Greetings,
I would love to have an option to install PiHole on my Opnsense box. I have many small shops running Opnsense on an APU2 board, and I would like to avoid installing an additional Raspberry only for PiHole. I did some research, but most articles I found talked about configuring Opnsense to use PiHole.
Is there anybody working on that, or is there already a way to accomplish that and I didnĀ“t find it yet? For technical reasons I cannot use proxies (only if it would be transparent).
Thanks
Guybrush
Pi-hole directly will not work because that only runs on Linux.
There is a way to mostly do what Pi-hole does on FreeBSD, I don't have any experience with it.
Someone else will no doubt know how.
Are there specific features you need from PiHole?
What about BIND plugin as an option?
What I love about PiHile is the huge amount of insight in a neat webinterface. In general I would like to give my clients the ability to block domains based on categories (gambling, nuditiy, ...) and to block malicious sites at all, but without the hassle of a dedicated proxy. I "freed" a network with over 100 clients from a predominant proxy, that caused all sorts of errors and problems. Additionally, I do not want to touch every piece of software that does not understand WPAD.
But maybe I am just not up2date with Opnsense (honestly, coming from pfsense and havent used the very newest version yet)?
Thanks
Guybrush
Have a look at DNS blocking with Unbound and Bind, as mimugmail suggests. A useful tread to look into might be: https://forum.opnsense.org/index.php?topic=10180.0
Might suit your needs as there are multiple blocklists that can be enabled. The specific configuration options are less than squidguard lists, but there is a specific Porn blocklist as well as an ads and malware blocklist.
Regards,
Northguy
P.S. Can you tell me the story about this LeChuck guy? ;D ;D ;)
I agree that something like piHole would be a great thing for OPNsense. The workarounds that I've seen all involve a lot of technical knowhow and aren't something I could expose to an end-user administrator.
Could Pi-Hole be turned into an add-on/plugin?
No, because it works on Linux. It's installation scripts supports a couple of Linux distros and has dependencies on them.
It would require a complete rewrite, and no doubt there are other things that would need change as well.
I'm fairly confident there would be a way of doing this via docker on opnsense right? Pihole on docker is readily available. It would make a lot more sense to host it on your firewall than add another point of failure.
No docker in FreeBSD ;)
I recommend using AdGuard Home instead.
I had to virtualize OPNsense because of this and run it under Proxmox and could not run Bare metal.. Had to have Pi-hole and it's a waste of the system to not be able to do it under 1 roof
AdGuard Home lacks the visualization, can't stand it
Pihole is a classic example of Linux centric development. No way (currently) it's going to run on FreeBSD.
Not my or OPNsense's fault.
AdGuard and Pihole are in their functionality similar. The most biggest difference that people will see (and this is subjective) is that Pihole has overall "nicer" GUI.
There were some points that if Pihole will be on standalone device it adds another point of failure. Thats not Fully true, if you have something extra that controls resolution or traffic it doesn't matter where it is hosted one or another way its an additional point of failure.
There was as well a point that Pihole allows to categorize/group Hosts and use that on filtering. Adguard can do it as well via TAGs.
https://github.com/AdguardTeam/AdGuardHome/wiki/Clients
There are ways to achieve configurations/filtering/setup on AdGuard similar to those that Pihole has.
P.S. I use Pihole + Unbound, but that's because I have a RPI, and it was my 1st project on RPI and containerization.
Regards,
S.
Before, I was running OPN bare metal on an APU. I wanted Pi-hole but didn't want to buy a raspberry just for that, so I used the pi-hole provided Virtual Machine amd-64 image and ran it as a VM on an ESXi host. All fine.
Then when I decided to power down my ESXi hosts due to cost of electicity in the UK, I moved to OPN as VM and AdGuardHome on it. Happy as punch.
Point is for @frozen, if you have a Virtualisation host and want to stick with Pi-Hole, you ca run it as another VM alongside OPN.
Quote from: Patrick M. Hausen on February 13, 2024, 10:12:48 PM
Pihole is a classic example of Linux centric development. No way (currently) it's going to run on FreeBSD.
Not my or OPNsense's fault.
Patrick, this is an incorrect statement. I have Pihole running on TrueNAS Core Virtual Machine using bhyve. As an example there is a thread post here to install OpenWRT on OPNsense using bhyve. So, there is no technical reason why this cannot happen.
HOWTO: Setup OpenWRT Virtual Machine on OPNsense and use it to manage a WiFi AP (https://forum.opnsense.org/index.php?topic=34034.0)
Might be the case lilsense BUT if I read it correctly, the statement in its intention -to which I wholeheartedly agree- is that the application has no native freebsd development. In other words there is no port or package that can be installed natively. The only way is using virtualisation to run it; bhyve is just another flavour of virtualisation.
No doubt, and also I am not sure of APU2 has the oomph to make it over the hill... BUT that does not mean that there are no other ways on the same FreeBSD machine to run say Linux/Windows or even Mac... :D
Here's the link:
https://docs.pi-hole.net/main/prerequisites/#supported-operating-systems
I am running mine on RockyLinux.
https://rockylinux.org/
Semantics aside, where it won't run natively, we're agreeing :)
Indeed putting any virtualisation type 2 on an APU is beyong pushing it.
Quote from: cookiemonster on February 14, 2024, 10:56:01 AMI wanted Pi-hole but didn't want to buy a raspberry just for that, so I used the pi-hole provided Virtual Machine amd-64 image and ran it as a VM on an ESXi host. All fine.
ESXi is no longer free 😭
Quote from: lilsense on February 14, 2024, 11:15:06 AM
Quote from: Patrick M. Hausen on February 13, 2024, 10:12:48 PM
Pihole is a classic example of Linux centric development. No way (currently) it's going to run on FreeBSD.
Not my or OPNsense's fault.
Patrick, this is an incorrect statement. I have Pihole running on TrueNAS Core Virtual Machine using bhyve.
That's still not running PiHole on FreeBSD. That's still installing PiHole on Linux. But yeah, as long as your opnsense box has enough resources, running Linux on bhyve is doable. Still can't use the PiHole installer scripts on FreeBSD directly and modifying PiHole for BSD would be a huge effort. Running PiHole in a jail would be much more attractive than using bhyve.
What about the Linuxulator (https://wiki.freebsd.org/Linuxulator)? I haven't used that since the Linux 2.6.26 days; I had thought it was abandoned, but the wiki says Linux 4.4 compatibility. Can that be used for Docker? Or is it more like WINE and too much of the Linux kernel API is still unimplemented?
To answer you question OP, unbound on OPNsense can do almost anything that pihole does, without the nice GUI.
Just select the usual blocklists under, well blocklist ;)
Mostly the same blocklists you would load under pihole.
Before I got myself an OPNSense router, I ran piHole on an RPi. When I switched to OPNSense, I went for AdGuardHome running on the same APU as OPNSense and I am very happy with the result, performance, blocking and GUI. I recommend trying it out.
I'm wondering if PiHole could bloack based on categories such as porn and gaming but limited to a single IP
Yes it can, you can create a group of devices and apply on them specific domains or lists. But I think ADG can do the same.
Regards,
S.