How to setup Pi-hole on the go with WireGuard on Google Cloud’s Always Free Compute Engine VM?

Pi-hole is a great piece of software and you can set it up easily on your home network on a $5 Raspberry Pi Zero W. What if you can have Pi-hole capabilities on the go on your mobile phone?

Well, you could expose your home network’s Pi-hole but that’s generally a bad idea, even if you know what you’re doing.

Getting a virtual machine is already really cheap if you know where to look, but if you’re a cheapskate like me, Google Cloud does offer a reasonable Always Free option.

  1. Assuming you already have a Google account, navigate to the Google Cloud Platform console. You might have to create a project and enable billing before you can get started.
  2. Create a VM instance on Compute Engine
  3. Region Select from one of the following regions:
    • us-west1
    • us-central1
    • us-east1
  4. Machine type Select f1-micro (1 vCPU, 614 MB memory)
  5. Boot disk Select Debian for the ‘Operating system’ and Standard persistent disk for the ‘Boot disk type’ (you can have up to 30 GB HDD free but 10 GB is more than adequate)
  6. Firewall Enable both ‘Allow HTTP traffic’ and ‘Allow HTTPS traffic’
  7. Expand Management, Security, disks, networking, sole tenancy and click the Network tab. Click the ‘Edit’ icon under Network Interfaces.
  8. External IP Select Create IP address
  9. Click ‘Create’
  10. Select your VM instance and click ‘Edit’
  11. Under ‘SSH Keys’, click ‘Show and edit’ to add your public SSH key and click ‘Save’
  12. Log into your newly created Virtual Machine via SSH
  13. Run the following command to update and upgrade the system:

    sudo su
    apt-get update && apt-get upgrade -y

  14. Install WireGuard

    wget -O && bash

  15. Run the following command:

    ip a show dev wg0

    Note down the server’s WireGuard IPv4. It should be something like

  16. Run the following command:

    ip r | grep default

    Note down the default gateway IPv4.

  17. Install Pi-hole

    curl -sSL | bash

  18. Select wg0 for the interface. Then follow through the steps in the installer and it’s mostly fine to go with the defaults. When you get to the Static IP Address section, choose ‘No’.

    Enter the output from (15) for the IP address and the output from (16) as the default gateway IPv4.

  19. Set the password for your Pi-hole administrative page

    pihole -a -p

  20. Configure Pi-hole with WireGuard by editing the tunnel on the client side.

    Replace the value under ‘DNS servers’ with the output from (15) (e.g. If you would like to only tunnel the DNS traffic, replace the values under ‘Allowed IPs’ with the output from (15) as well (e.g.