Hi, I am looking for advise on using my new Pi-Hole Setup on my phone efficiently.
First, my network:
- Google Fiber Network Box (main router and DHCP, not WiFi)
- Multiple ASUS Routers (in AP-Mode linked with AI-MESH)
- FingBox (just one of a ton of devices on my network, but it says to turn off IPv6)
- Raspberry Pi (raspbian stretch lite, pi-hole, openvpn, script for case button/fan)
Second, my config:
- PiHole is running on 192.168.1.6 static IP.
- Google box (DHCP server) is set to one custom DNS: 192.168.1.6
- ASUS APs are also set to one custom DNS: 192.168.1.6
- I have disabled IPv6 on Windows machines so they only use PiHole
(without that, they sometimes use the IPv6 DNS and bypass PiHole. I am told you cannot disable IPv6 nor set a custom one for DNS on the Google Network Box like you can IPv4)
-Every device on my network has a static IP, configure through the Google Network Box, so I would really rather not switch to using PiHole for DHCP.
Third, Android background:
- It is not possible to disable IPv6 on an unrooted Android
- Rooting Android disables Google Pay and HD NetFlix (otherwise I would, and have for all previous phones, but I want Google Pay functionality now, and rooting is not as necessary as it used to be for me)
- There is a "Private DNS" feature with "Off", "Automatic", and "Private DNS provider hostname". The lest one has an input box that needs a domain, not an IP (won't save x.x.x.x)... so I bought a domain, pointed it to my public IP, and forwarded port 53 to PiHole on the Google Network Box (I know, DDNS attacks, just testing)... but when I try to use that domain as my Private DNS host, it still says "couldn't connect". Obviously I need to leave this turned Off for PiHole to work.
- There is a built in VPN feature, allowing you to add a VNP that is PPTP, L2TP, or IPSec... but I think you have to install OpenVPN app to add it... and it does showup in the list when you do... but it would be nicer to be able to add my VPN through settings without the app. This is why I don't like OpenVPN, why use 3rd party software when the OS has VPN functionality built-in... I want to setup a server that is compatible with the VPN built-in to Android/Windows... oh, well. I forwarded port 1194 on the Google Box to the PiHole/OpenVPN server (as well as 53... plus FYI the ASUS-router is DMZ, and the domain I purchased points to the Google Box's public IP).
How it works for me now:
0) All DHCP leases include DNS entries for 192.168.1.6 as well as an IPv6 one I can't change/get-rid-of.
- Windows machines with IPv6 and auto-DNS still have ads.
- Windows machines with IPv6 disabled (or custom DNS set to 192.168.1.6) work without ads!
- Wifes Android phone, on WiFi, with Private DNS disabled, has no ads!
- My Android phone, on WiFi, with Private DNS disabled, has ads
- My Android phone, on WiFi, running DNS Changer to 192.168.1.6, has no ads!
(DNS Changer works by making a local VPN and having the phone VPN to itself with a new DNS server set to 192.168.1.6) - My Android phone, on 4G, running DNS Changer... doesn't work at all.
- My Android phone, on 4G, running OpenVPN, has no ads
- My Android phone, on WiFi, running OpenVPN... doesn't work at all.
To put it another way, here are my use cases:
A) Leave off all VPNs, get Ads.
B) On WiFi: Enable DNS Changer VPN, no ads.
(must remember to disable when I leave home, or no phone internet)
C) Away from home: Enable OpenVPN, no ads.
(must remember to disable when I get home, or no phone internet)
So... what is the proper way to fix this?
QUESTION 1: Can I get it so OpenVPN will work even when I am on my WiFi? Then I could just leave it on all the time. Seems silly to VPN from home to home... but not sillyer then disconnecting that VPN, and then VPN from phone to phone so that I can force IPv4 DNS... what a joke!
QUESTION 2: OpenVPN is icky... is there a different way to do standard VPN so I add it on my wifes phone without installing any App? Username and Password is fine, I don't want to install an app and generate a key. I did it for my phone, but wife don't want that.
QUESTION 3: Am I SOL on that, and I just need to make a Tasker script to manage which VPN I connect to depending if I am on home WiFi or not? Has anyone posted such a script? Do other people really switch VPNs like I am to get this all to work?
QUESTION 4: Isn't there just a way to get the Private DNS feature to work without using a VPN at all? (I know... port 53... bla bla bla... Google runs a public DNS, why can't I? ...will research more I guess)
QUESTION 5: Do you think it is a bad idea to have ASUS as DMZ? That allows AI-Net and the Router config app to work when I am away from home (just as it normally would if I could use ASUS as my router... but forced to use Google Network Box in order to go full speed [I hacked ASUS to work as main router, but it tops out at 300mbps instead of 1000mbps due to the work in signing each packet])
QUESTION 6: Do you think it is a bad idea to point a sub.domain.com to my home IP? It would allow crawlers to discover my network, along with its port 53, port 1194, and ASUS as DMZ.
TIA for any advice on any of the questions above. Thanks.