Pi-Hole with a PiVPN Split Tunnel on My Phone

With much help from my friend Uriah I’ve been able to set up Pi-Hole and PiVPN for my phone. This will let me block Reddit and Hacker News. The combination of those two sites has latched onto the addiction centers of my brain to a physically harmful level. I’ve been losing sleep looking at memes… as ridiculous as that sounds.

So what all did I do?

First we gathered materials. Uriah provided me with a Pi Zero and a usb ethernet adapter. I had an extra micro-usb cable and wall adapter for power. I got a free 32gb micro-sd card from a big box store coupon.

I flashed the Raspbian Stretch Light image to my micro-sd card using balenaEtcher. Then I added a blank file named ssh to the root directory of the card so that I could ssh in to run commands and sftp in to pull files.

I initially just setup Pi-Hole locally using the default install steps and set my wifi DNS via Android’s stock settings interface.

However this only helps when I’m at home. So I started setting up a VPN with PiVPN. I followed Marc Stan’s guide to setting up the combo of Pi-Hole and PiVPN to fill some gaps in the VPN setup. The biggest non-trivial part here is the “Final Config” part at the end.

However it turns out that the dhcp-option push setting won’t work with the best way to do split tunneling (assuming we want to do split tunneling on a client by client basis). To get split tunneling working (i.e. only use the vpn for the Pi-Hole DNS itself and other local server access), I had to track down more info.

I found that adding the following lines to the client’s .ovpn file worked best:

route <local network ip>
dhcp-option DNS <dns ip on vpn network>

I noticed that some of the guides say to use some other variation on the route-nopull command but none of those worked for me.

If you want all clients to have these settings, I believe you can move them all to your /etc/openvpn/server.conf and wrap them in push commands like Marc’s original post, but I’m not 100% sure.

Note also that your bitmask (the 255 part) might need to change depending on what ports you want to access through vpn.

Once that was all setup I downloaded the Android OpenVPN client, and moved the .ovpn file onto my phone.

Hopefully this setup will get me some of my time and sleep back. I haven’t used it much yet. So we’ll see how it goes!