I had to move my previous Wireguard VPN + Pi-hole ad blocker to another server,
but this time I was not able to expose Pi-hole DNS port (53) to the host
machine. It was also better to have Wireguard VPN inside a Docker container…
so I did!
As a reminder, Wireguard is a stateless and easy to configure VPN: share a pair
of public keys between the client(s) and server then you are good to go!
Moreover, stateless is great when used from a phone as there is no power-hungry
keep-alive like OpenVPN, nor reconnection time when switching from Wi-FI to 4G.
WireGuard is a new VPN software, which is
It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache and using state-of-the-art cryptography.
a black hole for Internet advertisements,
ie a server blocking advertisements at DNS level.
I have Pi-hole on my home network but wanted to have it also as DNS server on my
phone when I am not at home. As I have a bad DSL connection, I can not rely on
my home server. So I put Pi-hole on a VPS server I rent: it works, flawlessly.
Nevertheless, it was an open DNS resolver, which can be used to
amplify DDoS attacks; there is
already 2212 unsecured Pi-hole on
the Internet, so I do not want to add another one.
Pi-hole provides documentation
to use OpenVPN, even to redirect
only DNS requests but
it is not efficient on a phone as it is not a stateless connection, so it
consumes battery; moreover, GSM/Wifi switch is not really handled, you have to
reconnect. The solution comes from WireGuard which is stateless, and provides
& iOS apps. I struggle to configure
everything, so here is what I did: