WireGuard is a new VPN software, which is
described as
It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache and using state-of-the-art cryptography
.
Pi-hole is a black hole for Internet advertisements
,
ie a server blocking advertisements at DNS level.
I have Pi-hole on my home network but wanted to have it also as DNS server on my
phone when I am not at home. As I have a bad DSL connection, I can not rely on
my home server. So I put Pi-hole on a VPS server I rent: it works, flawlessly.
Nevertheless, it was an open DNS resolver, which can be used to
amplify DDoS attacks; there is
already 2212 unsecured Pi-hole on
the Internet, so I do not want to add another one.
Pi-hole provides documentation to use OpenVPN, even to redirect only DNS requests but it is not efficient on a phone as it is not a stateless connection, so it consumes battery; moreover, GSM/Wifi switch is not really handled, you have to reconnect. The solution comes from WireGuard which is stateless, and provides Android & iOS apps. I struggle to configure everything, so here is what I did: