Install PiHole on Opnsense

Started by Guybrush, January 14, 2019, 11:27:05 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 14, 2019, 11:27:05 AM
Greetings,

I would love to have an option to install PiHole on my Opnsense box. I have many small shops running Opnsense on an APU2 board, and I would like to avoid installing an additional Raspberry only for PiHole. I did some research, but most articles I found talked about configuring Opnsense to use PiHole.

Is there anybody working on that, or is there already a way to accomplish that and I didnĀ“t find it yet? For technical reasons I cannot use proxies (only if it would be transparent).

Thanks
Guybrush
January 14, 2019, 12:50:29 PM #1
Pi-hole directly will not work because that only runs on Linux.
There is a way to mostly do what Pi-hole does on FreeBSD, I don't have any experience with it.
Someone else will no doubt know how.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
January 14, 2019, 01:00:10 PM #2
Are there specific features you need from PiHole?
What about BIND plugin as an option?
January 15, 2019, 09:37:15 AM #3
What I love about PiHile is the huge amount of insight in a neat webinterface. In general I would like to give my clients the ability to block domains based on categories (gambling, nuditiy, ...) and to block malicious sites at all, but without the hassle of a dedicated proxy. I "freed" a network with over 100 clients from a predominant proxy, that caused all sorts of errors and problems. Additionally, I do not want to touch every piece of software that does not understand WPAD.

But maybe I am just not up2date with Opnsense (honestly, coming from pfsense and havent used the very newest version yet)?

Thanks
Guybrush
January 15, 2019, 11:29:39 AM #4
Have a look at DNS blocking with Unbound and Bind, as mimugmail suggests. A useful tread to look into might be: https://forum.opnsense.org/index.php?topic=10180.0

Might suit your needs as there are multiple blocklists that can be enabled. The specific configuration options are less than squidguard lists, but there is a specific Porn blocklist as well as an ads and malware blocklist.

Regards,

Northguy

P.S. Can you tell me the story about this LeChuck guy? ;D ;D ;)
January 15, 2019, 10:34:46 PM #5
I agree that something like piHole would be a great thing for OPNsense.  The workarounds that I've seen all involve a lot of technical  knowhow and aren't something I could expose to an end-user administrator.
Later...
Richard
July 14, 2019, 11:49:35 PM #6
Could Pi-Hole be turned into an add-on/plugin?
July 15, 2019, 12:18:31 AM #7
No, because it works on Linux. It's installation scripts supports a couple of Linux distros and has dependencies on them.
It would require a complete rewrite, and no doubt there are other things that would need change as well.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
February 13, 2024, 05:11:58 AM #8
I'm fairly confident there would be a way of doing this via docker on opnsense right?  Pihole on docker is readily available.  It would make a lot more sense to host it on your firewall than add another point of failure.
February 13, 2024, 06:08:09 AM #9
No docker in FreeBSD ;)
February 13, 2024, 07:34:42 AM #10
I recommend using AdGuard Home instead.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 13, 2024, 08:45:09 PM #11 Last Edit: February 13, 2024, 08:47:37 PM by frozen
I had to virtualize OPNsense because of this and run it under Proxmox and could not run Bare metal..  Had to have Pi-hole and it's a waste of the system to not be able to do it under 1 roof

AdGuard Home lacks the visualization, can't stand it
February 13, 2024, 10:12:48 PM #12
Pihole is a classic example of Linux centric development. No way (currently) it's going to run on FreeBSD.

Not my or OPNsense's fault.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 14, 2024, 10:48:15 AM #13
AdGuard and Pihole are in their functionality similar. The most biggest difference that people will see (and this is subjective) is that Pihole has overall "nicer" GUI.

There were some points that if Pihole will be on standalone device it adds another point of failure. Thats not Fully true, if you have something extra that controls resolution or traffic it doesn't matter where it is hosted one or another way its an additional point of failure.

There was as well a point that Pihole allows to categorize/group Hosts and use that on filtering. Adguard can do it as well via TAGs.
https://github.com/AdguardTeam/AdGuardHome/wiki/Clients

There are ways to achieve configurations/filtering/setup on AdGuard similar to those that Pihole has.

P.S. I use Pihole + Unbound, but that's because I have a RPI, and it was my 1st project on RPI and containerization.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
February 14, 2024, 10:56:01 AM #14
Before, I was running OPN bare metal on an APU. I wanted Pi-hole but didn't want to buy a raspberry just for that, so I used the pi-hole provided Virtual Machine amd-64 image and ran it as a VM on an ESXi host. All fine.
Then when I decided to power down my ESXi hosts due to cost of electicity in the UK, I moved to OPN as VM and AdGuardHome on it. Happy as punch.
Point is for @frozen, if you have a Virtualisation host and want to stick with Pi-Hole, you ca run it as another VM alongside OPN.
Print
Go Up Pages1 2
User actions