Hosts: Block the bullshit web V2

Advertisements, tracking scripts and other countless lines of code downloaded on to your machine to spam and monitor you whenever you connect to the internet.

Host is a project to block advertisements, tracking scripts and other websites including pornographic content using this host file.

We will use Pi-Hole as our DNS resolver which will be tunnelled via OpenVPN. Both the applications will be hosted on Oracle Cloud.

Thanks to r/pihole community for their love and support.

Step-by-step guide

Caution: We will enable the root access for convenience, which is strongly discouraged. If you are familiar with SSH, then I recommend you to use that approach. Proceed with caution.

Instructions:

1. Only change configuration mentioned here, leave the rest as untouched/recommended/system default.

2. This guide is written from Windows OS perspective.

3. If you are a Linux user, you would be familiar with setting up a VM and accessing files.

4. If you are a Mac user, use FileZilla as an alternative for WinSCP.

1. Create an account with Oracle Cloud free tier: https://www.oracle.com/cloud/free

2. Setup a VM instance

   1. Switch the OS from Oracle Linux to Ubuntu

   2. Upload your own public key (this key can be generated via PuTTY)

   3. Note down Public IP and Private IP

3. Log in to Shell and switch to root: sudo su - root

4. Change root password: passwd root

[Note: The common practice is not to do this. Here the use case is security vs. convenience, where this approach is convenient but may be risky to permit remote access via root. This is used later in step 15]

5. Install and configure OpenVPN server using the following script: https://github.com/angristan/openvpn-install

6. Select Port: 1194

7. Create a default client after installation and download it [Step 25]

8. Install and configure Pi-Hole: https://github.com/pi-hole/pi-hole/#one-step-automated-install

9. Select interface: tun0

10. Change the Pi-Hole password: sudo pihole -a -p

11. Install nano text editor (or your favourite alternative): sudo apt install nano -y

12. Edit the SSH config file: sudo nano /etc/ssh/sshd_config

13. Change following entries

    1. PasswordAuthentication no > PasswordAuthentication yes

    2. PermitRootLogin prohibit-password > PermitRootLogin yes

[Note: As mentioned earlier, do this at your own risk - this method allows you to easily connect to VM and grab any file from anywhere but this may pose a security risk]

14. Restart sshd: sudo systemctl restart sshd

15. Login to WinSCP

    1. Host: <Public IP>

    2. Username: root

    3. Password: <root password set in step 4>

16. Navigate to: /etc/openvpn/server.conf

17. Change push "dhcp-option DNS <pihole private ip goes here>"

18. Search Internet on Oracle web GUI

19. Navigate to > Internet Gateway vcn-XXXXXXXX-XXXX 

20. Left column > Navigate to > Security Lists

21. Navigate to > Default Security List for vcn-XXXXXXXX-XXXX 

22. Add Ingress Rules

    1. Source CIDR: 0.0.0.0/0

    2. IP Protocol: UDP

    3. Destination Port Range: 1194 [Step 6]

23. Restart the VM from the Console

24. To add/revoke OpenVPN client certificates [Execute this via root, for which follow step 3]: ./openvpn-install.sh

25. After creating a new client certificate, to download the certificate

    1. scp ubuntu@<public IP>:/root/CLIENT.ovpn C:\Users\<username>\Desktop [If you encounter permission denied error then try second option]

    2. Login to WinSCP [Refer step 15] and navigate to /root and download the client certificates to local

26. Load the client certificate in OpenVPN app on your device, connect to the VPN and enjoy [OpenVPN client for your device: https://openvpn.net/vpn-client]

27. Access Pi-Hole web interface/dashboard

    1. Connect to OpenVPN [Client certificate as per step 24]

    2. Open your web browser and navigate to: https://<private ip>/admin/index.php [Password as per step 10]

28. Configure the OISD block list, which covers almost every sub-list known to humankind: https://oisd.nl/ [follow instructions on the website and pick on need basis]

29. Use following commands for periodic updates

    1. Ubuntu: apt update && apt upgrade && apt dist-upgrade

    2. OpenVPN: apt update && apt upgrade

    3. Pi-Hole: pihole -up

    4. Pi-Hole Gravity (adblock lists): pihole -g

    5. Restart after update: reboot

Performance stats

Credits

• Awesome folks at Pi-Hole and OpenVPN

• Angristan for the brilliant script

• Hosts file by OISD block list

• Huge shout-out to my dear friend, Karlis K 🇱🇻 for helping me through this