What’s Included
Installed on your VPS with full control and zero‑log privacy from day one.
WireGuard + Pre‑Shared Keys
Post‑quantum PSK support for future‑proof security.
Pi‑hole Ad Blocking
Privacy level 4 with query logging disabled.
Unbound Recursive DNS
No third‑party DNS providers.
DNSSEC Validation
Cryptographic verification against spoofing.
Fail2Ban SSH Protection
Automatic blocking of brute‑force attempts.
Enhanced Blocklists
Protection from ads, trackers, and malicious domains.
Zero‑Log Features
Pi‑hole Query Logging
Completely disabled for total DNS privacy.
Unbound DNS Logging
No recursive query logs stored.
Web Server Access Logs
HTTP/HTTPS traffic is never logged.
System Journal (Volatile)
Stored only in RAM and cleared on reboot.
Automatic Hourly Cleanup
Temporary logs are purged every hour.
Installation Logs Deleted
No traces of setup remain on disk.
How It Works
Technical Details
Network
Port: 51820/UDP · Protocol: WireGuard
DNS
Unbound recursive DNS with DNSSEC validation.
Access
Pi‑hole Web UI is accessible via VPN only.
Credentials
Saved to /root/wg-pihole-unbound-credentials.txt
Why Choose This Over a Hosted VPN?
Complete Privacy
Zero logging and no third‑party DNS providers.
Full Control
Your server, your rules, your security posture.
Better Performance
Dedicated resources and your own IP address.
Ad Blocking Everywhere
Protect every device on your VPN.
FAQ
What is a self‑hosted VPN?
A VPN server you control, running on your VPS with a dedicated IP.
What does zero‑log mean?
All logs are disabled or stored only in volatile memory.
How do I access the Pi‑hole Web UI?
It is accessible only when connected to the VPN.
What is Unbound recursive DNS?
Unbound resolves DNS directly from the root servers without third‑party DNS.
Can I troubleshoot issues with zero‑log enabled?
Yes, but it is harder. Logging can be temporarily enabled for diagnostics.