Raspberry Pi OS
Raspberry Pi OS is the official operating system for the Raspberry Pi, ensuring optimal performance and support for your device.
For an easy installation process, use the Raspberry Pi Imager to install the OS onto your Micro-SD card.
Once the installation is complete, be sure to update the system for the latest features and security updates.
sudo apt uptdate && sudo apt -y upgrade sudo apt install -y unattended-upgrades
Optional: Tweak Raspberry Pi OS
1 Change User Password
3 Boot Options-
B1 Desktop / CLI-
B2 Console Autologin
4 Localisation Options-
I2 Change Timezone
4 Localisation Options-
I4 Change Wi-Fi Country
7 Advanced Options-
A1 Expand filesystem
7 Advanced Options-
A3 Memory Split
sudo shutdown -r now
Find the required IP addresses which will be needed for OpenVPN.
- External IP:
- Internal IP:
VPN, or Virtual Private Network, creates an encrypted connection between a client and a VPN server. This ensures that all internet data is secure from man-in-the-middle attacks as it is routed through the encrypted tunnel.
In addition to enhanced security, a VPN also enables clients to remotely access local networks securely, making it a valuable tool for remote work and access to resources on other networks.
wget https://git.io/vpn -O openvpn-install.sh chmod 755 openvpn-install.sh sudo ./openvpn-install.sh
Example Install Settings
- Public IPv4 address / hostname :
- Protocol :
- Port :
- DNS :
Current system resolvers
- Client name [client]:
The OpenVPN file, generated by the process, can be utilized with an OpenVPN client on devices such as smartphones. It can be located inside the
/root directory, in this case,
/root/my-phone.ovpn. To facilitate the transfer of the file off the Raspberry Pi, it is recommended to copy it to the home directory,
~/, and use SFTP (Secure File Transfer Protocol) for the transfer.
To begin, use the command
ifconfig tun0 | grep 'inet' to determine the IP address of the
tun0 interface, which is utilized by OpenVPN. In the example given, the IP address is
- Edit OpenVPN server config:
sudo nano /etc/openvpn/server/server.conf
- Add the tun0 interface IP address, PiHole will be using it:
push "dhcp-option DNS 10.8.0.1"
- Comment out other
dhcp-optionreferences by adding a
#in front of it:
#push "dhcp-option DNS 192.168.1.1"
- Restart OpenVPN server:
sudo systemctl restart openvpn
DNSCrypt is a protocol that ensures the authenticity of communications between a DNS client and a DNS resolver. It protects against DNS spoofing by using cryptographic signatures to verify that responses are coming from the chosen DNS resolver and that they have not been tampered with. In other words, it helps to secure and validate the DNS queries to protect user’s privacy and security.
DNSCrypt-Proxy can be installed into the directory
/opt, which is commonly used for the installation of additional application software packages.
cd /opt sudo wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.5/dnscrypt-proxy-linux_arm64-2.1.5.tar.gz sudo tar xf dnscrypt-proxy-linux_arm64-2.1.5.tar.gz sudo rm dnscrypt-proxy-linux_arm64-2.1.5.tar.gz sudo mv linux-arm64 dnscrypt-proxy cd dnscrypt-proxy sudo cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
For DNSCrypt-proxy to work correctly alongside Pi-Hole some changes must be made to the configuration file
dnscrypt-proxy.toml by running the command
sudo nano dnscrypt-proxy.toml while still in
- Change port, since
53is already being used by Pi-Hole.
This is the
Change it to
listen_addresses = ['127.0.0.1:54','[::1]:54']
require_dnssec = falseto
require_dnssec = true
- Install the dnscrypt-proxy service.
sudo ./dnscrypt-proxy -service install
- Start the dnscrypt-proxy service.
sudo ./dnscrypt-proxy -service start
- Check the service status.
sudo systemctl status dnscrypt-proxy
Feel free to change additional options inside the configuration file to suit your needs as I have done.
During the installation process, you can select any upstream DNS server. The selected server can be modified later in the configuration file if needed.
wget -O basic-install.sh https://install.pi-hole.net sudo bash basic-install.sh
Take note of the login password once the installation is complete.
Add the DNSCrypt-Proxy server to Pi-Hole on the Pi-Hole admin page.
To configure clients to use Pi-Hole as the DNS server, set the Pi-Hole IP address as the DNS server on each client device. Alternatively, configure the router so that all clients on the local network will automatically use Pi-Hole filtering and DNSCrypt security. This way, all devices connected to the network will benefit from the enhanced security and ad-blocking provided by Pi-Hole and DNSCrypt.