Synology VPN Server + PiHole + Dnscrypt + Further VPN + Any suggestions

Currently reading
Synology VPN Server + PiHole + Dnscrypt + Further VPN + Any suggestions

76
19
NAS
DS916+
Operating system
  1. Windows
Mobile operating system
  1. Android
Hello all,

If you have been a recent visitor to these forums you may have noticed all the questions I've been asking......and today is no different.

For context, I setup Pi-Hole on my NAS via Docker, which is working great. I then setup Synology VPN Server which allows me to remotely connect to my NAS via OpenVPN and utilise the benefits of Pi-hole on my mobile phone whilst away from the house.

Now my three questions are;

1) I would like to setup Dnscrypt on my NAS to give me that extra layer of security. I've searched the Internet however there are a lack of guides that cater for my level of expertise (limited). I've tried several however each manages to lose me at varying steps. Can anyone point me to a suitable guide please?

2) Secondly, I would like to have all Internet traffic LEAVING my NAS protected by VPN. Online advice is mixed, from no it can't be done, to it can but by utilising DSM in a Docker. Can anyone here give me a definitive answer please?

3) Lastly, can anyone recommend any further steps to anonymise and protect my online presence further?

As always, many thanks.
 
1. The answer you probably don't want... is to jettison PiHole and use Adguard Home. IMO AH is superior in every way to PH. Clearly, not everyone agrees.

https://kb.adguard.com/en/general/dns-providers
Many thanks for the suggestion.

After a quick look at it, it would appear that Adguard Home incorporates "Pi-Hole & Dnscrypt" like services into one package. I'll have a proper scour of the web to compare the two. As a plus, Adguard has an Android app, and so I won't need to connect to my NAS.
 
Secondly, I would like to have all Internet traffic LEAVING my NAS protected by VPN. Online advice is mixed, from no it can't be done, to it can but by utilising DSM in a Docker. Can anyone here give me a definitive answer please?
You could have a look here under the section “ NAS as a VPN clien”

Keep in mind that if go down this road you will have to manage a bit more on the network layer in order to allow yourself access to your NAS from the outside. An elegant solution to avoid this is to separate your incoming and outgoing vpn needs with 2 separate devices (like your nas and your router). Putting it both on the same unit will also not be possible at the same time (officially). So having a vpn server and usin the same nas as a vpn client, DSM will complain.
 
I'm not an expert,
but I feel way more secure running the VPN server on my router,

In case it becomes compromised or if I have made mistakes in setting it,
there is another layer of security behind my router,
the NAS

Having a firewall before your NAS (and your rest network) is the best option if you want access from WAN.

There are some free options like pfSense, OPnSense, Sophos XG etc.
that can run on a mini PC with an electricity consumption similar to a router and an initial cost a liitle more than a good router
but they all need some study and internet searching if you know little about networks like me
 
Thank you for everyone's thoughts.

I think until I can bring my knowledgebase up to the required standard to use the complete home VPN solution ill be best placed to use Adguard. I've set it up and I'm very impressed, allows for the use of NordVPN's own DNS servers too.

I've moved over to Brave browser also. I'd be really interested to hear if anyone had any other suggestions.
 
hi @Mike12421
curious as to how you got pihole docker working.
i have pihole installed using the official pihole docker, and the webui works fine, however no device on the LAN can connect to it as it doesn't appear to be accessible on port 53.

if i do a "telnet 192.168.1.2 53" then i get no response.
docker network is in host mode.

how did you install yours to get it working?
my settings file is attached
 

Attachments

  • pihole-pihole1.txt
    2.6 KB · Views: 30
Strangely that's the tutorial I used to create, but it's simply not listening on port 53, so nothing on the network can use it for DNS.

I had adguard running and working but didn't like it.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

If you go into Homebridge on your NAS and get a prompt to update the Homebridge GUI plugin - DON'T DO IT...
Replies
0
Views
1,787
The older my boxes get, the less important a warranty becomes. Support your gear, no matter the MFG, with...
Replies
8
Views
1,116

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top