Pi-Hole Discussion Thread

[Jurong640]

Depends on how you routed your tailscale network. If your pihole device is set to route the local subnet then you can probably access your other devices, including your tplink router, through the same entrypoint. Also the same case if you set your pihole device as the exit node.

Word of caution - pfsense, openwrt software and the other routers mentioned by xiaofan and others are a deep rabbit hole! Gauge how much you can disturb your home network and other users of your network before you start causing trouble

haha thanks. I think i won't go into pfsence or openwrt anytime soon, or getting a openwrt router. Although i did researched a little.

Currently, relying on my TP BE805 provided by M1 is really more than good.

I took quite a number of time to read and finally attempted to try setting up my own pi-hole. Before setting up, everything looks and sounds so technical and hard. Moreover, i'm setting up using OrangePI SBC which is not so well documented. Well, i'm glad i set up up successfully, flashing pihole and setting up.

well, no venture no gain/no lost.

haha

 

[xiaofan]

haha thanks. I think i won't go into pfsence or openwrt anytime soon, or getting a openwrt router. Although i did researched a little.

Currently, relying on my TP BE805 provided by M1 is really more than good.

I took quite a number of time to read and finally attempted to try setting up my own pi-hole. Before setting up, everything looks and sounds so technical and hard. Moreover, i'm setting up using OrangePI SBC which is not so well documented. Well, i'm glad i set up up successfully, flashing pihole and setting up.

haha

My journey to OpenWRT and pfSense started kind of with Pi-hole.

 

[Jurong640]

My journey to OpenWRT and pfSense started kind of with Pi-hole.

oh oh ! oh no.

My pi hole journey started when I got to learn about orangepi boards, flashing OS to mine some cryptos on sideline.

 

[xiaofan]

oh oh ! oh no.

My pi hole journey started when I got to learn about orangepi boards, flashing OS to mine some cryptos on sideline.

I started my home networking journey after upgrading from SingTel 500Mbps plan to 1Gbps plan in Sept 2018, wasting money on two TP-Link range extenders, four D-Link power line adapters and four TP-Link Deco M4 mesh units in 2018/2019/2020, before getting the right router Asus RT-AX82U in Nov 2020 (Taobao 11.11 offer).

During the same time (2018 to 2020) I was also into Android TV boxes, Orange Pi boards and Raspberry Pi boards, to play with Android and Linux on ARM. Most of them are collecting dust now.

Then I was also learning to set up Pi-hole on the free Google Cloud thanks to the following thread in Oct 2020.

Thread 'Forever free pihole blocking on google cloud compute' https://forums.hardwarezone.com.sg/...ole-blocking-on-google-cloud-compute.6375286/

After getting the cloud based Pi-hole working with the Asus RT-AX82U, I also got interested in OpenWRT/pfSense so bought an Intel J4105 mini PC with quad Intel I211 gigabit Ethernet ports in Dec 2020. Then I learned to split the home network into two and use two Pi-hole containers for both the Asus and OpenWRT.

So my real journey with home networking is kind of related to Pi-hole, Asus and OpenWRT/pfSense, starting from Oct 2020. I am still using OpenWRT with Asus and TP-Link consumer wireless routers for my home network now. Not really professional stuff.

More professional users will use (small/medium) Enterprise grade router, switch and APs, like pfSense Firewall, Ubiquiti Gatewatws/Switches/APs and MikroTik stuff, or even higher tier ones (gears for large enterprise). That will be the real rabbit hole...

 

[Jurong640]

I started my home networking journey after upgrading from SingTel 500Mbps plan to 1Gbps plan in Sept 2018, wasting money on two TP-Link range extenders, four D-Link power line adapters and four TP-Link Deco M4 mesh units in 2018/2019/2020, before getting the right router Asus RT-AX82U in Nov 2020 (Taobao 11.11 offer).

During the same time (2018 to 2020) I was also into Android TV boxes, Orange Pi boards and Raspberry Pi boards, to play with Android and Linux on ARM. Most of them are collecting dust now.

Then I was also learning to set up Pi-hole on the free Google Cloud thanks to the following thread in Oct 2020.

Thread 'Forever free pihole blocking on google cloud compute' https://forums.hardwarezone.com.sg/...ole-blocking-on-google-cloud-compute.6375286/

After getting the cloud based Pi-hole working with the Asus RT-AX82U, I also got interested in OpenWRT/pfSense so bought an Intel J4105 mini PC with quad Intel I211 gigabit Ethernet ports in Dec 2020. Then I learned to split the home network into two and use two Pi-hole containers for both the Asus and OpenWRT.

So my real journey with home networking is kind of related to Pi-hole, Asus and OpenWRT/pfSense, starting from Oct 2020. I am still using OpenWRT with Asus and TP-Link consumer wireless routers for my home network now. Not really professional stuff.

More professional users will use (small/medium) Enterprise grade router, switch and APs, like pfSense Firewall, Ubiquiti Gatewatws/Switches/APs and MikroTik stuff, or even higher tier ones (gears for large enterprise). That will be the real rabbit hole...

interesting. Once you get into this, more things to come. I was thinking probably, my next project is setting up my own NAS. So I don't need to get those cloud storage, host my own cloud storage.

Pi hole is the beginning of more things to come. oh no pi hole, rabbit hole

 

[xiaofan]

interesting. Once you get into this, more things to come. I was thinking probably, my next project is setting up my own NAS. So I don't need to get those cloud storage, host my own cloud storage.

Pi hole is the beginning of more things to come. oh no pi hole, rabbit hole

Haha, I was looking at a NAS vs Cloud Storage as well when Google stopped offering unlimited storage for Google Photos. I the end I decided to go with Google One. Now I am paying Google S$80 annually for 2 x 200GB Google One subscription.

Discussion --> Google Photos file syncing and alternatives
https://forums.hardwarezone.com.sg/threads/google-photos-file-syncing-and-alternatives.6438315

Some rabit holes: you can follow brother @TanKianW's more advanced threads to take a look.

• More advanced home networking setup (more enterprise grade gears)
• Home Automation
• More advanced NAS --> From Synology to TrueNAS, etc
• AI with local setup

Luckily I am not into any of the above...

 

[ShrmnK]

interesting. Once you get into this, more things to come. I was thinking probably, my next project is setting up my own NAS. So I don't need to get those cloud storage, host my own cloud storage.

Pi hole is the beginning of more things to come. oh no pi hole, rabbit hole

Consider Unraid if you're building your own NAS! I repurposed my old ATX gaming desktop and it's been a reliable workhorse since Covid! I have drives having >5 years of runtime on my array and it's chugging along fine; total additional cost was low for me as I had many spare drives lying around (only 2 new ones were shucked from WD USB drives bought during BFCM sales on Amazon) and the desktop itself was already powerful enough (16GB ram, 8C 16T processor).

Welcome to the rabbit hole

 

[TanKianW]

Consider Unraid if you're building your own NAS! I repurposed my old ATX gaming desktop and it's been a reliable workhorse since Covid! I have drives having >5 years of runtime on my array and it's chugging along fine; total additional cost was low for me as I had many spare drives lying around (only 2 new ones were shucked from WD USB drives bought during BFCM sales on Amazon) and the desktop itself was already powerful enough (16GB ram, 8C 16T processor).

Welcome to the rabbit hole

A gaming desktop with a GPU makes a perfect (except for power consumption) PLEX media server with HW transcoding. Use case could be converting 4k source video to 720p on the fly to stream to mobile devices on-the-go or remotely, which could potentially replace all streaming services...Nice.​

Or run an LLM with small parameters for local AI assistant......even nicer.

 

[TanKianW]

interesting. Once you get into this, more things to come. I was thinking probably, my next project is setting up my own NAS. So I don't need to get those cloud storage, host my own cloud storage.

Pi hole is the beginning of more things to come. oh no pi hole, rabbit hole

All my rabbit hole threads. From enterprise to home to on-the-move. If you have time, feel free to check it out.

https://forums.hardwarezone.com.sg/...projects-include-10g-network-upgrade.6341518/
https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/
https://forums.hardwarezone.com.sg/...nas-core-truenas-scale-for-new-users.6480129/
https://forums.hardwarezone.com.sg/...wrt-on-gl-inet-routers-for-new-users.6592979/
https://forums.hardwarezone.com.sg/threads/starting-home-assistant-ha-for-new-users.6751695/

 

[ShrmnK]

A gaming desktop with a GPU makes a perfect (except for power consumption) PLEX media server with HW transcoding. Use case could be converting 4k source video to 720p on the fly to stream to mobile devices on-the-go or remotely, which could potentially replace all streaming services...Nice.​

Or run an LLM with small parameters for local AI assistant......even nicer.

I used to use modified unraid builds to have Nvidia passthru for Plex docker, back before it was simply a plugin to install.
Then my GPU died and I realised actually 8C 16T CPU can transcode just as well for my mostly single-user needs!
Plays without stutter over tailscale (MR -> SH) on Sony android TV as well.
My gpu needs (video editing) are fulfilled by a baseline M4 Mac mini now! Gaming (mostly PvE or single player like darktide) I use GeForce Now

 

[Jurong640]

All my rabbit hole threads. From enterprise to home to on-the-move. If you have time, feel free to check it out.

https://forums.hardwarezone.com.sg/...projects-include-10g-network-upgrade.6341518/
https://forums.hardwarezone.com.sg/threads/starting-pfsense-for-new-users.6390714/
https://forums.hardwarezone.com.sg/...nas-core-truenas-scale-for-new-users.6480129/
https://forums.hardwarezone.com.sg/...wrt-on-gl-inet-routers-for-new-users.6592979/
https://forums.hardwarezone.com.sg/threads/starting-home-assistant-ha-for-new-users.6751695/

wow. That's very information and thanks for the links. I'll go find my own rabbit holes or maybe rat holes.

 

[Jurong640]

Question to pihole users and to those who are using tailscale or wireguard VPN to route DNS queries back home when outside.

If connecting to public wifi (i.e Wireless@SGx or malls wifi), is Pihole via tailscale/wireguard VPN good enough sufficient for to prevent snooping and security ?

 

[ShrmnK]

Question to pihole users and to those who are using tailscale or wireguard VPN to route DNS queries back home when outside.

If connecting to public wifi (i.e Wireless@SGx or malls wifi), is Pihole via tailscale/wireguard VPN good enough sufficient for to prevent snooping and security ?

Yes.
To the wifi provider you are just sending UDP packets to an IP address. The contents of the packets are encrypted (WireGuard protocol).
more: https://www.wireguard.com/protocol/

 

[Jurong640]

Yes.
To the wifi provider you are just sending UDP packets to an IP address. The contents of the packets are encrypted (WireGuard protocol).
more: https://www.wireguard.com/protocol/

Thanks @ShrmnK . It should be the same for tailscale VPN right. I'm using tailscale for my devices.


did a check answers from deepseek

• WireGuard Encryption: Tailscale uses the WireGuard protocol, which encrypts all traffic (including DNS) with ChaCha20 and Curve25519—modern, quantum-resistant algorithms.
• Zero Trust Model: Devices authenticate via mutual TLS (mTLS), ensuring only authorized devices join your network.
• No Open Ports: Tailscale bypasses NAT/firewalls using UDP hole punching, eliminating exposure to port-scanning attacks.

 

[ShrmnK]

Yes Tailscale uses WireGuard protocol.

except during the initial taildrop connection afaik, but that doesn't contain your tunneled traffic, more like a way for your device to ask the tailscale servers on what devices are available on your tailnet and which ones are available as exit nodes etc

 

[Jurong640]

Yes Tailscale uses WireGuard protocol.

except during the initial taildrop connection afaik, but that doesn't contain your tunneled traffic, more like a way for your device to ask the tailscale servers on what devices are available on your tailnet and which ones are available as exit nodes etc

I see thank you. Was reading through and did a research and asked deepseek and Google Gemini on more secure traffic. Understand that the traffic queries still routes back home, but ISPs and people will still see my IP address.

They advised probably get another secondary Pi hole, and set up VPN like surfshark. I wonder if this is possible or not, to make it more secure connection

 

[Jurong640]

Interesting, read up about tailscale exit node these few days, and tried out just now.

So when I am outside, connected to public wifi or my 5G/4G network, other than sending DNS queries back to my home Pi Hole, I am able to mask my "IP Address" when connected to public wifi and make it seemed I am browsing internet from my home network home IP.

I wonder what the use case for this is? Prevent eavesdropping? So "snoopers" on public wifi can't see what I am doing? It can become like a VPN, when I'm travelling, say china to bypass Great firewall?

 

[ShrmnK]

Interesting, read up about tailscale exit node these few days, and tried out just now.

So when I am outside, connected to public wifi or my 5G/4G network, other than sending DNS queries back to my home Pi Hole, I am able to mask my "IP Address" when connected to public wifi and make it seemed I am browsing internet from my home network home IP.

I wonder what the use case for this is? Prevent eavesdropping? So "snoopers" on public wifi can't see what I am doing? It can become like a VPN, when I'm travelling, say china to bypass Great firewall?

Yeah enabling exit node basically routes all traffic through your selected exit node, functioning like a full VPN.
GFW is pretty good at identifying suspicious traffic, and from the start UDP traffic is already throttled. Wrap your traffic in TCP if you can, as a start.
As long as you don't raise suspicions (multiple devices connecting to same IP, heavy bandwidth usage, etc.) you probably won't get flagged if you're reaching a residential IP. If you're cloud-hosting on major cloud providers (DO, GCP, AWS, etc) then quite likely get flagged easily as the Datacentre IPs are immediately suspicious to the GFW.

I have exit nodes on all the networks I manage network/pihole installations (for family), and they are all on different ISP so I have a few chances in case I get flagged.

But for my primary use case is to function as a full VPN for general travel use. DNS over VPN is fine if you're jus trying to ensure you don't get DNS poisoned, but your actual connection is still going through the public wifi you're on. If I'm on an unsecured wifi , I enable exit nodes for sure.

 

[Jurong640]

Yeah enabling exit node basically routes all traffic through your selected exit node, functioning like a full VPN.
GFW is pretty good at identifying suspicious traffic, and from the start UDP traffic is already throttled. Wrap your traffic in TCP if you can, as a start.
As long as you don't raise suspicions (multiple devices connecting to same IP, heavy bandwidth usage, etc.) you probably won't get flagged if you're reaching a residential IP. If you're cloud-hosting on major cloud providers (DO, GCP, AWS, etc) then quite likely get flagged easily as the Datacentre IPs are immediately suspicious to the GFW.

I have exit nodes on all the networks I manage network/pihole installations (for family), and they are all on different ISP so I have a few chances in case I get flagged.

But for my primary use case is to function as a full VPN for general travel use. DNS over VPN is fine if you're jus trying to ensure you don't get DNS poisoned, but your actual connection is still going through the public wifi you're on. If I'm on an unsecured wifi , I enable exit nodes for sure.

Thanks for your explanation. It's a great tool when I'm travelling or when I am out at cafe/malls connecting to public wifi.

I was wondering about those cloud providers too. Say if I get up one in UK, just to visit some geo-restriction app/sites.

Interesting to get this up and running for more secured experience when outside. Was thinking whether to set it up for my parents phones too when outside. Wire DNS queries back home to my Pi Hole, for safer surfing.

 

[ShrmnK]

I was wondering about those cloud providers too. Say if I get up one in UK, just to visit some geo-restriction app/sites.

that is exactly what commercial VPNs do/advertise as a common use case!

Interesting to get this up and running for more secured experience when outside. Was thinking whether to set it up for my parents phones too when outside. Wire DNS queries back home to my Pi Hole, for safer surfing.

Do they connect to public wifi a lot? Otherwise I recommend you save the hassle and their battery life and just ask them to keep to mobile data when out