WiPiUn

A Dockerised VPN using Wireguard, PiHole and Unbound: WiPiUn.

This setup guide has been tested on Ubuntu 22.04 LTS.

Contents

1. Setup
2. Installing the Wireguard app, and the profiles, on your devices
3. Post run configuration
4. Credits

1. Setup

Clone the repository, and change to the repository directory with:

git clone --recursive [email protected]:papalozarou/wipiun.git && \
cd ~/wipiun/setup

You will likely need a personal access token to clone the repository.

Run the first setup script:

sudo ./01-initialise-wipiun.sh

Once the first script has completed, run subsequent scripts following instructions and prompts. You can delete the linshafun and setup folders when finished.

N.B.

Wireguard requires opening udp port 53 and the server port it configures during setup. The install script add these ports to UFW, however if you run an additional firewall, i.e. on your hosting service, you will need to manually open these ports in that firewall.

2. Installing the Wireguard app, and the profiles, on your devices

Now you can install the Wireguard App for your selected system and add the profile for your selected device, either using the QR code or the file found in ~/${yourVPNFolder}/wireguard/config/client_${yourDeviceName}.

3. Post run configuration

Once the containers are up and running, you need to set a password in Pihole and optionally add more blocklists. You must be connected to your VPN to administer your VPN's instance of Pihole.

3.1. Set a Pihole password

Because there is no password specified in docker-compose.xml, the Pihole container generates a random admin password when it first runs. To set a new one, we need to SSH into our Pihole Docker container:

sudo docker exec -it pihole /bin/sh

Once inside the container, change the password with:

pihole -a -p

You will be prompted to type a new password. If you leave it empty, no password will be set so you can login without one.

3.2. Add blocklists

Within ~/wipiun/pihole you will find blocklists.txt which contains a space separated list of blocklists. To add this list to Pihole:

1. Tap Adlists in the left hand navigation of Pihole;
2. Paste the contents of blocklists.txt into the Address: field;
3. Tap Add;
4. Tap Tools in the left hand navigation, then tap Update Gravity; and
5. Tap Update.

Once Gravity has updated, if you navigate back to the Adlists page, you will see all the additional blocklists.

4. Credits

This project has shamelessly cherry picked, and built on top of, other people's amazing work:

• The main inspiration to do this came from Rajan Patel's Pihole/Wireguard hosted VPN.
• Further inspiration was taken from Linuxserver's Wireguard Docker container, taking their approach and re-writing their set-up script to learn about how to set Wireguard up – it was more interesting than following the docks. DUDE.
• To make sure the above was done in the correct way, Just Containers' s6-overlay service as a script guide was followed.
• Pihole simply uses the Pihole official Docker containter because life is too short.
• For Unbound minor tweaks were made to Matthew Vance's Unbound Docker.
• Lastly, there are definitely several StackOverflow and Pihole forum posts that I have forgotten, which also went into getting this up and running.