Setting Up an Ad-Blocking VPN with WireGuard and Pihole

I found DNS ad-blocking solutions to be pretty lackluster and lots of ads were still getting through. With uBlock Origin only sites ahead of the curve were getting their ads through (porn sites, facebook, etc.). Couple this with Bypass Paywalls[1] browser extension and the web is pretty usable.<p>I also tried to go one step further and setup mitm-proxy to man in the middle all of my traffic to see if I could do more invasive but thorough ad filtering. Certificate pinning from the likes of instagram, facebook, apple, and google really stymied this approach. So all in all, I don&#x27;t see much benefit from DNS adblocking instead of ublock origin.<p>1 - <a href="https:&#x2F;&#x2F;github.com&#x2F;iamadamdev&#x2F;bypass-paywalls-chrome" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;iamadamdev&#x2F;bypass-paywalls-chrome</a>

The rationale stated for this work is preventing ISPs from being able to monitor and potentially sell information about Internet usage, which is reasonable and worthwhile. But by hosting a VPN with a third party, haven&#x27;t we simply reassigned the same responsibility to someone else rather than absolve it? Is Digital Ocean more trustworthy than, say Cox Communications? How is this risk to be calculated, especially by a layperson?<p>I believe low-latency anonymizing networks like Tor might be a better more suited for accomplishing the task of obscuring one&#x27;s own network traffic. In fact, I&#x27;m typing this comment from Firefox with uBlock Origin configured to use a Tor SOCKS proxy which is always running locally - eliminating ads and making little attributable netflow in my wake.

Tangentially related: The best feature of FireFox Focus for iOS is that it also works as a free, local-only (no VPN routing) ad-blocker for Mobile Safari. So, you can install it, never actually run it, and it makes Safari so much more usable.<p>Probably works similarly for Android

Seemingly every other week for months now a Pihole post makes the front page on HN. Every time I wonder why. IMO, it&#x27;s just a DNS black hole with a slick interface.<p>Before adblockers came along I had a script that updated my hosts file. I then moved to a DNS black hole but it’s been more than a decade since I’ve used either solution.<p>Do you people have that many hostile IoT &#x2F; Smart thingies connected to your networks? Are you just unwilling to pay for the ad-free versions of apps. Are you using apps&#x2F;services on these devices that don’t offer an ad-free option, if so why? I’m genuinely curious.

Pihole is run by people who have no idea what they are doing.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;pi-hole&#x2F;pi-hole&#x2F;issues&#x2F;2704" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;pi-hole&#x2F;pi-hole&#x2F;issues&#x2F;2704</a><p><a href="https:&#x2F;&#x2F;github.com&#x2F;pi-hole&#x2F;pi-hole&#x2F;pull&#x2F;2706" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;pi-hole&#x2F;pi-hole&#x2F;pull&#x2F;2706</a>

I use <a href="https:&#x2F;&#x2F;github.com&#x2F;dan-v&#x2F;algo" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;dan-v&#x2F;algo</a> fork which has Wireguard VPN and PiHole combined. It takes minutes to spin up a Digital Ocean VPN and have it working on all my devices. I&#x27;m very happy with this setup.

algo is great for an automated setup of a secure Wireguard(and IPsec) server with ad-blocking capabilities. DNS adblocking is necessary to block tracking in iOS apps. Content Blockers only work with Safari.

I setup a similar system but with IPSec (<a href="https:&#x2F;&#x2F;github.com&#x2F;jawj&#x2F;IKEv2-setup" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jawj&#x2F;IKEv2-setup</a>) and Pi-Hole on DO. The best part is that the linked IPSec setup is trivial to install and also generates profile files that leverage the OS VPN capability in any iOS device without needing to install extra apps (and also force VPN connectivity by default so you don&#x27;t need to remember to enable it)

I wrote a couple of bash scripts to easily configure WireGuard server and hosts. Automatically generates keys and puts them in correct configs. Adds client info to the server config as an option. As a bonus it can configure some iptables to enable NAT, vpn tracking, etc.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;SirToffski&#x2F;WireGuard-Ligase" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;SirToffski&#x2F;WireGuard-Ligase</a>

I did something similar by installing Wireguard as part of Streisand and then PiHole on a VPS. One caveat was this combination accepted public DNS queries by default. You would need to block it on your own. Otherwise the experience was good for various connection scenarios and adblocking was a breeze.<p>Now I am using Algo + Steven&#x27;s hosts files for the similar idea. No complaint thus far yet.

I setup PiHole and removed it about 2-3 days later. UBlock Origin is perfect for laptops, but I wanted to see if it&#x27;d block YouTube ads and similar on my Smart TV and mobile devices - it didn&#x27;t. If anything it just caused me grief by interfering with non-ad web services, so I canned it and everything started working again.<p>I need UBlock Origin as a remote proxy.

Does it bypass &quot;Please unblock or you won&#x27;t see any content&quot; type of web behaviors?

I&#x27;m using this setup as well (I have Ansible to do it), but for some websites those use Akamai CDN will block you if your exit IP is from well-known networks like VPN providers, AWS, DO, etc.

Also was hyped about the setup and did Cloudflared + Pihole + Wireguard via dokku.<p>Wireguard is super cool. Hoping for an official windows client and then all the platforms I use are covered :)

With a VPN, you also have the option to do IP blocking, though I guess the blocklists are not as well developed.

Which VPS provider(s) offers the best cost&#x2F;speed&#x2F;bandwidth ratios?