Setting up Pi-hole and PiVPN on Google WiFi (2024)

Requirements: Raspberry Pi, Google WiFi, patience and good spirits

Setting up a working private VPN where traffic goes through my Pi-hole on my Raspberry Pi proved to be more difficult than I previously thought, and required finding information from multiple different sources.

To simplify this process in the future here’s all that I had to do to get everything working.

Note: Some of the screenshots are in Finnish, sorry about that.

Since a VPN requires an open port, it’s important to have your Raspberry Pi secure. Make sure not to use the default password, or preferably disable password login altogether. Guides for SSH logins etc. can be found easily online.

Note: Always keep your software up-to-date!

Pi-hole requires a static IP, but most of the routers have DHCP active that assign dynamic IPs to connected devices. To get the Pi-hole working with Google Wifi, you will have to reserve an IP for the RPi.

  1. Open Google Wifi application on your mobile device
  2. Go to Devices -> Raspberry Pi
  3. Click the three dots in the upper right corner and click “Reserve IP”
  4. Select the port for the device and restart your Raspberry Pi

Now if you go to the router settings and look for IP reservations, you should see a similar screen like the one here:

Setting up Pi-hole and PiVPN on Google WiFi (2)

The first step is to get Pi-hole up and running, there are multiple guides on the internet on how to set it up, so I won’t go into details here. We have to install Pi-hole and make sure that all traffic on the network is routed through it. After this, Pi-hole will handle DHCP leases for the connected devices.

Setting up Pi-hole and PiVPN on Google WiFi (3)
  1. Install Pi-hole by running curl -sSL https://install.pi-hole.net | bash
    Note: piping to bash is not a good idea unless you know what you are doing
  2. Go through the interactive setup and remember to select the correct interface (eth0 or wlan0)
  3. Open Google WiFi application again
  4. Go to the Settings page and press LAN
  5. In the DHCP settings screen, set first and last IP address to be the Raspberry Pi’s IP address you had reserved previously
  6. Open Pi-hole admin console, log in and go the DHCP tab
  7. Enable DHCP & set large enough IP range while making sure it does not overlap your Raspberry Pi’s IP address
  8. Save settings & renew DHCP leases for the devices that are connected to WiFi
  9. For convenience, you might also want to set static DHCP leases for your devices in the Pi-hole admin panel
Setting up Pi-hole and PiVPN on Google WiFi (4)
Setting up Pi-hole and PiVPN on Google WiFi (5)

Now that Pi-hole is up and running, it’s time to set up OpenVPN. This one proved to be the most difficult part of the project. We first have to set up a personal static IP, if your internet provider has not assigned one to you (this is most likely the case). Finally, we need to install PiVPN and configure it so that the data is sent to Pi-hole instead of other DNS servers.

3.1. Static IP

I decided to use Duck DNS for this, as it was free and seemed to be well suited for this task. We will be making an automated request every five minutes to Duck DNS HTTP endpoint, that updates our name server http://<your-domain>.duckdns.org to resolve to our public IP address.

  1. Go to Duck DNS website and register for a user
  2. Go to the install tab and follow instructions for operating system linux cron

3.2. Install PiVPN

The next step is to install PiVPN and to open & forward the configured VPN port on our Google Wifi device. A more detailed guide can be found here.

  1. Run command curl -L https://install.pivpn.io | bash
  2. Go through the interactive setup and choose correct setup options (static IP address, user, etc., most of the time the default value is ok)
  3. For the protocol, select UDP and port some port you fancy that is over 1024, preferably some other than the default 1194
  4. When the setup is prompting you for public IP or DNS, select DNS entry and write your DNS entry in format <your-domain>.duckdns.org to the input field
  5. Finalise the installation & reboot your Raspberry Pi
  6. Once more, open the Google Wifi application
  7. Select your Raspberry Pi device and click the three dots in the upper right corner
  8. Choose “Set IPv4 port forwarding” or something similar
  9. For internal and external ports, write the port you decided in step 3 and select protocol UDP
Setting up Pi-hole and PiVPN on Google WiFi (6)
Setting up Pi-hole and PiVPN on Google WiFi (7)

Note: You might have to restart the Google Wifi device after port forwarding for it to become active.

3.3. Configure OpenVPN to work with Pi-hole

For this part, I had to find information from quite many sources, so some configurations here might not be needed, as I was fiddling around and don’t want to touch the configurations anymore. Credit where credit’s due, these three posts helped me a lot.

/etc/dnsmasq.d/05-pihole-vpn
interface=<eth0 or wlan0>
interface=tun0
  1. Create new file (e.g. 05-pihole-vpn) in /etc/dnsmasq.d with the content above.
  2. Edit /etc/pihole/setupVars.conf, adding line piholeInterface=tun0just below the other interface line
    Note: this step could perhaps be omitted as stated here
  3. Finally, edit /etc/openvpn/server.conf and comment out all lines which are in format push dhcp-option DNS <x.x.x.x>
  4. To the same file, add a new linepush dhcp-option DNS 10.8.0.1
    Note: the 10.8.0.1 is probably the correct address, but if you have changed it during the VPN setup, use that instead
  5. Restart your Raspberry Pi

3.4. Create an OpenVPN profile

The last thing to do is to create an OpenVPN profile and move the profile to our desired device.

  1. Run pivpn -a to create a profile
  2. Go through the setup
  3. Move the file to your device that has OpenVPN application installed
  4. Connect to your ad-blocking VPN 🎉

Note: You can validate if your configuration works by looking for IP addresses that are in format 10.8.0.x in the Pi-hole’s network panel. Or connect to the VPN and navigate to a website that would contain advertisem*nts.

Setting up Pi-hole and PiVPN on Google WiFi (2024)
Top Articles
Latest Posts
Article information

Author: Aron Pacocha

Last Updated:

Views: 5989

Rating: 4.8 / 5 (48 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Aron Pacocha

Birthday: 1999-08-12

Address: 3808 Moen Corner, Gorczanyport, FL 67364-2074

Phone: +393457723392

Job: Retail Consultant

Hobby: Jewelry making, Cooking, Gaming, Reading, Juggling, Cabaret, Origami

Introduction: My name is Aron Pacocha, I am a happy, tasty, innocent, proud, talented, courageous, magnificent person who loves writing and wants to share my knowledge and understanding with you.