Setting Up an Ad Blocker + VPN with Tailscale + NextDNS + AWS

Introduction

In today's digital world, privacy and security are paramount. Tailscale and NextDNS are two powerful tools that can help you protect your online data and improve your browsing experience.

This guide will walk you through setting up Tailscale and NextDNS on AWS, and show you how to use Tailscale as an adblocker and VPN.

Prerequisites

• Brain and Common Sense
• AWS account
• Amazon EC2 instance
• Tailscale account
• NextDNS account

Benefits

• Enhanced privacy and security
• Ad-free browsing
• Malware protection
• Secure remote access to your home network

Target Audience

This guide is for anyone seeking to set up Tailscale and NextDNS on AWS or utilize Tailscale as an adblocker or VPN.

A - Create a NextDNS Account

1. Head to NextDNS Website
   

2. Open an account (Do I need to say this? :p)

3. Head to my.nextdns.io. This is how the main page is supposed to look.
   

B - Create a TailScale Account

1. Head over to Tailscale Website
   

2. Login with Google (best :0)! This is how the Admin Console looks here (while writing the guide)!
   

3. This is the welcome page. It is waiting for your first device!

Click on Skip this introduction ->. This will open the Machines section. All your connected devices will appear here!

C - Connecting NextDNS to Tailscale

1. Remember the NextDNS Profile created in Step A? Well, head over to my.nextdns.io and note the ID under Endpoints section. It is d3f9dd in my case.
   (It is showing 'using another profile' because I am already conected while writing the guide. It will show you 'Not Connected' alongwith a Red Dot)
   

2. Get back to Tailscale tab! Head over to DNS section
   

3. Right there in DNS section, scroll down and see Nameservers subsection. Now look for Add Nameservers dropdown menu (locatable under Global Nameservers). Click on it, from the dropdown select NextDNS.
   

4. It will ask for NextDNS Endpoint, which is the NextDNS ID you just copied in Step 1! Click on Save!
   

5. Turn on Override Local DNS (sitting right to Global Nameservers)
   
   VOILA!! You have successfully connected NextDNS to Tailscale!
   What does it means? You can just download Tailscale on your devices and sign-in with the Tailscale account.

D - Connecting your device(s) to Tailscale

Tailscale has a very intuitive guide on setting up your device. Follow that guide to set-up Tailscale on your device.

Once you have done setting up your device, verify the connection.

1. Verify NextDNS working or not

On the same device where you have set up Tailscale, login to your NextDNS account . A succesful deployment will look like this.

2. Verify using NextDNS Test Page

Head over to NextDNS Test. You will see a response page which gives the status of your connection alongwith other important information.

E - Setting up NextDNS as an Adblocker

THE REAL FUN BEGINS!!
Our first target and priority is to setup an Adblocker. The VPN accomplishes our priority in an easier way by setting up a local home server where we have all our devices interconnected (peer) and we can easily hide our identity and protect ourselves in public networks with some more steps (will be covered in following steps)

I am providing a Github Repo which details on setting up NextDNS for an ad-free and hassle-free experience.
Link to the repo - https://github.com/yokoffing/NextDNS-Config/blob/main/README.md
(small suggestion - Turn on AI-Driven Threat Detection)

- Verify whether AdBlocker is working or not.

Head over to https://d3ward.github.io/toolz/adblock.html and check the score.

I have a score around 93% which is really impressive!

- Free? Or Paid??

No Good things are free in this world!

Whoever said this (or I made this up :p) is true. NextDNS is free only for 300K requests per month! Sounds like a big number? Well it took me only 2 and a half days to reach this limit. :(

You have two options -

1. Buy the NextDNS Premium Plan

2. Contact me to get NextDNS Premium access at a very reasonable price (like you buying me a roadside coffee)!

F - Setting up tailscale on Cloud Computer

You are free to choose the Cloud Provider
We will be using AWS for setting up a Cloud Computer. Setup EC2 instance (Free Tier is enough). Select Ubuntu LTS 22.04 as OS since it is easier for newbies.
Once you have successfully created an instance, run these commands.

• Install Tailscale by running the folowing script

  curl -fsSL https://tailscale.com/install.sh | sh

• Turn on IPv4 forwarding

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf

• Turn on IPv6 forwarding

echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf

• Re-execute the sysctl conf file

sudo sysctl -p /etc/sysctl.conf

• Login to Tailscale account

sudo tailscale up --advertise-exit-node

• This will print an URL which you can copy and paste it on browser window which will login your cloud instance with your tailscale account.

• Edit Route Settings for your Cloud Instance on Tailscale. Head over to Tailscale Dashboard and adjust the route by clicking on Edit Route Settings for your recently created Cloud Machine. ( My Cloud Instance is renamed to 'aws'. For you it will be different, something like 'ubuntu-s-')
  
  Turn on Exit Node as per the screenshot.
  

• On your different device(s), use this Cloud as Exit Node and route all your traffic through this cloud machine. Your location will be decided as per the location of your Cloud Instance.
  This is how it looks here -

G - Verify whether the VPN with Exit Node is working or not

I have my Exit Node set to AWS which has the following IP 100[dot]106[dot]64[dot]134

and my current device is archlinux which has the following IP 100[dot]123[dot]75[dot]2

Now if I check the response page at NextDNS Test, I can see the devicename is set to aws and the deviceIP is set to 100.106.64.134 regardless of my device's IP is 100.123.75.2. This signifies that the Internet actually thinks my device is aws and not archlinux.
Thus we have set our VPN successfully.

H - Privacy --- Do You Speak It???

Do follow these steps to align with more privacy when online.

• Switch the log Storage location to Switzerland in NextDNS
• Set Quad9 as the default DNS on your Cloud Computer

Recap

I wrote this guide, making it easier to write and understand. If you feel any problem or if you are here to suggest an improvement, feel free to contact me.