Pi-Hole-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-Wireguard-VPN-Configs
Pi-Hole-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-Wireguard-VPN-Configs copied to clipboard
rajannpatel
Are there any plans to make this work with AWS free tier?
Since the Google Cloud free tier only allows US servers, it can potentially slow things down for other users. As far as I know, the AWS free tier is available in every region. Is there anything preventing this from working with AWS?
There's no technological limit that can prevent it from running on AWS, But if I remember correctly you get 750 monthly hours of EC2 only for 12 months per account. With Google, you get a free tier machine without any time limit so it would be a better solution.
The script will work on AWS, and other cloud service providers. If you run through it and find a specific issue, I'm happy to provide support. As mentioned above, be aware that the free tier is not forever. Oracle provides an always-free tier account, which is great for Full Tunnel configurations. Oracle decides your Home Region automatically, from this list: https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm There are some additional hurdles with Oracle, their virtual machines have iptables (firewall) turned on by default, and this can be confusing for users who expect it to be off by default.
@rajannpatel hey thanks, I disabled the iptables on my Oracle vm and now my wireguard connections works. The only problem now is that I can't access the pi-hole web interface
@rajannpatel hey thanks, I disabled the iptables on my Oracle vm and now my wireguard connections works. The only problem now is that I can't access the pi-hole web interface
When the Wireguard connection is active, what is the output of sudo wg show on the server?
What is the contents of your Wireguard client configuration file?
You can redact your public IP address and mangle your keys on the printouts.
@rajannpatel hey thanks, I disabled the iptables on my Oracle vm and now my wireguard connections works. The only problem now is that I can't access the pi-hole web interface
When the Wireguard connection is active, what is the output of
sudo wg showon the server? What is the contents of your Wireguard client configuration file?You can redact your public IP address and mangle your keys on the printouts.
Using one client on my phone, and another one on my PC:
Sorry for bothering you
The script will work on AWS, and other cloud service providers. If you run through it and find a specific issue, I'm happy to provide support. As mentioned above, be aware that the free tier is not forever. Oracle provides an always-free tier account, which is great for Full Tunnel configurations. Oracle decides your Home Region automatically, from this list: https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm There are some additional hurdles with Oracle, their virtual machines have iptables (firewall) turned on by default, and this can be confusing for users who expect it to be off by default.
About Oracle's Always Free Tier, it's well worth noting that you get 10 TB of egress for completely free, in comparison to GCP only giving us 1 GB for free. That's a game changer as most of us will not even use most of that even if we go full tunnel! Also you get 1 GB of RAM instead of 640 MB, and 100 GB of storage... and all of that is per machine (which we're allowed to have 2 of!) In other words, an Oracle specific guide might be nice and handy; especially if you can add Shadowsocks into the mix for those intrusive/restrictive public hotspots! 😉
The only caveat on Oracle Free Tier is you have to manually disable (i prefer to uninstall) iptables. There should be guides that help you spin up an Ubuntu 20.04 instance on Oracle Free Tier, and expose a port in the firewall. I'll try to make some time to draft a guide, but it may not be in the near future.
The only caveat on Oracle Free Tier is you have to manually disable (i prefer to uninstall) iptables. There should be guides that help you spin up an Ubuntu 20.04 instance on Oracle Free Tier, and expose a port in the firewall. I'll try to make some time to draft a guide, but it may not be in the near future.
I might try to make a guide myself then. I have had a little bit of experience with GCP from working on other personal projects, so I think I might be able to piece something together. The issue is, I don't even have enough money in my PayPal account to cover the "payment verification" charge. At least with GCP they don't try to immediately charge your account with direct deposit setup, but actually they pay you a tiny amount. So that's something to note for a positive on GCP, if you're completely broke you can still sign up for the GCP always free tier... this is not so with Oracle Cloud.
Edit: If anyone wants to help me with the guide or the fee, feel free to message me.
The only caveat on Oracle Free Tier is you have to manually disable (i prefer to uninstall) iptables. There should be guides that help you spin up an Ubuntu 20.04 instance on Oracle Free Tier, and expose a port in the firewall. I'll try to make some time to draft a guide, but it may not be in the near future.
I might try to make a guide myself then. I have had a little bit of experience with GCP from working on other personal projects, so I think I might be able to piece something together. The issue is, I don't even have enough money in my PayPal account to cover the "payment verification" charge. At least with GCP they don't try to immediately charge your account with direct deposit setup, but actually they pay you a tiny amount. So that's something to note for a positive on GCP, if you're completely broke you can still sign up for the GCP always free tier... this is not so with Oracle Cloud.
Edit: If anyone wants to help me with the guide or the fee, feel free to message me.
Wish I could help - would be exciting to see an Oracle guide so that we could use full tunnel. Unless I’m missing something, seems like Oracle is a no brainer.... Not sure what fee you’re talking about, there is no fee. They are just asking for payment verification in case you upgrade
The only caveat on Oracle Free Tier is you have to manually disable (i prefer to uninstall) iptables. There should be guides that help you spin up an Ubuntu 20.04 instance on Oracle Free Tier, and expose a port in the firewall. I'll try to make some time to draft a guide, but it may not be in the near future.
I might try to make a guide myself then. I have had a little bit of experience with GCP from working on other personal projects, so I think I might be able to piece something together. The issue is, I don't even have enough money in my PayPal account to cover the "payment verification" charge. At least with GCP they don't try to immediately charge your account with direct deposit setup, but actually they pay you a tiny amount. So that's something to note for a positive on GCP, if you're completely broke you can still sign up for the GCP always free tier... this is not so with Oracle Cloud. Edit: If anyone wants to help me with the guide or the fee, feel free to message me.
Wish I could help - would be exciting to see an Oracle guide so that we could use full tunnel. Unless I’m missing something, seems like Oracle is a no brainer.... Not sure what fee you’re talking about, there is no fee. They are just asking for payment verification in case you upgrade
Sure, you can maybe help out. About the fee, it's a temporary hold charge. If you don't have money in your account, payment verification would fail... which means you can't sign up. I did some signups for pay on Reddit r/signupsforpay and got that taken care of. After you sign up for Oracle Cloud Platform, you get a free trial credit. After the trial is over you still keep access to your always free resources, unlike Google Cloud Platform which forces you to upgrade to a pay as you go plan. This IMHO is better, as you don't have to upgrade your Oracle account to continue to use the freebies.
With that said, I'm available today to try to work on a guide. I also plan on implementing shadowsocks so we can maybe have a better chance of the VPN working on public hotspots that use DPI firewalls and captive portals that basically MITM it's users (to force data collection, sign in, restrictions, ect.) this way we can take back a little bit of privacy and security.
The script will work on AWS, and other cloud service providers. If you run through it and find a specific issue, I'm happy to provide support. As mentioned above, be aware that the free tier is not forever. Oracle provides an always-free tier account, which is great for Full Tunnel configurations. Oracle decides your Home Region automatically, from this list: https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm There are some additional hurdles with Oracle, their virtual machines have iptables (firewall) turned on by default, and this can be confusing for users who expect it to be off by default.
Would the script run "as is" without modification?
With that said, I'm available today to try to work on a guide. I also plan on implementing shadowsocks so we can maybe have a better chance of the VPN working on public hotspots that use DPI firewalls and captive portals that basically MITM it's users (to force data collection, sign in, restrictions, ect.) this way we can take back a little bit of privacy and security.
When this is all said and done, do you expect to use this for full VPN, whether you're watching netflix or just browsing? Will this also mask our IP address? For example if at home, my WAN IP address will look not be from my own router? I'm just going to cancel my google cloud account.
With that said, I'm available today to try to work on a guide. I also plan on implementing shadowsocks so we can maybe have a better chance of the VPN working on public hotspots that use DPI firewalls and captive portals that basically MITM it's users (to force data collection, sign in, restrictions, ect.) this way we can take back a little bit of privacy and security.
When this is all said and done, do you expect to use this for full VPN, whether you're watching netflix or just browsing? Will this also mask our IP address? For example if at home, my WAN IP address will look not be from my own router? I'm just going to cancel my google cloud account.
I expect to use this as my full VPN on pretty much every device I own. I would like to have it setup as both full and split tunnel, but with shadowsocks I'll proabably just have to use it as full tunnel. The positive of Split Tunnel is that you can use resources on your local network (for example I have a private Nextcloud instance), however you give up full encryption (only your DNS queries are encrypted then).
I expect to use this as my full VPN on pretty much every device I own. I would like to have it setup as both full and split tunnel, but with shadowsocks I'll proabably just have to use it as full tunnel. The positive of Split Tunnel is that you can use resources on your local network (for example I have a private Nextcloud instance), however you give up full encryption (only your DNS queries are encrypted then).
So if you're on the VPN and on your LAN, you'll need to access Nextcloud as if you're are on a public network?
I expect to use this as my full VPN on pretty much every device I own. I would like to have it setup as both full and split tunnel, but with shadowsocks I'll proabably just have to use it as full tunnel. The positive of Split Tunnel is that you can use resources on your local network (for example I have a private Nextcloud instance), however you give up full encryption (only your DNS queries are encrypted then).
So if you're on the VPN and on your LAN, you'll need to access Nextcloud as if you're are on a public network?
Basically here's how it works from what I understand (somebody correct me if I'm wrong).
If you are on your home network, but full tunnel... you can't use your local network resources. If you are on your home network, but split tunnel... you can use your local network resources.
If you are on a public network, but full tunnel... you can't use your local network resources. If you are on a public network, but split tunnel... you might be able to use your local network resources if they're connected to the same VPN.
Basically here's how it works from what I understand (somebody correct me if I'm wrong).
If you are on your home network, but full tunnel... you can't use your local network resources. If you are on your home network, but split tunnel... you can use your local network resources.
If you are on a public network, but full tunnel... you can't use your local network resources. If you are on a public network, but split tunnel... you might be able to use your local network resources if they're connected to the same VPN.
Gotcha that makes sense, thank you. I suppose once you have this guide created, and since there are 2 free oracle instances, perhaps we could have 1 instance running split and 1 running full. Then we could switch from one to the other depending on what we're doing....
The Wireguard VPN does not provide network isolation the way a firewall would. It's just a new network adapter with its own set of rules. You could configure the outbound rules to capture all outbound traffic, and send outbound traffic over that adapter. Or you can be a little more specific, and only allow outbound traffic for certain IP subnets.
Basically here's how it works from what I understand (somebody correct me if I'm wrong). If you are on your home network, but full tunnel... you can't use your local network resources. If you are on your home network, but split tunnel... you can use your local network resources. If you are on a public network, but full tunnel... you can't use your local network resources. If you are on a public network, but split tunnel... you might be able to use your local network resources if they're connected to the same VPN.
Gotcha that makes sense, thank you. I suppose once you have this guide created, and since there are 2 free oracle instances, perhaps we could have 1 instance running split and 1 running full. Then we could switch from one to the other depending on what we're doing....
You can run both on the same VPN server, you just have separate profiles. But I don't know if it would still work the same with shadowsocks. Perhaps it's only full tunnel then, since shadowsocks encrypts the traffic (not just DNS queries).
My other server is being used to host my own website and email. https://randomfandom.cf
@rajannpatel hey thanks, I disabled the iptables on my Oracle vm and now my wireguard connections works. The only problem now is that I can't access the pi-hole web interface
Alright, so I'm having a similar issue.
I cannot access the PiHole panel, and my DNS is failing on dnsleaktest.com (it's not showing Cloudflare, but only my shit ISP's DNS).
The script will work on AWS, and other cloud service providers. If you run through it and find a specific issue, I'm happy to provide support. As mentioned above, be aware that the free tier is not forever. Oracle provides an always-free tier account, which is great for Full Tunnel configurations. Oracle decides your Home Region automatically, from this list: https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm There are some additional hurdles with Oracle, their virtual machines have iptables (firewall) turned on by default, and this can be confusing for users who expect it to be off by default.
The script did not work for me on Oracle Cloud it seems...
- DNS is leaking (instead of Cloudflare, I have my shitty ISP's DNS)
- Can't access the admin panel.
- On iOS, Wireguard said the QR wasn't valid for one of my profiles. I created another profile in an attempt to try and see if I could fix the first two issues.
have you opened the appropriate ports in Oracle's firewall to allow the Wireguard traffic through?
have you opened the appropriate ports in Oracle's firewall to allow the Wireguard traffic through?
I opened 51515.
Ports 80, 443, 53 were already open (as I setup a webserver on the other free VM).
I also disabled iptables.
@Fanboy-Studios @rajannpatel Will you kindly share the guide to set it up on Oracle Free Cloud when you are successful.
Many thanks
@Fanboy-Studios @rajannpatel Will you kindly share the guide to set it up on Oracle Free Cloud when you are successful.
Many thanks
I got it mostly working recently, now I'm just working on trying to get it implemented in my router running OpenWrt. After I get it all working, I'll work on the guide.
The guide will be here: https://github.com/FanboyStudios/PiHole-Wireguard-VPN_on_Oracle-Cloud-Platform-Free-Tier Right now it's far from complete, but hopefully I can work out the kinks with OpenWrt soon.
Created setup and documents for using Oracle cloud always free tier. Hope it will be helpful.
https://github.com/anbuchelva/Pi-hole-and-Wireguard-on-Oracle-Cloud-always-free-tier
