Hi.

I did try to setup Pi-hole + Openvpn, but when I select "Listen on all interfaces, permit all origins" in the admin interface and reboot my pi all or DNS is gone on pc! My VPN working fine. And it works fine if I'm not using the pi-hole as DNS server

I can fine ping google.dk from my pi-hole (SSH console)

ping google.dk
PING google.dk (172.217.20.99) 56(84) bytes of data.
64 bytes from fra02s28-in-f3.1e100.net (172.217.20.99): icmp_seq=1 ttl=52 time=20.8 ms
64 bytes from fra02s28-in-f3.1e100.net (172.217.20.99): icmp_seq=2 ttl=52 time=21.6 ms
64 bytes from fra02s28-in-f3.1e100.net (172.217.20.99): icmp_seq=3 ttl=52 time=21.1 ms
64 bytes from fra02s28-in-f3.1e100.net (172.217.20.99): icmp_seq=4 ttl=52 time=22.0 ms

But on my pc, when i using pi-hole as dns server i get this when i try to ping google.dk

Ping request could not find host google.dk. Please check the name and try again.

But if i ping google ip its working fine

C:\Users\msn>ping 172.217.20.99

Pinging 172.217.20.99 with 32 bytes of data:
Reply from 172.217.20.99: bytes=32 time=24ms TTL=52
Reply from 172.217.20.99: bytes=32 time=22ms TTL=52
Reply from 172.217.20.99: bytes=32 time=22ms TTL=52
Reply from 172.217.20.99: bytes=32 time=22ms TTL=52

My /etc/pihole/setupVars.conf look like this

PIHOLE_INTERFACE=eth0
PIHOLE_INTERFACE=tun0
IPV4_ADDRESS=192.168.1.121/24
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB=true
LIGHTTPD_ENABLED=1
WEBPASSWORD=**************************
DNSMASQ_LISTENING=all
PIHOLE_DNS_1=8.8.8.8
PIHOLE_DNS_2=8.8.4.4
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false

• I Have not set up any firewall rules!
• I did try to reboot pi (many times)
• I have try to reinstall pihole with "pihole -r"

Your debug token is: 48xluo08pq

EDIT.. I have followed this guide here: See my PiHole enabled OpenVPN Server

Hope someone can help me!

I'll take a look, in the meantime, check out GitHub - pi-hole/pi-hole: A black hole for Internet advertisements and see if that has any hints to help you out.

Looks like there are some misconfigurations in the network setup:

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the tun0 interface:
   10.8.0.1/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

[✓] IPv6 address(es) bound to the tun0 interface:
   fe80::4c14:3e85:22f5:62bf does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

   ^ Please note that you may have more than one IP address listed.
   As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.

   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.

[i] Default IPv4 gateway: 192.168.1.254
   * Pinging 192.168.1.254...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)

[i] Default IPv6 gateway: fe80::1
   * Pinging fe80::1...
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)

Have a look at the linked URLs and let us know if they aren't able to fix the issue.

Are you sure dnsmasq is working/running on the pihole?
Your PI does not use pihole when you ping google.dk or browse the internet.

Any errors from dnsmasq if you restart the service on console?
setupvars is not the dnsmasq config.
The rwal conf files are normaly in /etc/dnsmasq.d/

On a pc: what happens if you start nslookup in cmd.

[quote="DanSchaper, post topic:7028, full:true"]
Looks like there are some misconfigurations in the network setup:

Hi,

if I run

it finds the correct network gateway.

ip -4 route | grep default | cut -d ' ' -f 3

I get

192.168.1.254

Can I fine ping the gateway from the pi

pi@Pi-Hole-Server1:~ $ ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.951 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=0.766 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=64 time=0.746 ms
64 bytes from 192.168.1.254: icmp_seq=4 ttl=64 time=0.790 ms

I have disabled ipv6 by going to "/boot/cmdline.txt" and entered "ipv6.disable=1"

Here are my network config:

A sample configuration for dhcpcd.

See dhcpcd.conf(5) for details.

Allow users of this group to interact with dhcpcd via the control socket.

#controlgroup wheel

Inform the DHCP server of our hostname for DDNS.

hostname

Use the hardware address of the interface for the Client ID.

clientid

or

Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.

Some non-RFC compliant DHCP servers do not reply with this set.

In this case, comment out duid and enable clientid above.

#duid

Persist interface configuration when dhcpcd exits.

persistent

Rapid commit support.

Safe to enable by default because it requires the equivalent option set

on the server to actually work.

option rapid_commit

A list of options to request from the DHCP server.

option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes

Most distributions have NTP support.

option ntp_servers

Respect the network MTU. This is applied to DHCP routes.

option interface_mtu

A ServerID is required by RFC2131.

require dhcp_server_identifier

Generate Stable Private IPv6 Addresses instead of hardware based ones

slaac private

Example static IP configuration:

#interface eth0
#static ip_address=192.168.0.10/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
#static routers=192.168.0.1
#static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1

It is possible to fall back to a static IP if DHCP fails:

define static profile

#profile static_eth0
#static ip_address=192.168.1.23/24
#static routers=192.168.1.1
#static domain_name_servers=192.168.1.1

fallback to static profile on eth0

#interface eth0
#fallback static_eth0

interface eth0
static ip_address=192.168.1.121/24
static routers=192.168.1.254
static domain_name_servers=127.0.0.1

dnsmasq running status efter restart of dnsmasq

pi@Pi-Hole-Server1:~ $ sudo systemctl restart dnsmasq
pi@Pi-Hole-Server1:~ $ sudo systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-02-07 10:12:56 CET; 3s ago
Process: 2886 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 2944 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 2935 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 2932 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 2943 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─2943 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service

Feb 07 10:12:55 Pi-Hole-Server1 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Feb 07 10:12:55 Pi-Hole-Server1 dnsmasq[2932]: dnsmasq: syntax check OK.
Feb 07 10:12:56 Pi-Hole-Server1 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

Here are the config 1-> /etc/dnsmasq.d/01-pihole.conf

###############################################################################

FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.

ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE

IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:

/etc/pihole/setupVars.conf

ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE

OR IN /etc/dnsmasq.conf

###############################################################################

addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list

localise-queries

no-resolv

cache-size=10000

log-queries
log-facility=/var/log/pihole.log

local-ttl=2

log-async
server=8.8.8.8
server=8.8.4.4
domain-needed
bogus-priv
except-interface=nonexisting

Here are the config 2-> /etc/dnsmasq.d/02-vpn.conf

interface=tun0

Nslookup on my pc

C:\Users\msn>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 192.168.1.121

Seems DNSMASQ only has tun0 as interface
You can only use the Interface statement once in all conf.files
While your pc tries to find dns server on 192.168.1.121
Try to add eth0 in your 02 conf and test.
Another test is to remove the exept-interface from the 01 conf

Any readon you need the tunnel for DNS?

Hi.

Its fix my problem by adding interface=eth0

Thanks a lot! Your are the best

Any readon you need the tunnel for DNS?

Dont know! IM a noob.. just trying to flollow some guides.

How to remove?

Hi,

Welcome.
If you do not need the VPN or tunnel, its probably best to take a fresh rasp image and use the default pihole setup.
Setup your raspberry first with a fixed ip4 address. Or program your dhcp server (your router..?) to assign the same ip always (192.168.1.121) to your raspberry.

Update the pi's os.:
sudo apt-get update
sudo apt-get upgrade

Then do a fresh pihole install with the bash found command on the frontpage of pihole.
If you have a normal house setup, you probably do not need the tunnel.
If your isp supports native ipv6 and your router sends out a ip6 network config, please be aware IPv6 is used first for DNS lookups. (And so bypassing ipv4 dns pihole filter)
In that case you need to configure your router to send out the ipv6 address of your pihole as ipv6 dns server or not send any DNS ipv6 information.
Not all routers can do that. Might need to look for a button called advanced view or something on your router.

Pihole will tell ipv6 info (DNS lookup) to your clients as well. So you do not need a separate ipv6 DNS server.

Hey @Jeroen1

Thanks for your explanation! I have found out that's is good to run OpenVPN when using mobile/tablet out of the house...

I think i keeping it