How to run Netgear Orbi with Pi Hole (Raspberry Pi 4)

The WiFi mesh systems have brought simplicity in the home network management and minimalism in design, but, while this is a blessing for most users, it can become a major source of annoyance when trying to run some advanced applications or more complex network configurations. Unlike some of its peers, the Netgear Orbi has offered a lot more features and a better control for its users, especially through the web-based interface (one element that seems to be at the risk of extinction), so I decided to try and run the Netgear Orbi system along with Pi-Hole which was installed on a Raspberry Pi 4.

pi-hole-netgear-orbi

It’s worth noting that the Netgear Orbi has underwent some major ‘structural’ changes, going from the initial hub-and-spoke approach to fully embracing the inter-node communication and this has caused it to become unstable for a surprisingly long amount of time, but in the end, Netgear seems to have yet again managed to stabilize the tri-band WiFi system, so this shouldn’t interfere in any way with the third-party ad-blocker. This is the third system that I have connected to the Pi-Hole and, while the AmpliFi HD GE has played nice, so far, it seems that the Google WiFi has proven to be the most reluctant (and somehow, I’m not really surprised about it).

When compared to the browser-based ad-block extensions, Pi-Hole blocks the ads before they’re even downloaded to your devices, therefore improving both the loading time and the page size, but it does leave behind some blank spaces where the ads are supposed to be. Considering that you can’t whitelist specific websites, but the ad domain, using Pi-Hole, you can only block / unblock a category of ads, so it will show or be blocked for all websites; the browser-based ad-blockers do allow for the individual website ad white-listing, but, considering that Google wants to take the ad blocking from your hands and decide for you which ads will pass-through and which will be blocked (which, in a sense, seems fair if it didn’t come from the Search Engine Giant), the extension-type ad-blockers may become a lot less effective on Chromium browsers (Google Chrome and soon, Microsoft Edge).

pi-hole-raspberry-pi-4

That being said, Pi-Hole is very flexible and can be installed on a virtual machine, being compatible even with some Linux distros, but I decided to use the latest Raspberry Pi 4 (you are free to use the previous gen Pi 3 B+ and even the Pi Zero) and the installation process is a bit complicated, but, if you follow most guide on the web, you should easily get it done in no time. I also wrote a quick guide some time ago on how to install Pi-Hole on a Pi 4, as well as its efficiency as an ad-blocker, so I won’t go through all the details again. Keeping it short, the main steps that you need to take, besides installing the Netgear Orbi, is to put together the Raspberry Pi (there are complete kits available for purchase), get a microSD card and install Raspbian (Buster Lite, the non-GUI variant) on it using a laptop and then insert it into the Pi 4 which, in turn will be connected to the Orbi main unit. At this point, it’s best to identify the IP address of the Raspberry Pi 4 and reserve it.

Option 1: DHCP enabled on Netgear Orbi, DHCP disabled on Pi-Hole.
1. I was surprised to see that I couldn’t reserve the IP address of the Raspberry Pi 4 using the Orbi app and instead, I had to log into the web-based user interface and identify the IP address by going to the Attached Devices (from the Basic set of settings) and scrolling down until I could see the raspberrypi client: next to it, you should be able to to see its IP address, which, in my case, it was 192.168.x.229 (x is your subdomain).

pi-hole-netgear-orbi

Write it down and head to the Advanced section. Here, from the menu on the left, select Setup, followed by LAN Setup and towards the bottom, you should be able to see the Address Reservation area: press on ADD and you will be taken to a new window where you can select the raspberrypi client from the list; press ADD and it should be done. It’s a bit strange that the app doesn’t allow you to perform such a basic setting, considering that I shamed Google for their limited app – thankfully, we do get a proper web-based UI from Netgear.

pi-hole-netgear-orbi

pi-hole-netgear-orbi

2. At this point, you should SSH into the Pi 4 and install Pi-Hole (the steps are noted in the ‘Should you use Pi-Hole for blocking ads?’ article or you can simply follow other, more comprehensive guides from the web) and after that’s done, it’s time to make Pi-Hole your DNS server. To do so, you need to once again log into the web-based UI (the app is useless in this regard) and, from Advanced, navigate to Setup and select Internet Setup. Here, identify the Domain name Server (DNS) Address section and select ‘Use These DNS Servers’, where you will enter the IP address of the Pi-Hole for the Primary and Secondary DNS; then press Apply. Now, you should be able to enter the Pi-Hole GUI (pi.hole) and adjust the ad-blocking process to your liking. Unfortunately, if you go to Query Log, you will see that, despite using multiple clients, all the traffic will be registered as coming from 192.168.x.1, regardless of the client and, if you’re fine with that, stop here, otherwise, we need to enable DHCP on Pi-Hole.

pi-hole-netgear-orbi

Option 2: DHCP disabled on Netgear Orbi, DHCP enabled on Pi-Hole.
1. On the first step, you need to enable DHCP on Pi-Hole, so head up to the Pi-Hole GUI, log into it and from the Settings (the vertical menu on the left), click on DHCP: here, you need to enable the DHCP server and select a large ‘Range of IP addresses to hand out’ (I went with 192.168.x.2 to 192.168.x.254), while the ‘Router (gateway) IP address’ should remain 192.168.x.1. After that click Save and head to the Netgear web-based UI.

pi-hole-netgear-orbi

2. After gaining access to the Orbi web-based UI, click on Advanced and, from under Setup, select LAN Setup. This will show the LAN Setup window on the right and here, simply untick the ‘Use Router as DHCP Server’ and click Apply.

pi-hole-netgear-orbi

Wait a few seconds and then go back to the Pi-Hole GUI: now, when you click on the Query Log, you should be able to see each client by either name or IP address and easily identify what domains are being accessed by individual devices. Furthermore, even if the clients were connected to the satellite Orbi, it would still have its ads blocked by Pi-Hole and it will appear as an individual client (with its name) in the Query Log.

pi-hole-netgear-orbi

0 0 votes
Article Rating
Subscribe
Notify of
5 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
atomicbird

One other issue with option 1 is that at least some Orbis (mine is an RBR-50) will flood the pi-hole with DNS SOA requests. This doesn’t interfere with the pi-hole’s operation, but if you look at the pi-hole dashboard you’ll see far more queries than make sense from your internet activity, and the “query types” pie chart will be dominated by meaningless SOA data.

Worse though, is that the query log will also be dominated by SOA queries, making it hard to get useful information from the log.

You can fix the query log (if it matters to you) by editing /etc/pihole/pihole-FTL.conf on the pi-hole and adding a line reading “ANALYZE_ONLY_A_AND_AAAA=true”. The dashboard info isn’t affected by this though.

Trebz

Thanks for this post. Very helpful! I am only one day into pi-hole with my Orbi setup, and I have run into a few of the normal issues.

One being a shopping site not being able to put items in the cart, as the button was blocked, and the second being the NBC app crashing on my AppleTV. I will have to figure out what to whitelist for that one.

I was wondering, is there a possible way to have the guest network not filtered by the pi-hole? It would just be easiest for be to have my main systems/devices filtered, but I don’t think I will ever be done whitelisting sites, etc. It would be great if guests and neighbors that use our guest wifi from the Orbi have everything function as normal. Slow, heavily ad-tracked normal.

If not, I may have to consider turning this off as the benefits do not outweigh the headaches it may potentially cause. Thanks for any insight you can provide.

mauricio

Hi, my friend? How are you? I have the same scenario on my network, Pihole + Orbi. How do I not show my Orbi’s IP address in the Pihole logs, but the clients’ Ips with the IPv6 version? Do I have to enable DHCP version 6 on Pihole? Have you ever done that?

5
0
Would love your thoughts, please comment.x
()
x