IPVanish & Pihole

This isn't too pressing of an issue. But I'm stuck and if anyone could help that would be awesome.

So I have my pihole configured normally. DNS mapped through the router's UI.

I have the IPVanish software on my computer and running. But it tunnels out of my network so I don't get the advantages of having pihole and using the VPN simultaneously. If I want encryption I connect to the VPN. if I want adblocking I disconnect from the VPN..

So my question is..

Is there a way to use them both? Get the advantages of encryption with adblocking?

Thanks guys.

Why not?
The procedure would be to bypass the IPVanish software for DNS queries only. I do something similar (but reversed): I let my clients push all DNS traffic through the VPN tunnel to my Pi-hole at home but everything else is going straight to the Internet to not experience the VPN on the Raspberry as bottleneck (I have a GBit Internet connection).

Which OS do you run? On Linux (Ubuntu and similar) I can describe what I did. For Win and Mac I cannot be of much help.

Haha I'm using Windows 7 64-bit.

Bypass IPVanish for DNS queries only?

I'm not even sure how to begin with that.. Would it take software to do? Or is that something I can configure through Windows network?

Anyone? I'm in a jam here...

How can I use my VPN with Pihole's adblocking?

What you are looking for can be easily achieved when you have full control over your VPN setup. However, with the provider IPVanish, this does not seem to be the case.

Else than that, I cannot comment if you could hack into Win's system. You could experiment with setting the IP address of the DNS server manually in the IPVanish adapter configuration in Win. But please don't ask for a step-by-step guide, since I cannot provide this.

I'm not asking you personally. I'm asking anyone who can help me find the answer. I've been reading all day and searching non stop trying to find out who I can do this.

I just want to use the pihole with the IPVanish VPN while I'm at home. I know if I had full control over the VPN I could do this. But this is out of my element which is why I'm asking if anyone can enlighten me on how to fix my issue.

I can configure the IPVanish software to use a 3rd party DNS but I can't use my local IP for the Pihole. I have to chose a DNS server out of my network cause using the local IP for the pi doesn't work with the software.

My brain is fried and I can't find anything on google that can help me. I don't want to lose what I have with the pihole when I use my VPN.

I posted this one before already for changing windows DNS on the fly:

netsh interface ip set dns name="Local Area Connection" source=static addr=10.0.0.1

But you need figure out if IPvanish creates an interface and how its named with:

ipconfig /all

And probably you need to run as administrator to change network settings.

And below one might be useful:

route PRINT

This looks promising, thank you I'll give this a shot when I get back to my desk. I have UAC disabled so CMD always runs as admin.

The

source=static addr=x.x.x.x

This is where I'd put my DNS for my pi, correct?

Yup but check first how the interfaces are named for the proper name="Local Area Connection" bit and see what DNS IP address is assigned once the VPN is up:

ipconfig /all

If you create two text documents on your desktop and rename them into:

"Pi-ON-Hole.cmd"
&
"Pi-OFF-Hole.cmd"

:wink:

You can drop that command in both files with each pointing to different DNS servers, either the Pi-Hole one or the one(or more) from IPvanish.

One thing I didn't mention is that when I use the IPVanish software, it makes it own adapter "Local Area Connection 2" which is separate from my "Local Area Connection" which is my ethernet port. The IP's and subnets are different. Assigning my pi's ip to the "Local Area Connection 2" adapter breaks the DNS and it won't load any webpages.

I know the IP sets are different between each adapter which is why I can't use my pi's ip on "Local Area Connection 2" My VPN's virtual adapter. Is there a way around this?

This screenshot is with IPVanish running. At the moment I'm using OpenNIC DNS which is the same DNS assigned into my pi.

Yes you can get both encryption and pihole adblocking simultaneously. I do. Consider setting up your VPN on your router where you can fine tune how the VPN handles DNS. It may require you to flash a custom firmware on your router to do this. Look for a setting "Accept DNS Configuration" or something similar.

I'm running Tomato shibby.. I was curious about using that feature.. But I'm not familiar with that feature on my router.

The setting I have is in VPN Tunneling and I can chose OpenVPN to configure. I don't think I can get this to sign in?

What is your setup?

I use Merlin firmware and my VPN is configured using an OpenVPN Client.

Alright, I have everything configured through my router. I'm signed into my VPN using OpenVPN through the firmware of my router....

I see the "Accept DNS configuration" and the walkthrough I used has it set to "Strict" What setting would be best to use the DNS I specified in my router already? (my pi)

Thanks again for everything so far. That was a great suggestion.

One issue is that I do hosting so I'm going to have to change everything and bind it to it's home socket. But no biggie.

I use Relaxed. Here are the definitions as I understand them:

Disabled = DNS servers sent by VPN-provided DNS server are ignored
Relaxed = DNS servers sent by VPN-provided DNS server are prepended to the current list of DNS servers, of which any can be used
Strict = DNS servers sent by the VPN-provided DNS server are prepended to the current list of DNS servers, which are used in order (existing DNS servers are only used if VPN-provided ones don't respond)
Exclusive = only the VPN-provided DNS servers are used

One more thing. I use a DDNS service though FreeDNS... Now that I have this setup. I can't log into my router using my DDNS service.

Is there a fix for this?

I don't know. Perhaps someone else can chime in...

I fixed the DDNS issue...

But all of my port forwarding doesn't work. This is only for the local device.. I have to use my local IP ranges to access my internal network instead of being able to access them through the DDNS..

The good news. Pihole and the VPN are both working.

Nice you could fix it with the router firmware and is way better solution.
But if you are not able to do this with your router firmware, this guy with handle Ashly Ross explains alternative using that netsh commmand:

I don't believe there is a way to prevent it from happening, apart from statically assigning the DNS servers on the VPN connection.

To change the order in which DNS servers are queried, one is supposed to be able to change the interface binding order as per windows - Active available dns servers - Super User, but that doesn't seem to affect VPN connections in my personal testing on Windows 7; I've confirmed that my VPN connection is consistently added to the top of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Linkage\Bind list, regardless of the interface binding order settings.

However, you can reset the DNS changes after the VPN connection is established.
Collecting Information

Open up a command prompt (Start -> Run... -> cmd) and then run "netsh interface ipv4 show dnsservers". You will see output similar to the following:

Configuration for interface "My VPN"
Statically Configured DNS Servers: 11.22.33.44
55.66.77.88
...

Configuration for interface "Local Network Connection"
DNS servers configured through DHCP: 192.168.0.1
192.168.0.2
...

You need the interface name for the VPN, and optionally your non-VPN connection's first DNS server. In this example, they are My VPN and 192.168.0.1, respectively.
Setting It All Up

Option 1: Disable VPN DNS

Assuming you don't need your VPN's DNS servers at all, you can simply run the following in the command prompt:

netsh interface ipv4 delete dnsservers name="" address=all validate=no

Eg: netsh interface ipv4 delete dnsservers name="My VPN" address=all validate=no

If you run netsh interface ipv4 show dnsservers again, you will see that the DNS servers associated with the VPN have been removed; your non-VPN connection's DNS servers will be used to resolve hostnames.

Option 2: Supplement VPN DNS

If you need your VPN's DNS servers to resolve intranet hostnames, you can run the following in the command prompt:

netsh interface ipv4 add dnsservers name="" address= index=1 validate=no

Eg: netsh interface ipv4 add dnsservers name="My VPN" address=192.168.0.1 index=1 validate=no

In this case, netsh interface ipv4 show dnsservers will show that your non-VPN connection's first DNS server has been added to the top of the list of your VPN's DNS servers. It will be used to resolve hostnames first, and if unsuccessful, fall back to using your VPN's regular DNS servers.