How to easily use your Pi-Hole outside of your personal network

#1

You’ve your Pi-Hole installed on your personal network, but you want to use it outside of your home? If that’s the case stick with me and follow this tutorial that will explain to you how to integrate your Pi-Hole with Zerotier, an easy virtual network accessible from anywhere around the world where all traffic is encrypted end-to-end!

Advantages of using Zerotier instead of a traditional VPN

  • Zerotier works even on your personal network so you won’t have to change your DNS settings nor connect to your VPN every time you leave your house.
  • You can still use the existing Internet connection that you are using outside of your house instead of routing your current Internet connection trough your home network like you would with PiVPN and thus losing some bandwidth if your home connection is not powerful enough.
  • You don’t need to set up a dynamic DNS nor having a static IP nor configuring the port forwarding because Zerotier will do all the job for you to automatically setup the best configuration according to your network.
  • Zerotier works out of the box in every network environment (unless the administrator explicitly ban Zerotier servers), even on very restrictive network that allow only HTTP and HTTPS (proof here).

Requirement

  • An already installed Pi-Hole server

Tutorial

First part : Configure Pi-Hole on your Zerotier Network

  1. Create an account on the Zerotier website: https://my.zerotier.com/login
  2. After creating your account head over the network section: https://my.zerotier.com/network and then click on the Create Network blue button.
  3. A new network should come up:
  4. Click on the new network and then let the page opened you will need the network ID just after a couple of steps:
  5. You may want to change the name of the network and the IPv4 Auto-Assign to numbers that are easier to remember, for example: 192.168.192.*:
  6. Open an SSH connection to your Pi-Hole server and then install Zerotier using this command:
curl -s https://install.zerotier.com/ | sudo bash
  1. When you get this message: Success! You are ZeroTier address. You are ready to join your virtual network using this command:
sudo zerotier-cli join network_id

You need to replace network_id with the Network ID specified on the Zerotier Central page that you opened a minute ago.

  1. Then you should get a success message: 200 join OK, if that’s the case return on the Zerotier Central page.
  2. Scroll down until the One device has joined this network. message.
  3. You will now need to accept your Pi-Hole server to join the network by checking the box just below the Auth?:
  4. Then wait a bit until the red line switches to green and that you get a third IP in the Managed IPs column.
  5. Give a name to your Pi-Hole server in the short name field.
  6. Change the IP of your Pi-Hole server in the Managed IPs column to numbers that are easier to remember, for example mine is 192.168.192.1 because the network is set to 192.168.192.* inside the IPv4 Auto-Assign box. Don’t forget to delete the old managed IP.
  7. Open a page to your Pi-Hole DNS Settings: http://pi.hole/admin/settings.php?tab=dns
  8. Check the Listen on all interfaces box to allow the devices from your Zerotier Network to use your Pi-Hole and then save:
  9. That’s it you now have configured your Pi-Hole server with Zerotier!

Second part: Configure your device(s) to use your Pi-Hole trough your Zerotier Network

Windows (7, 8, 8.1 and 10)

Setup Zerotier

  1. Install the Zerotier application: https://download.zerotier.com/dist/ZeroTier%20One.msi (don’t uncheck the Start Zerotier at end the of the installation).
  2. A Zerotier One window will come up, you have to login with your account.
  3. You will then be greeted to join a network you just have to join your network:
  4. Click on done and then accept the new blue network window on the right if you are on Windows 8/8.1/10.

Change the DNS servers

I won’t explain to you in details how to change your DNS servers because there are already loads of tutorials on the Internet to guide you but here is a good tutorial to help you: https://www.lifewire.com/how-to-change-dns-servers-in-windows-2626242

At the configuration of the IP of the DNS server, 11th step if you followed the tutorial that I linked, you have to enter the managed IP (Zerotier) of your Pi-Hole server (available on the Zerotier Central page).
If you have followed the first part to the letter please make sure to enter 192.168.192.1 and having a similar result as mine:

Android

Setup Zerotier

  1. Install the Zerotier One app from the Google Play Store: https://play.google.com/store/apps/details?id=com.zerotier.one
  2. Run it and then tap on the + button right top side of the app:
  3. Enter your Network ID and then tap the Add Network button.
  4. Return on the Zerotier Central page.
  5. You will see a new device that has a red vertical line, you just have to do the same thing as the first part click on the box in the column Auth? to allow the device to join the network.
  6. Now you are ready to initiate the connection on the Zerotier One app on your Android device by activating the slider inside the network box:

Change the DNS servers

Like the Windows section, I won’t explain to you in details how to change the DNS servers on your Android device because there are loads of tutorials on the Internet and it even depends on the model of the Android Device.
But here is a list of tutorials:

At the configuration of the IP of the DNS server enter the managed IP (Zerotier) of your Pi-Hole server, if you have followed the first part to the letter please make sure to enter 192.168.192.1. You should have a similar result as this screenshot:
20190401_191613

Linux (Ubuntu, Linux Mint, Fedora and more)

Setup Zerotier

The installation of Zerotier on Linux is very similar to the first part. You just have to follow from the 6th step to the 10th step.

Note to ArchLinux users. There is an official package for Zerotier: https://www.archlinux.org/packages/community/x86_64/zerotier-one/

Change the DNS servers

Configuring the DNS servers on Linux highly depend on the graphical interface, but here are anyway some tutorials for the popular Linux distributions:

At the configuration of the IP of the DNS server enter the managed IP (Zerotier) of your Pi-Hole server, if you have followed the first part to the letter please make sure to enter 192.168.192.1.

MacOS

Setup Zerotier

I don’t personally own an Apple device but it’s possible to install Zerotier on your Mac by installing the .pkg available on the Zerotier’s download page: https://www.zerotier.com/download.shtml (Apple Macintosh).
If you need some help here is a good tutorial that I found on the Internet: https://www.stratospherix.com/support/setupvpn_02a.php

Change the DNS servers

Here is a tutorial to help you change the DNS servers on your Mac: https://serverguy.com/kb/change-dns-server-settings-mac-os/

At the configuration of the IP of the DNS server enter the managed IP (Zerotier) of your Pi-Hole server, if you have followed the first part to the letter please make sure to enter 192.168.192.1.

iOS (iPhone / iPad / iPod Touch)

Setup Zerotier

You can install Zerotier on your iOS device by installing the official app from the App Store: https://itunes.apple.com/us/app/zerotier-one/id1084101492?mt=8
If you need some help here is a good tutorial that I found on the Internet: https://www.stratospherix.com/support/setupvpn_03.php

Change the DNS servers

Here is a tutorial to help you change the DNS servers on your iOS based device: https://appleinsider.com/articles/18/04/22/how-to-change-the-dns-server-used-by-your-iphone-and-ipad

At the configuration of the IP of the DNS server enter the managed IP (Zerotier) of your Pi-Hole server, if you have followed the first part to the letter please make sure to enter 192.168.192.1.


I hope you liked my tutorial, please don’t forget to up vote the post on Reddit & like this post on the forum and leave a feedback in the comments!

6 Likes

#2

Thanks for the guide @unixfox, and welcome to the community!

1 Like

#3

Thanks for the how-to, didn’t know Zerotier before.

I use OpenVPN on the Raspi by only routing DNS to use Pi-hole on my iPhone. This also works over my company’s WiFi as the OpenVPN server listens on TCP/443 - mostly open. Unfortunately Zerotier isn’t usable in companies as you need access to UDP/9993 - mostly closed.

2 Likes

#4

So they close 9993 outbound as well? That’s strange since most of the company networks I’ve seen have unrestricted outbound while inbound is usually closed.

0 Likes

#5

Thank you for your feedback!

Actually according to the README of the project Zerotier is capable to automatically switch to the 443 port to avoid restriction.

It will be slower than a direct route to your server because the encrypted packets will go through the root servers but it should be perfectly fine for DNS requests.
I’ll try to replicate this type of environment tonight on my VM to see if it’s viable.

1 Like

#6

I think every properly and seriously configured company network only allows outgoing web-connections (80/443, maybe 8080/8443 too), all other ports are blocked.

0 Likes

#7

I’m getting back to you with my tests to checkout if Zerotier works in a similar network as your company and the result is yes it works but a bit slower than a direct route (it was expected).

Here are my firewall rules on the local network:


If I ping a device (hosted in Europe) inside my virtual network I get a ping of around 210ms, probably because the Zerotier root servers are located in the USA and I’m in Europe so depending on your location you will probably have a lower ping than mine:

user@ubuntu:~$ ping 192.168.192.1
PING 192.168.192.1 (192.168.192.1) 56(84) bytes of data.
64 bytes from 192.168.192.1: icmp_seq=1 ttl=64 time=209 ms
64 bytes from 192.168.192.1: icmp_seq=2 ttl=64 time=210 ms
64 bytes from 192.168.192.1: icmp_seq=3 ttl=64 time=210 ms
64 bytes from 192.168.192.1: icmp_seq=4 ttl=64 time=210 ms
64 bytes from 192.168.192.1: icmp_seq=5 ttl=64 time=209 ms
--- 192.168.192.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 209.236/209.896/210.163/0.457 ms

So for the DNS requests I get around 0.5s of response time:

user@ubuntu:~$ time nslookup google.com 192.168.192.10
Server:		192.168.192.10
Address:	192.168.192.10#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.168.206
Name:	google.com
Address: 2a00:1450:400e:80c::200e

real	0m0.487s
user	0m0.015s
sys	0m0.014s

Which is not bad compared to without the firewall restriction:

user@ubuntu:~$ time nslookup google.com 192.168.192.10
Server:		192.168.192.10
Address:	192.168.192.10#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.168.206
Name:	google.com
Address: 2a00:1450:400e:80c::200e


real	0m0.100s
user	0m0.019s
sys	0m0.009s

So in conclusion, there is around 400ms of additional latency (in Europe) when running Zerotier behind a very restrictive firewall but Zerotier can really work in every network.

0 Likes

#8

Maybe I’m wrong, but I think the above configuration doesn’t work while on a cellular connection. On mobile devices you can change the DNS server for a WiFi connection, but not for a cellular connection.

While joining a ZeroTier network there is also an option “Use custom DNS Servers” in the client. What if we enter the Pi-hole IP address there?

0 Likes