Raspberry Pi 3 + Pi-Hole + OpenVPN & DNSCrypt Tutorial

Discussion in 'privacy technology' started by CHEFKOCH, Aug 13, 2017.

  1. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  3. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Today I've setup a Raspberry Pi 3 B+ with Pi-Hole. Still without OpenVPN and DNSCrypt. I'm impressed - and major improvements are in the making.

    Here's what the Pi-hole Admin Console looks like:
    upload_2018-7-29_17-46-25.png

    Note that the number of Queries Blocked would be much larger without uMatrix and uBlock Origin. For example, I temporarily disabled AdGuard Pro on my iPad and the number of blocked queries ascended steeply. Great stuff! Next step is implementing Open VPN and to make it accessible for my smartphone from everywhere.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Damn, I have a few Pi 2 lying around from an old project. Is a Pi 2 good enough?
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    I think the most important difference is the CPU. While the Pi2 one runs with 900 MHz, the Pi3 B+ has 1.4 GHz. But I assume that Pi2 is still good enough for this pupose. However, you might want to use DietPi rather than Raspbian Lite as the former is lighter in every respect.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Thanks. I've run Raspbian on those Pi 2, and they were fine. My main complaint is low-bandwidth USB Ethernet NICs. I've thought of playing with Banana Pi etc that have real NICs.
     
  7. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    The Raspberry PI 2 uses a lot less power than the Raspberry PI B and B+. I use a Raspberry PI 2 as a forwarding DNS server with Unbound connected to a modified version of Pi Hole running Unbound on a VPS. It is powered by the USB port on my router. I need a fairly hefty --2 amps or more @5v --USB power adapter to run a Pi B or B+.
     
    Last edited: Aug 5, 2018
  8. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    I have found the lack of real 1 Gb ethernet disappointing too...

    In fact when I look the whole PI family as whole, there has been very very small additions between versions.

    Take for example Raspberry PI 3 and it's upgraded Raspberry PI 3 b+ :

    https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/
    https://www.raspberrypi.org/products/raspberry-pi-3-model-b/

    Compared to RPI 3, RPI 3 b+ is only 200 MHz faster, has support for PoE (nice but needs to buy separate HAT!), AC WLAN, and finally fake "1 Gb" LAN connector (max 300 Mbps).

    Those are not exactly tempting features for me to get another Pi... (already has one RPI 2, two Raspberry Pi Zeros, one Raspberry Pi Zero W and one RPI 3)

    I probably take a look of competition too ...
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Yes, that's what I use. By the way, on Amazon I bought a case for it from smraza (be careful - there are two variants, only one of them fits with the B+) which I can highly recommend. It comes with 3 heatsinks and a mini fan. Result: the CPU temperature dropped from 62 °C with the standard case to less than 38 °C with the new case! I'd say that's a dramatic reduction, isn't it? :thumb:
     
  10. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Very nice. First time that saw raspi case with heatsinks and fan.
    Now Im temped to buy for all my raspis and overclock them....
     
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    FWIW, I'm now using Pi-hole with unbound as suggested here (more details here). Works well. However, the queries to the root servers are not encrypted. I don't know if that's possible. Stefan - any ideas?
     
  12. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    AFAIK, root server encryption is still not supported even tought things like DNSSEC are supported by roots.
    I don't see any reason why they could not support encrypted DNS too but it must be remembered that DNS encryption standards are still quite young.
     
  13. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Yes, that's confirmed with dig. And I have "Use DNSSEC" enabled in Pi-hole, of course. :thumb:
    Yes, it seems so. So I guess we will have to wait a bit.
     
  14. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Maybe there will be lot's of more smaller players (like Quad9 and Cloudflare) coming that offer privacy and encryption and then finally, after lot's of meetings & politics, ICANN enables encryption with it's root servers. Maybe.

    If not, then maybe some organization could start alternate root (like Paul Vixie Yeti DNS attempt)
     
  15. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    What is a POE hat?
    I do have a netgear gs308p switch which has POE support
     
  16. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    It's an add-on board (like all HAT's are) that makes it possible that your new raspberry pi 3+
    can actually use the PoE functionality.

    https://www.raspberrypi.org/products/poe-hat/

    It's nice if you don't have easy access to power socket but have long ethernet wire lying around.
    Just dissapointing that need to buy separate add-on board to actually use the functionality...
     
  17. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    stefan: thanks

    I was hoping it was built in :(
     
  18. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Me too, but:
    It seems that there has been some problems with the official add-on board
    http://linuxgizmos.com/refund-offered-for-raspberry-pi-poe-hat-due-to-power-issues/

    The grass may be greener in the other side of the fence.
    https://blog.hackster.io/two-new-banana-pi-boards-both-with-poe-bdfaf9e90f78

    That Banana Pi BPI-R64 looks especially interesting: This is the first time I have seen
    hobbyist open source single-board computer for sale with 4 gigabit LAN ports, 1 WAN port
    and clearly made for building your very own router :eek:
     
  19. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Thanks for the info on the official hat.
    Looks big and relatively expensive as well.

    Dont think i could be bothered now with a new board.
    I got the pi specifically for pi-hole and now that it works thats me done.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.