...just depends on your perspective.
A quick tutorial with example configuration files & instructions to manually setup a recursive DNS server with the ability to blocks ad-networks and other known badness along with a VPN setup. This creates a self-contained privacy & security enhancing service that you can use as a safe network exit for your phones, networks, etc. For this tutorial, I am using a FreeBSD 12 host on DigitalOcean, all directions will be for that system. Porting over to your Linux distro of choice should be trivial....
Two options are presented below. Wireguard is prefered for simplicity and performance. StrongSwan is presented for knowledge around IPSEC, certificates, etc., but it is much more complicated to configure and get running.
- me - Initial work - PrivacyWonk
- Rob Seastrom - DNS Ninja - Rob Seastrom - guidance and a gut check on all things DNS.
- oogali - Network Ninja - oogali - guidance, gut check, and troubleshooting on firewall and ipsec
- Pi-hole as All-Around DNS Solution -- initial inspiration to replicate
- Calomel Unbound Write up -- write up that got me thinking...
- strongSwan -- great documentation
- IPFW Firewall Examples
- FreeBSD Handbook (PDF)