IT Tips and TricksLinuxNetworkSelf Hosting

WireHole-UI – Set up a VPN Server with built-in ad blocking

by xthemes content creator
written by xthemes content creator 11 minutes read

I have shared many ways to set up WireGuard VPN Server on the blog:

Of these, wg-easy is my favorite choice to set up WireGuard VPN VPN because of its simplicity and friendly Web UI to create clients.

However, the problem that arises when connecting to the Internet through WireGuard VPN is that I can no longer use AdGuard Home’s ad filter. The reason is because the connection via WireGuard automatically switches to using Google’s DNS (8.8.8.8) hoặc Cloudflare (1.1.1.1)

(Interface)
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 10.6.0.2/24
DNS = 1.1.1.1
​
(Peer)
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 0.0.0.0/24
Endpoint = aaa.bbb.ccc.ddd:51820

In fact, I can change the DNS in the conf configuration file using the Raspberry Pi’s IP Address 192.168.0.5 installing AdGuard Home to block ads as follows:

(Interface)
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 10.6.0.2/24
DNS = 192.168.0.5
​
(Peer)
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 0.0.0.0/24
Endpoint = aaa.bbb.ccc.ddd:51820

This method only works when I connect via WireGuard VPN at home, with a direct network connection to AdGuard Home on Raspberry Pi. If using an external Wifi network or 4G, there is no way to block ads when connecting via VPN.

Therefore, I had to find a new solution so that I could both connect via WireGuard VPN and use an ad blocker to avoid being disturbed while surfing the web.

That’s the reason for today’s post: introduce to everyone WireGuard-UI – all-in-one solution: WireGuard VPN + DNS blocking ads

I. Introducing WireHole-UI

WireHole-UI is a fork created by me based on the original WireHole version – a combination tool WireGuard + Pi-Hole + Unbound works on Docker-Compose to create a VPN Server (WireGuard) solution with ad blocking ( via Pi-Hole*) and optimized DNS security (via Unbound).

* Pi-Hole is an ad blocking solution using DNS Server similar to Adguard Home.

I replaced the Linuxserver Docker image WireGuard with the wg-easy version of Wireguard so that I can set up WireGuard more easily through the Web UI interface.

Instead of having to individually set up wg-easy, Pi-Hole and unbound and configure all three to work together, WireHole-UI automates all operations through a single file. docker-compose.yml only. You just need to download, change a few parameters and activate with the command docker-compse up -d done.

Feature

  • All-in-one tool: WireGuard + Web UI (wg-easy) + Ad Blocker (Pi-Hole) + DNS Caching (Unbound)
  • Easy to install, easy to use.
  • Friendly interface, create, edit, delete clients quickly.
  • Support QR Code to connect client by phone
  • Split-Tunnel support: use ad blocking only when connecting via VPN

II. Install WireHole-UI

I recommend installing WireHole-UI on Ubuntu 20.04 for best compatibility. If you are using Ubuntu 18.04, you need to update the Linux kernel to the latest version to use WireGuard.

sudo apt-get install --install-recommends linux-generic-hwe-18.04

1. Install Docker & Docker-Compose

2. Install git

More settings git on the device if not already available

sudo apt install git

3. Download WireHole-UI

git clone https://github.com/10h30/wirehole-ui.git
cd wirehole-ui

4. Parameter setting

Before activating WireHole-UI, you need to edit some file parameters docker-compose.yml

nano docker-compose.yml

Default content of docker-compose.yml as below

version: "3"

networks:
  private_network:
    ipam:
      driver: default
      config:
        - subnet: 10.2.0.0/24

services:
  unbound:
    image: "klutchell/unbound"
    container_name: unbound
    restart: unless-stopped
    hostname: "unbound"
    volumes:
      - "./unbound:/opt/unbound/etc/unbound/"
    networks:
      private_network:
        ipv4_address: 10.2.0.200

  wg-easy:
    depends_on: (unbound, pihole)
    environment:
      #  Required:
      # Change this to your host's public address
      - WG_HOST= my.ddns.net

      # Optional:
      - PASSWORD=10h30
      - WG_PORT=51820
      - WG_DEFAULT_ADDRESS=10.6.0.x
      - WG_DEFAULT_DNS=10.2.0.100
      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24

    image: weejewel/wg-easy
    container_name: wg-easy
    volumes:
      - .:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    dns:
      - 10.2.0.100 # Points to pihole
      - 10.2.0.200 # Points to unbound

    restart: unless-stopped
    networks:
      private_network:
        ipv4_address: 10.2.0.3

  pihole:
    depends_on: (unbound)
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    hostname: pihole
    dns:
      - 127.0.0.1
      - 10.2.0.200 # Points to unbound
    environment:
      TZ: "Asia/Hong_Kong"
      WEBPASSWORD: "" # Blank password - Can be whatever you want.
      ServerIP: 10.2.0.100 # Internal IP of pihole
      DNS1: 10.2.0.200 # Unbound IP
      DNS2: 10.2.0.200 # If we don't specify two, it will auto pick google.
    # Volumes store your data between container upgrades
    volumes:
      - "./etc-pihole/:/etc/pihole/"
      - "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    networks:
      private_network:
        ipv4_address: 10.2.0.100

There are two parameters that you must change:

  • - WG_HOST= my.ddns.net Change to the Public IP of the server you use. If installing at home, you can use Dynamic DNS.
  • - PASSWORD=10h30 This is the password used to access WireGuard’s Web UI through the address http://<IP-Address>:51821. Please change to optimize security.

The other parameters you can keep the same if you are not familiar with Docker.

Once edited, save (CTRL + O) and exit (CTRL + X)

5. Enable WireHole-UI

Enable WireHole-UI with the following command

docker-compose up -d

Wait a few minutes for the machine to load the Docker image and set up the containers. Once done, you can go to the following address to set up the WireGuard client. Log in with the password you set in the ` – PASSWORD` section of the file docker-compose.yml

http://<IP-Address>:51821

If you are installing on Oracle’s free VPS, refer to this article for more detailed instructions

III. Connect to WireHole-UI

1. Tạo WireGuard Client

To be able to connect to WireGuard VPN Server, you need to access the Web UI to create a client.

http://<IP-Address>:51821

The WireGuard management Web UI is extremely user-friendly and easy to use.

  • Click New to create the client.
  • Click on the QR icon to see the QR code used to set up the WireGuard client on your phone.
  • Click the Download icon to download the configuration file, which is used to set up the WireGuard client on the computer.
  • Click the Trash icon to delete the client.
wg easy edited
wg-easy Web UI

2. Install WireGuard Client

If you do not know how to set up WireGuard Client, please review the section Installing WireGuard Client in this article

3. Pi-Hole Configuration

By default, after successfully connecting to WireGuard VPN Server, you will automatically be blocked from ads thanks to Pi-Hole’s operation without any further setup.

If you want advanced configuration for Pi-Hole, you can access Pi-Hole Dashboard at the following address

http://10.2.0.100/admin

Normally, I will set up more Local DNS Records to later access Pi-Hole by domain name http://pi.hole easy to remember.

Access the DNS Records section, create a new entry:

  • Domain: pi.hole
  • IP Address: 10.2.0.100

Then click Save and you’re done

pihole wirehole ui
WireHole-UI - Set up a VPN Server with built-in ad blocking 11

IV. Split-Tunnel Configuration

WireHole-UI has an additional Split-Tunnel feature which is very useful in case you just want to take advantage of Pi-Hole’s DNS Server to block ads without redirecting traffic through the VPN Server.

How to do it is simple. You just need to create a new WireGuard client, e.g. Adblock, and download the configuration file Adblock.conf about the machine.

Then when configuring on the WireGuard client, change the parameters of the line AllowsIP wall 10.2.0.0/24 and save.

(Interface)
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 10.6.0.2/24
DNS = 10.2.0.100
​
(Peer)
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 10.2.0.0/24
Endpoint = aaa.bbb.ccc.ddd:51820

With this setup, only DNS Traffic is routed through the VPN Server, your web access will still work normally, not running through the VPN.

Good luck with your installation!

Share tips and tricks about Hosting, VPS, Domain, IT

Related Posts

How to change GPS location on iPhone with...

Details on how to play Keno Fb88 for...

Link To Top88 Is Blocked: Reasons And Remedies

How to use Loopsie to create transition videos...

How to upload files to ChatGPT easily and...

VN Prestigious Bookmaker Link – The best Prestigious...

The best vulnerability scanning tools

Bongdalu Handicap – The Best Football Betting Way...

Does replacing iPhone 11 Pro Max battery lose...

How to write a thesis using ChatGPT without...

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

®2022 - All Rights Reserved. Designed and Developed by XThemes.net