](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Dual-operation:-LAN-&-VPN-at-the-same-time), while preserving full functionality. +If you don't want a full-tunnel, we provide a wiki of how to [set up your server to exclusively route DNS traffic, but nothing else via the VPN](only-dns-via-vpn.md). On another optional page, we describe how to set up Pi-hole + VPN in such a way that it is [usable both locally (no VPN) and from remote (through VPN)](dual-operation.md), while preserving full functionality. -## End Result - -You will have access to a VPN that uses Pi-hole for DNS and tunnels some or all of your network traffic - -1. [Install OpenVPN + Pi-hole](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Installation) -2. [Configure OpenVPN to use Pi-hole for DNS queries](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Setup-OpenVPN-server) -3. [Configure your client devices](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Connect-from-a-client) -4. [(optional) Secure the server with firewall rules (`iptables`)](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Firewall-configuration-(using-iptables)) -5. [(optional) Route _only_ DNS via the VPN](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Only-route-DNS-via-VPN) -6. [(optional) Dual operation: simultaneous LAN and VPN](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Dual-operation:-LAN-&-VPN-at-the-same-time) -7. [(optional) Set up Dynamic DNS host name](https://github.com/pi-hole/pi-hole/wiki/Set-up-a-dynamic-DNS-host-name) +In the end, you will have access to a VPN that uses Pi-hole for DNS and tunnels some or all of your network traffic --- ->Note that this manual is partially based on this [HowTo](https://discourse.pi-hole.net/t/pi-hole-with-openvpn-vps-debian/861) on [Discourse](https://discourse.pi-hole.net). +This manual is partially based on this [HowTo](https://discourse.pi-hole.net/t/pi-hole-with-openvpn-vps-debian/861) on [Discourse](https://discourse.pi-hole.net). diff --git a/docs/guides/vpn/setup-openvpn-server.md b/docs/guides/vpn/setup-openvpn-server.md index f79d4d4..5d5b745 100644 --- a/docs/guides/vpn/setup-openvpn-server.md +++ b/docs/guides/vpn/setup-openvpn-server.md @@ -2,7 +2,7 @@ First, find the IP of your `tun0` interface: -On jessie +On Jessie ``` ifconfig tun0 | grep 'inet addr' ``` @@ -65,8 +65,3 @@ Client name: iphone7 ``` This will generate a `.ovpn` file, which needs to be copied to your client machine (often times using the OpenVPN app). This process also generates a few other files found in `/etc/openvpn/easy-rsa/pki/`, which make public key authentication possible; you only need to worry about the `.ovpn` file, though. - -*** -### Next Steps - -Next, [configure your client devices](https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Connect-from-a-client) to use the VPN.