uBlock origin + Pihole. uBlock covers just about everything on your PC but I mainly use Pihole for mobile devices and as a "catch all net"
If you're on android you can use tasker to automatically connect to VPN when not at home
Pihole v6 Beta (and I have a fallback to v5). Runs together with unbound in recoursive mode. Super slick and fast!
I started with unbound dns blacklists and then moved to adguard home. Dns based blocking is just easier and covers the whole LAN imo, I didn't want to deal with various extensions on all my machines/devices.
It's still not bullet proof but it's good enough for me. While you don't need a VPN, I run one so my phone is on it while away from home. That was two fold, dns based blocking and screw my cell carrier getting to snoop. Well and off course I wanted to learn how to setup a VPN server 😁
NextDNS (on a Windows server serving as a proxy for the entire network) in combination with Brave browser. Haven't seen an ad or even the dreaded warning on YouTube ever.
Whenever I'm not at home, I VPN through my FortiGate into my home network.
Wait you have a FortiGate at home? I thought they don’t offer home licenses?
I just use basic DNS ad/scam/spam/etc-blocking, via technetium.
I mostly relays on ublock/sponsorblock, as they are much more effective, and tend to "break" less of the internet.
DNS block-lists tend to do a nuke-from-orbit approach, while not being nearly as effective as you would want. (For example- its not going to effectively hide most youtube ads, facebook ads, etc.), while ublock, is extremely effective at the task.
i use AdGuard Home on a pi3\rasbian for my home. For me it worked better then pihole, more stable.
What do you use when you are away from home?
I use DNS blocking as addons are not really a thing on all mobile devices, but I also roll out uBlock Origin via GPO on Windows as it can better target scripts instead of blocking whole domains and is most of the time able to block detection scripts. The best of both worlds I guess.
Technitium! Soo many features, runs on just about anything. Amazing integration with DHCP. Way easy to set up.
It's actually quite easy to automatically let vpn turn on or off depending on whether you're home or not.
I personally use wireguard for this. On my wife's iPhone there's a setting in the wireguard app that automatically disconnects vpn when connected to specified ssid and reconnects vpn when disconnected from specified ssid. On my android I use the tasker app to get the same functionality. I used this guide to set it up: https://hndrk.blog/tutorial-wireguard-and-tasker/
I haven't set up dns ad blocking yet, but this is exactly the usecase I've come up with for this setup, that and always having our phones on home network for selfhosted services is great.
Hope this is the solution that you're looking for :)
adguard+ublock origin pretty much does it for me.
Adguard home
Cellular is a completely different network so their is no solution unless you owned a cell tower and did it from that litterly impossible by design for cellular stick to extensions!!! I wouldn’t vpn just for no ads but would use a local ad blocker on my network
If it’s DNS based adblocking, like PiHole or pfBlockerNG, you can do split tunnel VPN, no need to route the entire traffic, just the DNS
I look after two AdGuard Home installations.
One is local, running on a super-tiny PC (Intel Atom x5, 4 GB RAM, 64 GB eMMC, Debian 12, and I see no reason why AGH wouldn't run just as well on a 2 / 32 GB version of that PC). The average handling time for a DNS request is 30 ms. You could easily do something similar in a Proxmox container, give it a local IP address, and have you router use it as the DNS server instead of whatever it's using now.
The other is in the cloud, running on a virtual server with 1 GB RAM. The average handling time for a DNS request is 10 ms.
Made an entire video about how to do this with your pihole and unbound.
Ditched pihole and went with NextDNS running natively on my UDM Pro. Performance is much improved.
I can't use any of this stuff, my ISP router is so shit that changing the DNS to Cloudflare or Google's breaks my internet =|
I have multiple layers of ad blocking.
My firewall (opnsense) does this... With very little configuration. Using UnboundDNS with its block list features makes filtering most ads out rather easy.
Some script that parses blocklists into unbound local-data statements, combined with cron and unbound-control
Technitium with block lists + OPNSense ZenArmor as a NGFW. Doesn't block everything, but still as good as you're going to get.
AGH on a raspberry pi. Super fast with caching and other setting enabled.
I'm running unbound. I have a cronjob (bash+python) that downloads StevenBlack's blacklist (https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts), turns it into an unbound config file, and restarts unbound.
Happy to provide a copy if anyone is interested.
You could setup WireGuard on your UDM-SE and install the app on your phone. You can tell the app what wifi networks to not establish the vpn when connected to. This works for iPhone, not sure about android.
Do you have experience, I’m worried about consistency mostly thanks
At home I'm in the process of moving from Pihole to pfblockerNG for DNS blocking. On all my machines (including my phone) I use Firefox with Ublock Origin.
unbound adblock is what I'm using. Hand it a couple of pihole lists and it fits the same thing without the fancy gui.
This is still only locally like Pihole though right?
Correct*, unless you vpn home. Please don't run a publicly accessible dns server. It's going to get used in a dns amplification attack.
*And even then only for devices that use your dns server. Many iot devices have hard coded dns servers to use. And with dns-over-https (DoH) they will get pretty close to unblockable.
Just PiHole and then VPN with split tunnel so that only DNS is using home one.
I’ve heard of using Wireguard for VPN when away from my local network. How does performance get impacted with something like that?
You can set up WireGuard to only route local addresses to the peer, so you would only be routing dns requests through the tunnel and everything else goes via whatever other interface you have. So performance is minimally impacted in that way.
To be honest the advertisers have won this battle as far as I'm concerned but hear me out. It's the "please turn off your ad blocker and support this site" pop-ups got more annoying than the ads. Using a VPN just means I don't get personalized ads, just random ones.
I run everything through a local install of Charles Proxy (though Proxyman or Sqid on Linux can do the same). This lets me see all of my traffic and see ssl traffic in plane text and I use this all day for debugging.
Couple Advantages to using a Proxy instead of a blocker:
This comment brought to you by advertiser sock accounts.
Using a VPN just means I don't get personalized ads, just random ones.
You can ask Google for non-personalized ads too, its in the settings. They will track you either way.
I’ve allway wanted the advantages of a proxy but I’ve had a hard time picking hardware, lmk