Hi there!
There’s a Ubuntu 22.04 pc with PiHole running in my home network and it works great and I’d like to add a VPN for entire network. Is it possible? I’m using nordvpn on multiple devices. Thanks
You’d put the VPN client on your router or some other device through which all your network traffic passes.
Putting it on the Pi isn’t gonna work because your network is only using the Pi for DNS so only traffic on port 53 hits the Pi.
Hope this helps -
You could make your PC act as your router and hang your current wifi router off the LAN side and configure it as a wifi access point
Just add an extra NIC or two to your PC, and run pfsense, vyos, or similar. I personally have used vyos and am very familiar with it, but it’s CLI only.
-
Or buy a Ubiquiti Edge Router and do the same trick with your existing router
-
or block direct traffic through your router and set up a proxy on your pihole. This would kind of suck, IMO, but it’s an option
Edit: most router distros are going to be capable of running OpenVPN, wireguard, Ike/IPSec, etc
Set up a wireguard vpn. You can use pivpn to make this process much easier
EDIT: I misinterpreted what you said. Disregard this comment
Of course it’s possible. Setup a router and setup the VPN on that. A ubuntu PC is probably overkill for this I tend to use those smaller NUC sized passive cooled devices, a dual core i3/i5 with 4GB of ram and AES instructions on the CPU will be enough for gigabit speeds. I use opnsense but pfsense is another free option.
Why not create your own VPN with Wireguard? This is what I did and can access my network’s resources from just about anywhere.
Yes, absolutely doable. Though not exactly what its intended for, I use wireguard because its very performant and its really configurable. I nust tell wireguard to let its wireguard peers access my entire network and use nftables on that same box to restrict access from there.
if i wanted to give wireguard clients access to a specific VLAN or internet access Id put a default deny at the top of the chain and do something like this:
wireguard access rules
iifname $WG_CLIENTS oifname {
$MANAGEMENT, \
$CLIENTS, \
$WANIF \
} accept
roughly translates to, if the incoming interface for this traffic is the wireguard interface and its outgoing interface is one of the 3 listed, accept the traffic. Theres a default deny so it denies all other traffic.
You can be super specific and tell it to block traffic from there to a specific IP as well. Its super configurable this way.
If youre really fresh as far as nerworking goes, your best bet is probably to not use this as your main router for your WAN interface since its not hard to knock off WAN to all clients or even worse, let bad actors in if your box isnt configured securely. You would just setup a port forward on your main WAN router to the wireguard port on the internal server.
You need a router that can support “static routes” - then you can put a vpn anywhere in your network — and you configure a static route that tells your router, and by extension- all PCs on your network, where to find the VPN traffic
That’s an incredibly dumb idea.
Yes. You would want the Pi to also be running DHCPd, turn on packet forwarding, and have the Pi hand itself out as the default gateway to dhcp clients. (assuming the Pi is connected to your commercial vpn) EDIT: You would definitely want to turn down DHCP on your main ‘router’ in this scenario)
Personally I would get a mini-pc to deal with it all. (PiHole in no way requires a Pi)
Unfortunately i don’t own a router that could help me with that. My PiHole is not running on any Raspberry but on a full size PC with i5 if that changes anything. Therefore I’m thinking of a way to tunnel my whole traffic there.
Yes, I knew its doable! PC is overkill for sure but its only thing I can dispose right now. Could you please share some links to guides on how to set it up or sth like this? I’ve searched tens of websites with no effect. Thank you!
That’s what I’d usually understand when someone talks about VPN but in this case they’re looking for a way to connect an entire network to a VPN Proxy/Routing service which is incredibly dumb.
Its currently running on i5 12gb ram pc
You could create a wifi hotspot from the PC, and if the pc is connected to the VPN (and properly configured), then anything connected to that wifi hotspot will go through the vpn.
Does your pc runs Linux?
Edit: I can se clearly now, didn’t read 
You can run VPN-client from VPNTV setup.
As DNS use 127.0.0.1#53 which is your Pi-hole, assuming it is running on the same Ubuntu server.
That would probably work but it’s a workaround instead of solution;D
If you want a solution instead of a workaround, look at your first sentence of the other post. Maybe install openwrt on that PC and use it as a router. Otherwise, open the wallet and get a router that can handle tunneling all the traffic.