TR Forums

I'm faffing around with a virtual machine that runs Pi-Hole. It, in turn, runs on the Windows machine in my signature inside VirtualBox, using a bridged adapter. I want to configure the VM to connect to my VPN provider and then use the VM as a gateway and DNS server for my phone and possibly the host computer.

Is this a reasonable and/or possible thing to accomplish? Any devices using it as a gateway will have to use static IPs because my router (Netgear Orbi) doesn't allow things like setting another device to be the LAN's DNS server or gateway.

The preliminary answer is "no". Maybe I can set the VM to serve DHCP over one of VirtualBox's internal interfaces and use that adapter as the host's gateway?

I guess that's your VMs way of saying "shut your Pi-hole!"

/ducks

Imma just have to go off-label and bodge that VM into being a router, which will involve reading dnsmasq documentation. Or maybe there's a Debian-based router project out there already and I can install Pi-hole to it instead.

You might look into routing with IPTables if you want to run Debian as your router. It's really not as bad as it sounds/looks.

I'm making progress: instead of torturing the Pi-hole VM, I reconfigured a pfSense VM that I'd been playing with previously. The latter will connect to my VPN provider as its upstream and can tell VMs downstream of it to use the Pi-hole for DNS, so now I need to decide how I want the host computer to talk to the pfSense VM.

Got it done. Switched the pfSense VM to having one NIC bridged (WAN interface) and another on VBox's host-only network, and Pi-Hole's only NIC also on host-only. The remaining step was to disable VBox's DHCP server and let pfSense handle that.

This doesn't help my phone, of course, but it was a diverting way to spend a few hours.

What VPN do you use?

ProtonVPN, which uses the OpenVPN protocol.

Got my phone working with it, though somewhat manually. Had to give it a locally-set static IP, set the gateway to the pfSense VM, and DNS to the Pi-hole. Both VMs' LAN ports are now bridged.

This will probably wind up being reverted once I want to watch something on Netflix badly enough.

... or until I can't leave well enough alone and something breaks. Ah well, it was surprisingly fun; pfSense has a lot of buttons and knobs to twiddle.

It transpires that the Orbi can be set to use a LAN-based DNS server after all. It's completely non-obvious: the config page for setting upstream DNS looks like it would apply only to the WAN port, but on that page I can specify the RFC 1918 address my Raspberry Pi has, and it works.

And here's how to set up DNSCrypt-proxy inline with Pi-hole's resolver:

https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0

So now I've got a DNS blacklist *and* a little privacy from my ISP for those in my house who can't conveniently use the VPN.