Ethan Robish //
Ads serve an important function on the internet. For many websites, ads are the main form of revenue that funds the site’s content or service. This, however, doesn’t prevent them from annoying users, taking up bandwidth, or even being malicious. They can completely hijack the page you are viewing with popups and scare tactics. You, as a savvy security blog reader, know better than to “click to remove virus” or believe that your phone is out of memory and needs fixing. But can you say the same for your spouse, your children, or your parents?
Like many of you, I use an ad block extension in my browser. It’s one of the first things I install with a new browser. However, it’s not perfect. Each browser on each device needs it’s own extension, which takes up valuable resources, and some browsers don’t support extensions. In a world where people own multiple desktops, laptops, media devices, tablets, and phones this quickly becomes unmanageable.
Home Ad Blocking Solution – DNS Server
One solution is to prevent contacting ad domains in the first place using DNS. In fact, Security Weekly covered this exact scenario in a tech segment.
While I can appreciate Paul wanting to set up and manage his own DHCP and DNS servers, I wanted a more hands-off approach.
If you want a super simple solution, I recommend signing up for a free OpenDNS account. From there you configure which categories you’d like to block, change your DNS settings on your home network, and you’re done.
But the solution I decided on was mentioned by the guys at Security Weekly in their very next episode. The solution is called Pi-Hole.
It can be installed on a RaspberryPi and comes with a DNS server preconfigured to block over 100,000 ad-related domains. The installation script assumes you’re running Debian, so you don’t necessarily need a RaspberryPi to use it.
If you’re putting this on a fresh RaspberryPi, I recommend going with the Raspbian Lite image and following the instructions on Pi-Hole’s website.
Or you can use the one-click installer that comes with the DietPi linux distro.
Once installed, I switched the DHCP DNS servers on my home router to point to my new Pi-Hole IP address. From then on, any time a device on my home network gets an IP via DHCP, they also get the benefit of ad blocking through the Pi-Hole DNS.
Through Pi-Hole’s web interface you can add custom sites to blacklist or whitelist. Consider whitelisting sites you trust and wish to support. You may also need to whitelist certain domains if you notice that your devices aren’t behaving as expected.
After I got this running on my home network, I felt a sense of accomplishment in that I had protected my laptop, my phone, and even my wife’s devices in one fell swoop. It wasn’t long, however, before I left the safety of my home network and ventured out into the world. The primary place I noticed was on my phone, both browsing the web and opening free ad-based apps. We can do better.
Ad Traffic Hovers at 10-15% Daily
Remote Ad Blocking Solution – VPN
The next part of my solution involved setting up a home VPN that I could connect when away from home. While searching, I ran across the SoftEther project. It’s open source, cross-platform, and supports numerous protocols.
I roughly followed this guide to set up and configure the SoftEther server on my Raspberry Pi.
You’ll need to allow the correct ports through your router and have an public IP or domain you can use to connect while you’re away from home. I took advantage of SoftEther’s free dynamic DNS service. Your port list may vary based on which VPN protocol(s) you decided to use. For L2TP/IPSec, I had to forward UDP ports 500 and 4500 along with enabling the IPSec and L2TP passthrough options on my router.
After that, it was a matter of configuring my laptop and phone with the correct client VPN profiles. More details can be found on SoftEther’s website, but if you’ve ever set up a VPN on your device before this should be straightforward.
- Mobile Devices – https://www.softether.org/4-docs/2-howto/3.VPN_for_Mobile/1.iPhone_and_Android
- Mac OSX – https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/5.Mac_OS_X_L2TP_Client_Setup
- Windows – https://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server/4.Windows_L2TP_Client_Setup
Now, when I’m away from home all I have to do is start up my VPN connection. Not only is my traffic encrypted, but ads are blocked too! This also helps cut down on data usage since the ads won’t be transferred over the connection.