Entware Pi-hole directly on the router? Yes!

[kuki68ster]

Hi there,

I am getting errors acessing the opkg update:

 

[jacklul]

Hi there,

I am getting errors acessing the opkg update:

Check if you didn't get rate limited by Github

URL slightly changed per @thelonelycoder suggestion, see here https://www.snbforums.com/threads/pi-hole-directly-on-the-router-yes.90719/post-914979

 

[the_harpy]

Hi ,
Not very experienced with Linux .
Can any one help me
How to add custom URL of pi hole in opkg.conf configuration
as per (https://github.com/jacklul/entware-pi-hole#installation)
Running BE98Pro with Merlin 3006.102.1 , Entware installed.

Above issue has been fixed
but now no modification saved within /opt/etc/pihole/pihole.toml
every time I restart the pi hole FTL the above file is reverting to default
pi hole installed properly

Thanks

 

[jacklul]

Hi ,
Not very experienced with Linux .
Can any one help me
How to add custom URL of pi hole in opkg.conf configuration
as per (https://github.com/jacklul/entware-pi-hole#installation)
Running BE98Pro with Merlin 3006.102.1 , Entware installed.

Above issue has been fixed
but now no modification saved within /opt/etc/pihole/pihole.toml
every time I restart the pi hole FTL the above file is reverting to default
pi hole installed properly

Thanks

You should probably stop pihole-FTL before making changes as it writes the config on shutdown when restarting.
You can also modify the configuration through the web UI which is way more user friendly.

 

[the_harpy]

You should probably stop pihole-FTL before making changes as it writes the config on shutdown when restarting.
You can also modify the configuration through the web UI which is way more user friendly.

thanks for reply , yes I did stop pihole ftl and also dnsmsq before edit these files.
but still pihole.toml not saving any modification , instead reverting back to installation default upon restarting the pihole ftl
lastly i tried without modification and able to open Pihole web interface with this URL ( http://<my router IP>:8080/admin/ )
few issue observed > Temp N/A
Unable to update Pihole through ssh pihole -up
Web interface open without any user name and password

 

[jacklul]

thanks for reply , yes I did stop pihole ftl and also dnsmsq before edit these files.
but still pihole.toml not saving any modification , instead reverting back to installation default upon restarting the pihole ftl
lastly i tried without modification and able to open Pihole web interface with this URL ( http://<my router IP>:8080/admin/ )
few issue observed > Temp N/A
Unable to update Pihole through ssh pihole -up
Web interface open without any user name and password

The config file might revert to default if you make any mistake in formatting and it cannot parse it
Missing temperature display is to be expected and is not a big deal.
`pihole -up` will not be supported, updates will be delivered through opkg.
If you had pihole.toml placed prior to installation it will not modify it to set a password - instead a warning is show in the console when installing the package.

If this was your first install and pihole.toml was not placed in /opt/etc/pihole prior to installation of the package then random password would be generated in newly created /opt/etc/pihole/pihole.toml.
Pretty sure you're creating a syntax error in the file and it reverts to default, that would explain why the password protection is gone.

 

[jacklul]

Just a little announcement that Pi-hole V6 has been officially released and now the main Entware package ("pi-hole") is tracking upstream releases.

 

[JGrana]

Ahhhh, I can see it now, coming soon…

PiHoleMon

;-)

 

[kuki68ster]

Just a little announcement that Pi-hole V6 has been officially released and now the main Entware package ("pi-hole") is tracking upstream releases.

I am jumping in again...

 

[SomeWhereOverTheRainBow]

Ahhhh, I can see it now, coming soon…

PiHoleMon

;-)

I bet @Viktor Jaep can come up with all kinds of fancy hooks for ye 'ole terminal users.

 

[js28194]

Can this be installed along side of diversion or skynet? Intrested to install and test run this, but was not sure if there would be any issues.

 

[jacklul]

Can this be installed along side of diversion or skynet? Intrested to install and test run this, but was not sure if there would be any issues.

Pi-hole is a DNS server, so the adblocking happens on the DNS level, since those might get filtered by mentioned addons then yes, it might create conflicts.

 

[jacklul]

Since this was mentioned before: pihole-updatelists script has been updated to run on Entware, to install it:

opkg install php8-cli php8-mod-filter php8-mod-pdo-sqlite php8-mod-curl php8-mod-openssl php8-mod-intl php8-mod-pcntl
ln -s /opt/bin/php-cli /opt/bin/php
wget -O - https://raw.githubusercontent.com/jacklul/pihole-updatelists/master/install.sh | bash

And then continue as in the readme.

 

[Martin]

I noticed the PiHole does not accept requests from Guest networks. It also sets the external ips as its system addresses.

Additionally to accept requests from VPNs the "Interface Settings" had to be set to "Permit all origins". (it then still does not receive guest network requests)

 

[jacklul]

I noticed the PiHole does not accept requests from Guest networks.

That is to be expected, what you can try is to set in pihole.toml (or web UI):

  dnsmasq_lines = [
    "interface=br1"
  ]

Replace br1 with the actual bridge interface for your Guest Network.

Additionally to accept requests from VPNs the "Interface Settings" had to be set to "Permit all origins".

That was also a case sometimes when hosting Pi-hole + VPN stack on Raspberry Pi, "Permit all origins" should be safe as long you don't open up ports on external interfaces.
You can also add "interface=wgs1" (for WireGuard) to dnsmasq_lines in pihole.toml, just like above.

  dnsmasq_lines = [
    "interface=br1",
    "interface=wgs1"
  ]

Replace wgs1 with the actual VPN interface.

It also sets the external ips as its system addresses.

Do you mean like in Tools -> Interfaces? It wasn't designed to run on a router so it might consider eth0 a LAN interface.

 

[bibikalka]

@jacklul
This is a great addon!

Can you summarize the performance tweaks to make this as light weight as possible?

​

 

[visortgw]

I noticed the PiHole does not accept requests from Guest networks. It also sets the external ips as its system addresses.

Additionally to accept requests from VPNs the "Interface Settings" had to be set to "Permit all origins". (it then still does not receive guest network requests)

Have you tried using DNS Director to redirect DNS to the Pi-hole IP for guest networks? That is what I do for Pi-hole installed on a Raspberry Pi, and it works for guest networks!

 

[jacklul]

@jacklul
This is a great addon!

Can you summarize the performance tweaks to make this as light weight as possible?

Honestly I didn't really mess around with the Pi-hole settings, they usually have sensible defaults and didn't feel the need to optimize anything.

One thing I recommend is disabling NTP functionality since it can interfere with the firmware time sync:

[ntp.ipv4]
  active = false
[ntp.ipv6]
  active = false
[ntp.sync]
  active = false

If you insist on making it lightweight I suppose you could disable the web server but this will make you unable to manage the Pi-hole through the web interface and some command line functionality will be gone too.

[webserver]
port = ""

You might have to re-enable the web server if you want to update the blocklists, making this tweak rather useless in the long run since you want the lists to update automatically.

I have over 1.1M blocked domains on my block lists (using ticked lists from firebog.net, and few extra blocklists) and Pi-hole takes ~43.6 MB of memory right now, from time to time the daemon performs a database maintenance and the memory usage can double.

I'm running Monit on the router, capturing usage every 60 seconds for few core services:

Spoiler

 

[bibikalka]

Honestly I didn't really mess around with the Pi-hole settings, they usually have sensible defaults and didn't feel the need to optimize anything.
...
I have over 1.1M blocked domains on my block lists (using ticked lists from firebog.net, and few extra blocklists) and Pi-hole takes ~43.6 MB of memory right now, from time to time the daemon performs a database maintenance and the memory usage can double.

Ok! Sounds like it'll help to schedule database maintenance sometime during the night so that it is not impacting the active usage times.

My other aspiration is to swap the PiHole database on schedule and replace Asus Parental controls which are terrible and actually do take quite a bit of resources!

 

[jacklul]

Ok! Sounds like it'll help to schedule database maintenance sometime during the night so that it is not impacting the active usage times.

Sadly, I think we have no control over the time the maintenance happens as it is built into the daemon.

My other aspiration is to swap the PiHole database on schedule and replace Asus Parental controls which are terrible and actually do take quite a bit of resources!

Why would you swap Pi-hole database on own schedule?
Resourceful kids will learn how to get around DNS "parental control".