This is documents how I made the raspberrypi4 that my girlfriend got me as a gift into a DNS based adblocker over a split tunnel VPN with tailscale.
This will enables me to set up any devices I want (for free, up to 20 with tailscale) and have DNS based ad-blocking no matter what network I'm connected to, including on my cell phone.
Edit
Tailscale already had this as it's own post. Somehow I didn't see it. https://tailscale.com/kb/1114/pi-hole/
Setting up my raspbery pi:
I don't know if I have a mini hdmi to normal hdmi cable and didn't feel like looking, so I set it up headless, or unplugging my keyboard and mouse either.
I used the instructions here: https://www.youtube.com/watch?v=ntaXWS8Lk34
I set the access using the ssh password access through the ctrl+shift+x setting menu in the "raspberry pi imager". I tried setting up using an ssh key first, but did something wrong.
Then I plugged in the sd card, ethernet cable, and then powered it on. I nmapped [ sudo nmap -sS -T5 -p22 192.168.0.0/24 ] my /24 network to see what my router had assigned it. The raspberry pi shows up as Raspberry pi in nmap, which is awfully handy. It takes up to 2 minutes to fully power on, run SSH and have the service listening and able to respond to nmap, so don't be worried if you don't see it initially.
I connected to the IP that was assigned using the pi@ user : ssh pi@192.168.0.xxx . I then set my local router to statically assign that IP instead of DHCP, which would break it's eventual use as a DNS server.
I then installed pi-hole: https://github.com/pi-hole/pi-hole/#one-step-automated-install:
curl -sSL https://install.pi-hole.net | bash
I accepted most of the defaults and turned on the admin interface.
Installing tailscale:
I blindly installed tailscale following the directions here for the raspberry pi: https://tailscale.com/download/linux/rpi
I was getting an error:
identifier is 10406 and the job result is failed.
pi@rpi:~ $ sudo tailscale up
failed to connect to local tailscaled; it doesn't appear to be running (sudo systemctl start tailscaled ?)
systemctl status tailscaled.service
● tailscaled.service - Tailscale node agent
Loaded: loaded (/lib/systemd/system/tailscaled.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2021-10-18 16:11:28 PDT; 7s ago
Docs: https://tailscale.com/kb/
Process: 16161 ExecStartPre=/usr/sbin/tailscaled --cleanup (code=exited, status=0/SUCCESS)
Process: 16174 ExecStart=/usr/sbin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port $PORT $FLAGS (code=exited, status=1/FAILURE)
Process: 16193 ExecStopPost=/usr/sbin/tailscaled --cleanup (code=exited, status=0/SUCCESS)
Main PID: 16174 (code=exited, status=1/FAILURE)
Oct 18 16:11:28 rpi systemd[1]: tailscaled.service: Service RestartSec=100ms expired, scheduling restart.
Oct 18 16:11:28 rpi systemd[1]: tailscaled.service: Scheduled restart job, restart counter is at 5.
Oct 18 16:11:28 rpi systemd[1]: Stopped Tailscale node agent.
Oct 18 16:11:28 rpi systemd[1]: tailscaled.service: Start request repeated too quickly.
Oct 18 16:11:28 rpi systemd[1]: tailscaled.service: Failed with result 'exit-code'.
Oct 18 16:11:28 rpi systemd[1]: Failed to start Tailscale node agent.
Resolving the error
I was done working for the day and went back to it the next weekend and ran it again. It just worked, so maybe it will "just work" for you, too, or wait some timeout period and try again if you hit this error.
My resources and testing out the config
I followed steps here: https://luther.io/tailscale/raspberry-pi/pi-hole/tailscale-pi-hole/
Don't forget to scroll down and click "save" on the pihole dns settings, or you'll get dns errors when visiting virtually anything.
After turning on tailscale to set my pihole as the DNS server I tested this out by taking my phone off of the local wifi, making sure tailscale was enabled, and visited cnn.com. No ads.
Further
I set pihole to autoupdate using cron:
crontab -e
Then, using the editor of choice (for me, vim) I added this line to the bottom:
0 4 * * * pihole -up
Thanks
I hope you enjoyed this post. If you have any questions, feel free to message me on twitter at @fiasco_averted
