this post was submitted on 30 Nov 2023
13 points (93.3% liked)

Selfhosted

40006 readers
624 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hello! I want to set up a pi-hole on my home and connect from my parent's. Both setups have a dynamic IP assigned by my isp and are different networks.

I have a couple of questions:

  1. I can get a domain that updates automatically. But how would I resolve it on the client side?
  2. Is there any way to authenticate on the server? By Mac maybe? That can be spoofed right?

Edit: my bad, thanks for correcting me, Mac is another layer completely

  1. Can setting up a VPN solve both (1) and (2)?
  2. Is there any other way?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 11 months ago (1 children)

@papelitofeliz
VPN for sure:

  1. Set up both locations with Dynamic DNS providers. DuckDNS is free, but if you’re building infrastructure you may as well buy your own domain and set it up through that (Namecheap is what I use and recommend).

  2. Set up a Wireguard tunnel between both locations. Do *not* specify an endpoint for either. You could specify endpoints to boost security (barely), but it will cause your system to fail during IP changes, for the duration of the TTL.

[–] [email protected] 3 points 11 months ago (1 children)

@papelitofeliz
3. Set up your PiHole on a static private IP.

  1. Ensure both sites can route across the tunnel. Based on your experience level and scope, dynamic routing is not recommended or necessary, which means static routes. Point a route for each side’s subnet to the Wireguard tunnel IPs so your firewalls know how to reach and respond to each other across the tunnel.

  2. Configure your devices to use PiHole for their DNS, via DHCP ideally.

[–] [email protected] 1 points 11 months ago (1 children)

I didn't look anything up yet. But can the wireguard tunnel be setup on the router level (I have a cheap Mikrotik) or as a network service? So clients don't have to install custom stuff