FreeNAS: Pi-Hole & PiVPN in Ubuntu VM

On By In Netz, Server

If you use FreeNAS 11 as NAS or home server software, you can use pi-hole as well as pi-vpn to access your own network and reliably block advertising.

PiVPN (http://www.pivpn.io/) is an installation and administration script for OpenVPN. Originally intended for use on a Raspberry Pi, the installation also works without problems on an Ubuntu 17.04 running in a bhyve-VM. The procedure is the same as for the "handicraft computer": 

curl -L https://install.pivpn.io | bash

The installation script complains that the used Linux version might not be compatible and refuses the automatic configuration of some things, but in the end everything works fine. Important: for the VPN connection to work, the Ubuntu firewall "ufw" (uncomplicated firewall - a command line tool for easy configuration of iptables rules) must be installed and the corresponding port must be enabled.

OpenVPN: UDP or TCP?

OpenVPN connection iPhone7
OpenVPN connection iPhone7
During the installation PiVPN asks whether UDP or TCP should be used as protocol. TCP is a bit slower due to error correction, but has a decisive advantage: configured on port 443 (normally intended for HTTPS) it works in most environments, whereas UDP is blocked in many networks. I have therefore decided to use TCP.

Once PiVPN is completely set up so that Raspberry Pi functions as a VPN server (connection to the home network and the Internet), you can start installing and configuring Pi-Hole.

Pi-Hole: the black hole for advertising

Pi-Hole (https://pi-hole.net/) blocks access to hosts that are related to advertising or tracking on a DNS basis. Corresponding requests therefore do not leave the network at all, but are blocked by the DNS server.

The setup is also simple here, using 

curl -sSL https://install.pi-hole.net | bash

the installation is started, after that, under http://IP-Adresse-des-Servers/admin the Pi-Hole administration interface is available, the password from the installation is also required.

To use pi-hole, the pi-hole server must be entered as DNS for the clients on which advertising is to be blocked. As soon as this is done, all requests to tracking or advertising servers are prevented, even in applications outside the browser. For example, no advertising will be displayed in Skype anymore.

Pi-Hole works differently from classic ad blockers like uBlock, but can use the same filter lists. Unfortunately the format of the lists is different, so that a conversion has to take place: under https://wally3k.github.io/ you will find various AdBlocker filter lists that have already been converted to a format compatible with Pi-Hole.

Long-term experience: a good 7 - 10 percent of all requests blocked

Pi-Hole Admin Panel
Pi-Hole Admin Panel

If you use the setup with Pi-Hole for a while for normal surfing with multiple devices (in my case a PC, a Macbook as well as an iPhone runs on the Pi-Hole server), you get an idea in the statistics how many requests are used for advertising and tracking only: after a good week the rate has settled down at a good 7 - 10 percent.

There have been no side effects so far: once a request is blocked, which was useful, the domain can be whitelisted via the Pi-Hole-Interface. The base with a FreeNAS server (in my case a HP Microserver Gen8 with 16 GiB RAM and a Core i5 processor) also provides enough power to allow both an OpenVPN connection and filtering with 117,000 domains in the block list.

If you combine Pi-Hole with a classic adblocker (in my case uBlock), even the white areas of web pages disappear: Pi-Hole prevents the request, uBlock removes the placeholders.

Remember: Websites are financed by advertising

However, one should consider that many offers are financed by advertising and can only manage without a paywall in this way. Although advertising is often annoying, consistent blocking does not immediately lead to less advertising.

Update 03/16/2019: no improvement

There hasn't really been any improvement since the original setup, especially with Adblocker disabled in the browser, the number of blocked DNS requests is alarmingly high: more than 20% of DNS requests are from hosts that are included in the ad block lists.

Pihole statistics without Adblocker
Pihole statistics without Adblocker

The advantage of Pihole is still that you don't need a plugin in your browser and you can also use it on iPad and smartphone (and in apps, because at least for Safari there are iOS-Adblocker since iOS 9). Even better, of course, would be if these measures were not necessary in the first place - I personally don't mind getting the most appropriate ads, but the ads themselves should load quickly and not make up a felt part of the respective page.

Similar contributions

One comment

  1. Pingback: Fritz!OS 7.20 for Fritzbox 7590 - tech-blogger.net

Leave a Reply

Your email address will not be published. Required fields are marked *