Today we have a look on how to install OpenVPN+Pi.hole on a digitalocean. Remember it is best if you can pay with crypto but unfortunately there are not many good crypto powered solutions out there! Hetzner is great and gives way more traffic than digitalocean, but they ask for an ID even after payment was been made. This is kind of not the perfect solution, even though they claim to delete it immediately and offer an GPG/PGP key to send the details  over email!

This pointed out, having your own VPN is not a bulletproof privacy solution anyway. So having a cloud that needs your credit card is not as bad as giving it to a VPN service. Bare in mind that you control the cloud and it is your setup, so there should be no DNS hijacking or ads pushing from the VPN provider to you. You also know that there are no logs except the ones that you allow to be stored in your Pi-hole and that the VPN provider is not selling your data or  tracking information!

So ultimately this should be a clean enough IP address to use for streaming services or having a Pi.hole with a VPN on the go! And that should be the major setup for which you should be using a VPN.

Today, however, we will give you a solution with OpenVPN+Pi.hole as a smart combo solution! This provides the ad and tracking blocking solution all in one setup.

As usual, we do not rate or refer any particular service or use referral links. That said, we can state that we think the easiest set-up comes from digitalocean, who offers, in the marketplace, a 1-Click OpenVPN+Pi.hole  droplet, here:

Getting started after deploying OpenVPN + Pi.hole

To use your new OpenVPN + Pi.hole server, you'll need to collect your  OpenVPN config once. Do this by logging into your new 1-Click App  Droplet via ssh root@your_Droplet_IP with your SSH key or one-time  password. You'll then see and the following MOTD:

Sounds pretty easy! And it is, however the setup is done when the real  setup starts.

First of all you need the client.ovpn file, which is  explained on an android setup here:

OpenVPN + Pihole Setup
Android guide to setting up OpenVPN + Pihole

You can get it with an SFTP client on Mac, Linux or Windows PC.

Once you have done that, connect your OPENVPN and visit pi.hole/admin

Remember this only works if you are connected to the VPN.

Once you are on the Pi.hole setup page, put in your blacklists, and have fun with a perfect on the go or at home solution! It don't get much easier than that.

Now since you control the droplet, here are a few more recommendations.

First the closer to your location is usually fastest, so bare that in mind if you need an US proxy for Netflix but are in Asia or Australia as this will likely slow your setup considerably, That said, a cloud server is usually way faster than a VPN provider as this setup is dedicated to you.

Next for privacy reasons, this setup is super  fast, so consider to deleting the droplet and making a new one every  14-30 days. That way you are getting a new IP address and there are no  logs anymore!

Also make sure to select or any other DNS  provider you trust within the Pi.hole! You do not want a cloudflare  setup and you need to make sure of that!

If you setup the OpenVPN solution please use:

OpenVPN for Android | F-Droid - Free and Open Source Android App Repository
© 2010-2020 F-Droid Limited and Contributors

On Android

‎OpenVPN Connect
OpenVPN Connect is the official full-featured iPhone/iPad VPN client for the OpenVPN Access Server and OpenVPN Community, developed by OpenVPN Technologies, Inc. Features: * Easily import .ovpn profiles from iTunes, OpenVPN Access Server or via a browser link. * State-of-the-art power management…

On iOS or a better OPENVPN which actually stays online, unlike OPENVPN connect which seems to disconnect on iOS a lot!

‎Passepartout - OpenVPN Client
Passepartout is a smart OpenVPN client perfectly integrated with the iOS platform. Passepartout is the only app you need for both well-known OpenVPN providers and your personal OpenVPN servers. With Trusted Networks and Siri Shortcuts, Passepartout unlocks the very best of using a VPN on iOS. Pass…

Coming up next in the Privacy Cookbook section 4.4 is an even easier solution involving WireGuard and IKEv2 with strong encrypto (AES-GCM, SHA2 and P-256), a built-in ad-blocker and  all this works on any cloud server! So you are not restricted to digitalocean on that setup! On top of this the WireGuard solution is way faster than the OpenVPN solution and even though most VPN providers recommend OpenVPN over WireGuard because it is newish and has not been as rigorously tested to be considered bulletproof, it has modern encryption, stays online (usually) and is way faster!

Once again, we do recommend Tor* when it comes to privacy, but these are good solutions for on the go and always being online, protecting your devices as well as your browser.

That's all for this section.

*Tor will be covered in section 4.6 of the Privacy Cookbook shortly.

Share this post