Install PiHole and OpenVPN on DigitalOcean Ubuntu 18.04

This tutorial will instruct you how to setup both Pi-Hole and OpenVPN on a Ubuntu 18.04 server hosted on DigitalOcean and connect your smartphone.

Set up a new machine (the small $5/month box with 1GB RAM is more than enough) with a blank Ubuntu 18.04 installation. Continue through the initial server setup tutorial, and either install your SSH keys (strongly recommended) or otherwise just use password authentication over SSH.

Don’t setup a firewall yet, we’ll do that later.

Install OpenVPN

cd ~

wget -O

chmod 755

sudo ./

A small script will start. Accept all the defaults, and give the system a name. The default is “client”, which I suggest you change to “pihole”.

Check IP Addresses for PiHole Setup

Enter the below command and make a note of the output. Check the IP address below (which should be and make a note of it for the next step.

ip addr show tun0
1: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
inet peer scope global tun0
valid_lft forever preferred_lft forever

Do the same with the next command and its output. This will be the “default gateway IP”.

ip route show | grep default
Output from ip r | grep default
default via dev eth0 onlink

Install PiHole

curl -sSL | bash

Go through the installation script. Select tun0 (NOT eth0) as the default interface when prompted. Use the default settings when not sure, and stop when you get to the “Static IP Address” screen, which asks you for your IP Address and Gateway.

Do not accept the default settings and instead enter the IP addresses you identified above, ending the first one with “/24”. For example, in this tutorial, I would enter:

Desired IP Address:

Default Gateway:

Accept the other default settings and continue.

Testing PiHole

Test the PiHole installation by entering the below two commands (in the DigitalOcean server, not your local machine):



You should see output indicating that “ has address” and “ has address” (or sometimes If this happens, PiHole is working correctly.

Configure OpenVPN to use PiHole

sudo nano /etc/openvpn/server.conf

Find any lines in this file which look like the below, and comment them out by starting the lines with a semicolon (if they aren’t commented already):

push "dhcp-option DNS"

Add the line:

push "dhcp-option DNS"

Then restart the server:

sudo systemctl restart openvpn@server

And check that it started correct – check for a status of active (running):

sudo systemctl status openvpn@server
‚óŹ openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/openvpn@.service; indirect; vendor preset: enabled)
Active: active (running) since Wed 2019-03-06 09:28:55 UTC; 1h 11min ago
Docs: man:openvpn(8)
Main PID: 11398 (openvpn)

Create a Client Config (.ovpn) File

sudo ./

Run the installation script again, which will detect that you already have OpenVPN installed, and ask what you want to do. You want to add a new user, so select that option and make up a name for the new machine (something like “jamesphone” should be fine).

Change Firewall Settings

sudo iptables -I INPUT -i tun0 -j ACCEPT

sudo iptables -A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT

sudo iptables -A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT

sudo iptables -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT

sudo iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT

sudo iptables -A INPUT -p tcp --destination-port 1194 -j ACCEPT

sudo iptables -A INPUT -p udp --destination-port 1194 -j ACCEPT

sudo iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -I INPUT -i lo -j ACCEPT

sudo iptables -A INPUT -p udp --dport 80 -j REJECT --reject-with icmp-port-unreachable

sudo iptables -A INPUT -p tcp --dport 443 -j REJECT --reject-with tcp-reset

sudo iptables -A INPUT -p udp --dport 443 -j REJECT --reject-with icmp-port-unreachable

sudo iptables -P INPUT DROP

Connect to VPN Using Your Phone

Move the .opvn file to your phone using an SFTP program, then install an OpenVPN app and import the settings.