WireGuard is a new VPN software, which is described as It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache and using state-of-the-art cryptography. Pi-hole is a black hole for Internet advertisements, ie a server blocking advertisements at DNS level.

I have Pi-hole on my home network but wanted to have it also as DNS server on my phone when I am not at home. As I have a bad DSL connection, I can not rely on my home server. So I put Pi-hole on a VPS server I rent: it works, flawlessly.
Nevertheless, it was an open DNS resolver, which can be used to amplify DDoS attacks; there is already 2212 unsecured Pi-hole on the Internet, so I do not want to add another one.

Pi-hole provides documentation to use OpenVPN, even to redirect only DNS requests but it is not efficient on a phone as it is not a stateless connection, so it consumes battery; moreover, GSM/Wifi switch is not really handled, you have to reconnect. The solution comes from WireGuard which is stateless, and provides Android & iOS apps. I struggle to configure everything, so here is what I did: