Today we have a look on how to install OpenVPN+Pi.hole on a digitalocean. Remember it is best if you can pay with crypto but unfortunately there are not many good crypto powered solutions out there! Hetzner is great and gives way more traffic than digitalocean, but they ask for an ID even after payment was been made. This is kind of not the perfect solution, even though they claim to delete it immediately and offer an GPG/PGP key to send the details over email!
This pointed out, having your own VPN is not a bulletproof privacy solution anyway. So having a cloud that needs your credit card is not as bad as giving it to a VPN service. Bare in mind that you control the cloud and it is your setup, so there should be no DNS hijacking or ads pushing from the VPN provider to you. You also know that there are no logs except the ones that you allow to be stored in your Pi-hole and that the VPN provider is not selling your data or tracking information!
So ultimately this should be a clean enough IP address to use for streaming services or having a Pi.hole with a VPN on the go! And that should be the major setup for which you should be using a VPN.
Today, however, we will give you a solution with OpenVPN+Pi.hole as a smart combo solution! This provides the ad and tracking blocking solution all in one setup.
As usual, we do not rate or refer any particular service or use referral links. That said, we can state that we think the easiest set-up comes from digitalocean, who offers, in the marketplace, a 1-Click OpenVPN+Pi.hole droplet, here:
https://marketplace.digitalocean.com/apps/openvpn-pihole
Getting started after deploying OpenVPN + Pi.hole
To use your new OpenVPN + Pi.hole server, you'll need to collect your OpenVPN config once. Do this by logging into your new 1-Click App Droplet via ssh root@your_Droplet_IP with your SSH key or one-time password. You'll then see and the following MOTD:
Sounds pretty easy! And it is, however the setup is done when the real setup starts.
First of all you need the client.ovpn file, which is explained on an android setup here:
You can get it with an SFTP client on Mac, Linux or Windows PC.
Once you have done that, connect your OPENVPN and visit pi.hole/admin
Remember this only works if you are connected to the VPN.
Once you are on the Pi.hole setup page, put in your blacklists, and have fun with a perfect on the go or at home solution! It don't get much easier than that.
Now since you control the droplet, here are a few more recommendations.
First the closer to your location is usually fastest, so bare that in mind if you need an US proxy for Netflix but are in Asia or Australia as this will likely slow your setup considerably, That said, a cloud server is usually way faster than a VPN provider as this setup is dedicated to you.
Next for privacy reasons, this setup is super fast, so consider to deleting the droplet and making a new one every 14-30 days. That way you are getting a new IP address and there are no logs anymore!
Also make sure to select dns.watch or any other DNS provider you trust within the Pi.hole! You do not want a cloudflare setup and you need to make sure of that!
If you setup the OpenVPN solution please use:
On Android
On iOS or a better OPENVPN which actually stays online, unlike OPENVPN connect which seems to disconnect on iOS a lot!
Coming up next in the Privacy Cookbook section 4.4 is an even easier solution involving WireGuard and IKEv2 with strong encrypto (AES-GCM, SHA2 and P-256), a built-in ad-blocker and all this works on any cloud server! So you are not restricted to digitalocean on that setup! On top of this the WireGuard solution is way faster than the OpenVPN solution and even though most VPN providers recommend OpenVPN over WireGuard because it is newish and has not been as rigorously tested to be considered bulletproof, it has modern encryption, stays online (usually) and is way faster!
Once again, we do recommend Tor* when it comes to privacy, but these are good solutions for on the go and always being online, protecting your devices as well as your browser.
That's all for this section.
*Tor will be covered in section 4.6 of the Privacy Cookbook shortly.
