Running pi-hole and PIVPN on a Raspberry Pi 3b+

Installing Pi-hole

To install pi-hole let’s run the simple bash script below that will guide us through the installation

curl -sSL | bash

You will be asked to select which interface to use, in my case and most likely yours you will want the wired connection so select eth0.

Next, you will want to choose the DNS provider, I use Cloudflare as my upstream DNS provider but you can choose whichever you prefer.

Select the IP address you’d like to set as the static IP address or leave it with what was decided, just make sure it’s out of our DHCP scope. In my case, I choose x.x.x.82 where my DCHP range is 100-253.

Select YES and install web interface and log queries.

You may be asked to install default firewall rules, select yes.

Once the installer is finished it will prompt you with login details to access the pi-hole, keep note of this somewhere so you don’t forget. If you change the IP address during setup you will need to reboot. use sudo reboot for this.

Once rebooted you can change the default web password by using

pihole -a -p

Set DNS/DHCP server

I am living in the UK and have an ISP-provided router, the downside to this is that I am unable to change my routers DNS settings and therefore we will enable DHCP on the pi-hole to dish out IP address and DNS settings to clients upon connection to the network.

Disable DHCP in the router

If you have a BT home hub the instructions to do this are as follows, navigate to your routers IP address by default it is and login, the credentials are usually on the back of the box.

Home > advanced > My network >IPV4 settings > uncheck enabled under DHCP settings

Enable DHCP on pi-hole

Navigate to http://pi.hole/admin or http://YOUR-IP/admin and you’ll be presented with the pretty pi-hole dashboard, select login and use the password you were given or set above.

Once logged in navigate to Settings > DHCP and then enable. I’ve copied the DHCP scope settings from my router to the pi-hole. Make sure you update the gateway IP with that of your routers.

Under interface listening behavior select “Listen on all device”

Test that it’s working

Make sure you ipconfig /flushdns on your windows machine and open an incognito window, navigate to and if you aren’t spammed with adverts then it’s all working!

Install PiVPN

Run the below bash script to run the installer for PiVPN

curl -L | bash

The first thing you will be asked is to confirm the IP address, we already have set this so it should be the same as what we set the Pi-hole install to.

Select the default user when prompted

Enable unattended-upgrades

For Protocol select UDP and we’ll leave the default port of 1194 for now, this can be changed later if you wish so don’t worry.

For encryption leave this at the default 248 as it’s as high as you would need.

You will be asked whether you wish to connect via an IP address or domain name, this is up to you. If you don’t have a static IP address then I would suggest you set up dynamic DNS, I use ddclient to update the IP address on Cloudflare. I’ve set up a domain record on Cloudflare to point to my IP address, > EXTERNAL-IP address.

We now need to set the DNS servers, cycle down to custom and enter the IP address of our Pi.

The installer will now ask you to reboot, you can skip this for now as we need to make a few more changes.

let’s go ahead and modify our OpenVPN config with

Sudo nano /etc/openvpn/server.conf

remove any additional “dhcp-option” lines and enter the below, replace route with your IP’s subnet and replace DNS with your PI’s IP address.

push "route"
push "dhcp-option DNS"

Save and then exit with Ctrl + O and yes, then Ctrl + X

Next, we’re going to create a new file using

sudo nano /etc/dnsmasq.d/02-pivpn.conf 

copy and enter the below line then save and exit out of the command.


Again Ctrl + O and yes, then Ctrl + Enter

Restart the Raspberry PI with sudo reboot

Create OpenVPN config file

Use pivpn add and follow the instructions to create a VPN profile for us to use. Once created it will give you a location the file is stored in. Download this file to whichever client you are going to use it on, in my case, I transferred the file to my phone and installed the OpenVPN connect client.

Port Forwarding

Make sure in your router’s settings that you forward external port 1194 to internal port 1194 at the raspberry PI’s IP address. Every router is different so you may need to search it but for a BT Homehub use advanced > firewall > port forwarding.

Test and confirm

If all has gone well you should be able to connect from your client to the VPN and browse the web with ad-blocking running.

If you have any questions let me know!

Leave a Reply