I’m hoping to use this thread to assemble enough information that I can set up one of these and potentially write it up as a community tutorial.
Goal: Set up a VPN gateway that utilsies PiHole for ad/mal blocking and doesn’t leak DNS.
There are a few resources about this including a couple of threads on these very boards
https://dietpi.com/forum/t/solved-dietpi-as-vpn-gateway/1477/1
There’s also a variation to the ‘Superjamie’ version here (that referrences the thread above)
https://zone13.io/post/raspberry-pi-vpn-gateway-for-nordvpn/
But I find myself wondering how much of these I need to do as I have a NordVPN subscription (seeing as they have ‘native’ support in DP) and that tool allows for the autoconnection stuff to happen?
So, I’m looking for help to make this work as simply as possible and (hopefully) along the way develop something of use to the DP community. I’m sitting on a pretty borked installation right now, so I’m going to flash the sd card and try to start from scratch.
First dumb question. What is Wireguard and do I need it for this?
Hi,
let’s start with the last question you have raised
What is Wireguard and do I need it for this?
Wireguard is a new VPN technology that should be faster than all other VPN technologies. It’s an alternative VPN Server compare to OpenVPN. Both VPN server are totally different and you would need to select one technology.
Within DietPi, NordVPN is supported with OpenVPN naively. Ton setup, you can use DietPi scripts.
NordLynx (NordVPN implementation of Wireguard) is currently not implemented into DietPi. However you could install it manually, without using DietPi scripts. What is NordLynx? | NordVPN support
Bottom line, if you like to stick to DietPi scripting, you don’t need Wireguard.
Thanks Joulinar,
So it seems the NordLynx version of wireguard may be a good thing for keeping up the speed of my proposed vpn gateway/pihole box?
I’ defo want to stick with DP, I’ve been here since ~v86 or thereabouts and think it’s a brilliant platform, no hurry to leave at all!
Well for DNS (PiHole) it should not matter if you use OpenVPN or Wireguard. Or what is the purpose of using a VPN?
I want to make a vpn gateway so all the traffic out of the house goes over vpn, but when I use it on individual machines it bypasses the PiHole and so the ad blocking isn’t as good.
I want to achieve a single (vpn’d) route for all network traffic out of the house but mediated by pihole’s superior adblocking functionality.
Well these are 2 different thinks. DNS is one thing, VPN another.
First setup a VPN client on your DietPi system and get it connected to a VPN server. Once done, set your DietPi device as DNS server as well as Gateway on your local systems inside your network.
DietPi device as DNS server as well as Gateway on your local systems inside your network
Yes, this is what I’m trying to do (and catalogue how to do it for others who may not be advanced users.
The vpn part is easy (got to dietpi-software and install nordvpn), it’s the gateway stuff that’s much harder.
it’s the gateway stuff that’s much harder.
Not really it’s basically same as the following NordVPN not connected
Yes, it’s easy when you know how I guess. It’s just that I don’t
Thanks for the additional thread, there’s some useful bits in there too.
I suspect part of the issue I’m facing is that I can’t change the default gateway of my modem/router (as well as not being fully competent at network configs beyond assigning some ip addresses)
Don’t change the gateway on your internet router. It’s still providing the internet access. You would need to set the gateway on your client system like windows. 
Thanks, I finally worked that out myself. Seems a lot of the issue I (thought ) I was having was because I couldn’t get the gateway settings to stick on my linux laptop, seems it was easier (for once) on a windows box. Once I got that working things started to fall in to place (although im still not sure whether my DNS queries are being routed out over the VPN, and I’m not sure how to check!)
check on your DietPi device by doing at traceroute to Google dns or Quad9. This should show you the way how it’s going
traceroute 8.8.8.8
it might be needed to install traceroute before
apt install traceroute