DEV Community


Making a Portable Pi-Hole with Wireguard

・3 min read


In this article, we talk about using a virtual private server (VPS) to host a Pi-Hole instance which is usable through a VPN connected to the VPS. If you wanna skip all the explanation and just go straight to how to do it, click here or use the table of contents to navigate.


This is honestly not new knowledge in any way, shape or form. I know there are a lot of tutorials on how to do these things (making a VPN, making a Pi-Hole) individually, but I'm not seeing many that does both and is easily understandable by a layman like me.

The objective of writing this down for me is to 1. save you some time from reading 21 articles separately and 2. consolidate ideas on how to make this better, in case I'm doing anything wrong.

Use Case

  1. Using a VPN reroutes your traffic to a specific location. (gross oversimplification)
  2. Using Pi-Hole blocks outgoing traffic according to a list you supply.
  3. A Pi-Hole server lives on a specific device.
  4. Using a VPN, the limitation of a Pi-Hole only being on a device you can't bring out can be eliminated.


  1. PiVPN (Wireguard) - Chosen because of the simple installation and fast speed.
  2. Pi-Hole
  3. DigitalOcean Droplet ($5) - Chosen because of the 1,000GB connection pool bandwidth, also has balanced website complicatedness. Alternatively, you can choose to do this combination on a home device too, you'll connect to your own home network, that's all. I wanted to have the ability to access certain location-blocked sites. The destination of the VPN tunnel will depend on where you set up your server to be. In theory, AWS or some other VPS provider should also follow approximately the same steps. I've heard that Oracle Cloud free tier is also pretty good in value.


  1. Make a DO account.
  2. Make a DO droplet. I used Ubuntu on a basic plan ($5 per month).
  3. After the VPS is deployed, create a floating IP and assign to your Droplet. (This serves as a static IP sort of thing)
  4. Then we add a custom firewall rule. We open up access for a UDP connection from port 51820. This port is used for your device to tunnel into your Droplet.
  5. Connect to your Droplet through SSH.
  6. Use curl -L | bash to install PiVPN. Just follow the steps, shouldn't be too overcomplicated. Make sure that the VPN protocol chosen is Wireguard.
  7. If you do ipconfig, your device should now also include wg0.
  8. Do ip addr show wg0 to see what IP address is wg0 using. (Take a screenshot/Note it down)
  9. Do ip route show | grep default to see which IP address is used to route network requests to the Internet. (Take a screenshot/Note it down)
  10. Do curl -sSL | bash to install Pi-Hole.
  11. When prompted about IP address and Gateway, use the one in Step 7 for IP address (keep the default port [the number after the slash]) and the IP address in Step 8 for gateway.
  12. Complete the installation process.
  13. You can now add devices to connect through PiVPN. Use pivpn for a list of commands or just visit the project page for more help on the matter.

Discussion (0)