Skip to main content

Homelab - Part 1 - Basic network

·533 words·3 mins· loading · loading · · Draft
Homelab network wireguard vpn pi-hole
mov al, 11
Table of Contents
Homelab - This article is part of a series.
Part 1: This Article

Let me guide you through my journey for a simple homelab.


The idea of this article is to document how I did things and why, and to help me remember how to setup X and Y if needed.


We want to go from a basic setup to something simple:

flowchart TD A[Internet] --> B[IAP box] B --> C[LAN]
flowchart TD A[Internet] --> B[IAP box] B --> C[pi-hole] C --> D[LAN]

Doing so will allow us to manage and customize our network using our pi-hole, it will be the authority for many core services such as DNS or DHCP.

In the future I will show different setups and how I did them.

Setup your IAP box

In order to setup our network, we will need to do some tweaks:

  • Force a static IP for our pi-hole
  • Set the DNS to our pi-hole
  • Disable the DHCP to let our pi-hole do it

Depending on your model and provider those steps will be different, google is your friend.

Install pi-hole

First, assing a static IP on your machine if you can’t set a static lease on your internet box.

I installed pi-hole on a RPI4 using pip install pi-hole (depending on your setup you will want to RTFM instead).

Setup pi-hole

The setup wizard is very easy to use and understand, once again if stuck, go check the doc.

Once all setup you will want to manage your DHCP: change the IP range, set the local domain, set static leases… Don’t forget to set your gateway to your internet box.

You can then add new DNS blacklist to block more ads domains.

You should be ready to go by now, all your connected devices will use the pi-hole, once their previous DHCP lease expire.

Setup wireguard

Now that your local devices are safer from ads, you want to be able to block those from anywhere, and manage your local network remotely.

apt install wireguard


 1# generate keys
 2wg genkey > wg.key
 3cat wg.key | wg pubkey >
 5# create conf
 6cat <<EOF > /etc/wireguard/wg.conf
 8Address =
 9SaveConfig = true
10ListenPort = 51820
11PrivateKey = <priv key in wg.key>
14PublicKey = <peer pub key in>
15AllowedIPs =
18# allow forwarding
19cat 'net.ipv4.ip_forward = 1' > /etc/sysctl.conf
21# enable wg
22systemctl enable --now wg-quick@wg
24# check for service
25wg show


 1# generate keys
 2wg genkey > home.key
 3cat home.key | wg pubkey >
 5# create conf
 6cat <<EOF > /etc/wireguard/home.conf
 8PrivateKey = <priv key in home.key>
 9Address = # same as Peer.AllowedIPs in server's config
10DNS = # use pi-hole
13PublicKey = <server pub key in>
14AllowedIPs =
15Endpoint = <your box IP>:<forwarded port>

Internet box

  • Put your pi-hole in DMZ
  • Create NAT/PAT rule for a port forwarding
    • From your box to pi-hole’s wireguard port

Once everything is setup, on your client: wg-quick up home should connect you to your local network.

Also, you should be able to manage your local machines: firefox http://pi.lan/admin should lead you to your pi-hole interface.

Homelab - This article is part of a series.
Part 1: This Article


🔎 Creating a VM for fun - Part 2: C
·1225 words·6 mins· loading · loading
Custom VM c low-level reverse
Les pyjails pour les débutants
·513 words·3 mins· loading · loading
ctf jail python