Pi-hole Wireguard VPN in Azure

This guide outlines the steps for setting up a Pi-hole VPN with Wireguard on an Azure virtual machine (VM). We will cover creating the VM, configuring Wireguard, and installing Pi-hole

Create a New Resource Group

To create a new resource group, run:

az group create --name rg-phwg-vpn --location uksouth

Create a Virtual Machine

Now, create your virtual machine with the following command:

az vm create --name vm-phwg --resource-group rg-phwg-vpn --image ubuntu2204 --admin-username ubuntu --public-ip-address vm-phwg-ip --public-ip-address-allocation static --generate-ssh-keys

This command will also generate SSH key files, enabling SSH access to your VM.

Open Port for Wireguard

Next, open port 4400, which will be used for Wireguard:

az vm open-port --port 4400 --resource-group rg-phwg-vpn --name vm-phwg

Check Public IP

To check your VM's public IP address, use:

az network public-ip show --resource-group rg-phwg-vpn --name vm-phwg --query '[ipAddress,publicIpAllocationMethod,sku]' --output table

Step 2: Set Up Wireguard

SSH into the VM

Connect to your VM via SSH using the public IP address from the previous step:

ssh -i ~/.ssh/id_rsa ubuntu@<your-public-ip>

Update and Install UFW

Update your system and install UFW (Uncomplicated Firewall):

sudo apt update && sudo apt upgrade && sudo apt install ufw

Configure UFW

Allow SSH and the VPN port through UFW:

sudo ufw allow 22
sudo ufw allow 4400
sudo ufw enable

Install Wireguard

Use the PiVPN script to install Wireguard:

curl -L https://install.pivpn.io | bash

Configure DNS Settings

Edit the DNS settings:

sudo nano /etc/systemd/resolved.conf

Uncomment the DNS line and add your preferred DNS servers:

DNS=1.1.1.1 9.9.9.9

Symlink the Systemd Resolve File

Run the following commands to symlink the resolve file:

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl stop systemd-resolved
sudo systemctl start systemd-resolved

If you encounter an error like "unable to resolve host", resolve it by editing the hosts file:

sudo nano /etc/hosts

Add the following line:

127.0.0.1 vm-phwg

Verify the DNS Settings

You can verify the DNS settings by running:

dig google.com | grep "SERVER"

Step 3: Configure Wireguard

After installing Wireguard, configure new clients using the pivpn command:

pivpn -a
pivpn -qr

Step 4: Set Up Pi-hole

Install Pi-hole

Pull and execute the Pi-hole installation script:

sudo curl -sSL https://install.pi-hole.net | bash

After installation, access the Pi-hole admin interface at http:///admin.

Configure UFW for Pi-hole

Allow DNS Traffic (Port 53) To allow DNS traffic from your VPN network, run:
```
sudo ufw allow from 10.78.120.1/24 to any port 53
```
Allow HTTP Traffic (Port 80) To access the Pi-hole admin interface, allow HTTP traffic on port 80:
```
sudo ufw allow from 10.78.120.1/24 to any port 80
```

With these changes, Pi-hole should be set up and ready to block ads while being accessible through your VPN network.

Step 5: Resize VM to Save Costs

Resize your VM to a smaller size to save costs:

az vm resize --resource-group rg-phwg-vpn --name vm-phwg --size Standard_DS3_v2

Step 6: Configure VPN on Windows 11

Copy Configuration File

Use scp to copy the Wireguard client configuration file from your VM to your local Windows machine:

scp <username>@<public-ip>:/home/ubuntu/configs/<client>.conf C:\users\<username>\Downloads

Replace <username> with your VM’s username, <public-ip> with your VM’s public IP address, and <client> with the specific client configuration file name.

Install Wireguard App

Download and Install Wireguard Go to the Wireguard website and download the Windows app. Install the application on your Windows 11 machine.
Import the Configuration File Open the Wireguard app, click on Import Tunnel(s), and select the .conf file you transferred. This will set up the VPN profile in the app.
Connect to the VPN With the configuration imported, click Activate to connect to the VPN.

By completing these steps, you should now have a functional Pi-hole VPN configured on your Windows 11 machine.

PreviousKusto Hints & Strategies NextBash Scripting Cheat Sheet

Last updated 4 months ago

Pi-hole Wireguard VPN in Azure

This guide outlines the steps for setting up a Pi-hole VPN with Wireguard on an Azure virtual machine (VM). We will cover creating the VM, configuring Wireguard, and installing Pi-hole

Create a New Resource Group

To create a new resource group, run:

az group create --name rg-phwg-vpn --location uksouth

Create a Virtual Machine

Now, create your virtual machine with the following command:

az vm create --name vm-phwg --resource-group rg-phwg-vpn --image ubuntu2204 --admin-username ubuntu --public-ip-address vm-phwg-ip --public-ip-address-allocation static --generate-ssh-keys

This command will also generate SSH key files, enabling SSH access to your VM.

Open Port for Wireguard

Next, open port 4400, which will be used for Wireguard:

az vm open-port --port 4400 --resource-group rg-phwg-vpn --name vm-phwg

Check Public IP

To check your VM's public IP address, use:

az network public-ip show --resource-group rg-phwg-vpn --name vm-phwg --query '[ipAddress,publicIpAllocationMethod,sku]' --output table

Step 2: Set Up Wireguard

SSH into the VM

Connect to your VM via SSH using the public IP address from the previous step:

ssh -i ~/.ssh/id_rsa ubuntu@<your-public-ip>

Update and Install UFW

Update your system and install UFW (Uncomplicated Firewall):

sudo apt update && sudo apt upgrade && sudo apt install ufw

Configure UFW

Allow SSH and the VPN port through UFW:

sudo ufw allow 22
sudo ufw allow 4400
sudo ufw enable

Install Wireguard

Use the PiVPN script to install Wireguard:

curl -L https://install.pivpn.io | bash

Configure DNS Settings

Edit the DNS settings:

sudo nano /etc/systemd/resolved.conf

Uncomment the DNS line and add your preferred DNS servers:

DNS=1.1.1.1 9.9.9.9

Symlink the Systemd Resolve File

Run the following commands to symlink the resolve file:

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl stop systemd-resolved
sudo systemctl start systemd-resolved

If you encounter an error like "unable to resolve host", resolve it by editing the hosts file:

sudo nano /etc/hosts

Add the following line:

127.0.0.1 vm-phwg

Verify the DNS Settings

You can verify the DNS settings by running:

dig google.com | grep "SERVER"

Step 3: Configure Wireguard

After installing Wireguard, configure new clients using the pivpn command:

pivpn -a
pivpn -qr

Step 4: Set Up Pi-hole

Install Pi-hole

Pull and execute the Pi-hole installation script:

sudo curl -sSL https://install.pi-hole.net | bash

After installation, access the Pi-hole admin interface at http:///admin.

Configure UFW for Pi-hole

Allow DNS Traffic (Port 53) To allow DNS traffic from your VPN network, run:
```
sudo ufw allow from 10.78.120.1/24 to any port 53
```
Allow HTTP Traffic (Port 80) To access the Pi-hole admin interface, allow HTTP traffic on port 80:
```
sudo ufw allow from 10.78.120.1/24 to any port 80
```

With these changes, Pi-hole should be set up and ready to block ads while being accessible through your VPN network.

Step 5: Resize VM to Save Costs

Resize your VM to a smaller size to save costs:

az vm resize --resource-group rg-phwg-vpn --name vm-phwg --size Standard_DS3_v2

Step 6: Configure VPN on Windows 11

Copy Configuration File

Use scp to copy the Wireguard client configuration file from your VM to your local Windows machine:

scp <username>@<public-ip>:/home/ubuntu/configs/<client>.conf C:\users\<username>\Downloads

Replace <username> with your VM’s username, <public-ip> with your VM’s public IP address, and <client> with the specific client configuration file name.

Install Wireguard App

Download and Install Wireguard Go to the Wireguard website and download the Windows app. Install the application on your Windows 11 machine.
Import the Configuration File Open the Wireguard app, click on Import Tunnel(s), and select the .conf file you transferred. This will set up the VPN profile in the app.
Connect to the VPN With the configuration imported, click Activate to connect to the VPN.

By completing these steps, you should now have a functional Pi-hole VPN configured on your Windows 11 machine.

PreviousKusto Hints & Strategies NextBash Scripting Cheat Sheet

Last updated 4 months ago