
WireGuard as VPN Server on Kubernetes with AdBlocking - coding_coffee
https://codingcoffee.dev/blog/wireguard_on_kubernetes_with_adblocking/
======
syoc
This writeup uses AdGuard for ad blocking, specifically "AdGuard Home". The
"How to setup?" link from their homepage pointing to their github repo says
that you accept a EULA[0] on clicking the link. The EULA seems to directly
contradict their repo GPLv3 license. [1]

[0] [https://adguard.com/en/eula.html](https://adguard.com/en/eula.html) [1]
[https://github.com/AdguardTeam/AdGuardHome/blob/master/LICEN...](https://github.com/AdguardTeam/AdGuardHome/blob/master/LICENSE.txt)

~~~
ehsankia
For people using network level ad blocking, do you ever run into annoyances
where there's a site you want to access and just can't? Mostly links that
route through an analytics network. First time you click on a twitter link for
example, or some referrer store links. And once you're stuck, there's normally
nothing you can do. At least on the browser I can temporary turn off an
extension, but I've found that network level blockers get in the way
sometimes.

~~~
shmoogy
This is why I don't run pihole or NextDNS at the network level anymore, my
wife had too many annoyances with slick deals and other things. Whitelists
covered most but not everything.

~~~
zzyzxd
pihole has an API to disable adblocking, which is just an HTTP request so it's
pretty easy to trigger. For example, on iOS, write a shortcut so that you can
"Hey Siri, disable pihole".

~~~
shmoogy
I gave her a shortcut that disabled Pihole via ssh but it was still annoying
for her. I don't mind just running it on my devices. I pay for YouTube premium
and other things already anyway.

------
opqpo
I believe that Kubernetes is artificially injected in your setup. You can just
run your DNS server on the server and advertise it on the VPN address. You can
still address it from anywhere in the VPN.

~~~
zelly
But then it wouldn't have made the first page

~~~
pm90
I did not downvote you but, serious question: is there a need for this kind of
snark?

I understand the point that running a kubernetes cluster just for this would
probably be hard to justify. But, if you deploy your services to kubernetes
already, then this is a nice guide to do so, isn't it?

I find it hard to understand this attitude, especially in a forum dedicated to
talk about technology.

~~~
aphroz
But maybe, like in any social network, there is a bias on what is put in front
page. And if you have an interesting project, you might want to add an extra
layer of complexity and use Kubernetes in order to gain more visibility.

------
miked85
Algo [1] is a great option for a personal VPN, and it supports WireGuard + ad
blocking. I really don't understand why you would want to use k8s for
something like this unless it is just a pet project.

[1] [https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

~~~
syoc
I have a hard time understanding why people use these small script bundles on
top of wireguard. The VPN use case is the best documented one with a large
amount of guides and the configuration is very simple.

~~~
miked85
Because it sets up everything in your VPS as well.

------
yegle
Looks like the author is using Android. Why not just use AdGuard Home as a
DNS-over-TLS server (which is supported on Android P and above)? What's the
benefit of plaintext DNS over VPN compare to DNS-over-TLS?

------
poorman
Cool, but you can avoid half this setup with Tailscale for free...

~~~
opqpo
Yes you can avoid that open source setup for a buggy and even slower userspace
wireguard commercial implementation for only 10$/month per user

