This looks promising, thank you I'll give this a shot when I get back to my desk. I have UAC disabled so CMD always runs as admin.
The
source=static addr=x.x.x.x
This is where I'd put my DNS for my pi, correct?
Yup but check first how the interfaces are named for the proper name="Local Area Connection" bit and see what DNS IP address is assigned once the VPN is up:
ipconfig /all
If you create two text documents on your desktop and rename them into:
"Pi-ON-Hole.cmd"
&
"Pi-OFF-Hole.cmd"
You can drop that command in both files with each pointing to different DNS servers, either the Pi-Hole one or the one(or more) from IPvanish.
One thing I didn't mention is that when I use the IPVanish software, it makes it own adapter "Local Area Connection 2" which is separate from my "Local Area Connection" which is my ethernet port. The IP's and subnets are different. Assigning my pi's ip to the "Local Area Connection 2" adapter breaks the DNS and it won't load any webpages.
I know the IP sets are different between each adapter which is why I can't use my pi's ip on "Local Area Connection 2" My VPN's virtual adapter. Is there a way around this?
This screenshot is with IPVanish running. At the moment I'm using OpenNIC DNS which is the same DNS assigned into my pi.
Yes you can get both encryption and pihole adblocking simultaneously. I do. Consider setting up your VPN on your router where you can fine tune how the VPN handles DNS. It may require you to flash a custom firmware on your router to do this. Look for a setting "Accept DNS Configuration" or something similar.
I'm running Tomato shibby.. I was curious about using that feature.. But I'm not familiar with that feature on my router.
The setting I have is in VPN Tunneling and I can chose OpenVPN to configure. I don't think I can get this to sign in?
What is your setup?
I use Merlin firmware and my VPN is configured using an OpenVPN Client.
Alright, I have everything configured through my router. I'm signed into my VPN using OpenVPN through the firmware of my router....
I see the "Accept DNS configuration" and the walkthrough I used has it set to "Strict" What setting would be best to use the DNS I specified in my router already? (my pi)
Thanks again for everything so far. That was a great suggestion.
One issue is that I do hosting so I'm going to have to change everything and bind it to it's home socket. But no biggie.
I use Relaxed. Here are the definitions as I understand them:
Disabled = DNS servers sent by VPN-provided DNS server are ignored
Relaxed = DNS servers sent by VPN-provided DNS server are prepended to the current list of DNS servers, of which any can be used
Strict = DNS servers sent by the VPN-provided DNS server are prepended to the current list of DNS servers, which are used in order (existing DNS servers are only used if VPN-provided ones don't respond)
Exclusive = only the VPN-provided DNS servers are used
One more thing. I use a DDNS service though FreeDNS... Now that I have this setup. I can't log into my router using my DDNS service.
Is there a fix for this?
I don't know. Perhaps someone else can chime in...
I fixed the DDNS issue...
But all of my port forwarding doesn't work. This is only for the local device.. I have to use my local IP ranges to access my internal network instead of being able to access them through the DDNS..
The good news. Pihole and the VPN are both working.
Nice you could fix it with the router firmware and is way better solution.
But if you are not able to do this with your router firmware, this guy with handle Ashly Ross explains alternative using that netsh commmand:
I don't believe there is a way to prevent it from happening, apart from statically assigning the DNS servers on the VPN connection.
To change the order in which DNS servers are queried, one is supposed to be able to change the interface binding order as per windows - Active available dns servers - Super User, but that doesn't seem to affect VPN connections in my personal testing on Windows 7; I've confirmed that my VPN connection is consistently added to the top of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Linkage\Bind list, regardless of the interface binding order settings.
However, you can reset the DNS changes after the VPN connection is established.
Collecting Information
Open up a command prompt (Start -> Run... -> cmd) and then run "netsh interface ipv4 show dnsservers". You will see output similar to the following:
Configuration for interface "My VPN"
Statically Configured DNS Servers: 11.22.33.44
55.66.77.88
...
Configuration for interface "Local Network Connection"
DNS servers configured through DHCP: 192.168.0.1
192.168.0.2
...
You need the interface name for the VPN, and optionally your non-VPN connection's first DNS server. In this example, they are My VPN and 192.168.0.1, respectively.
Setting It All Up
Option 1: Disable VPN DNS
Assuming you don't need your VPN's DNS servers at all, you can simply run the following in the command prompt:
netsh interface ipv4 delete dnsservers name="" address=all validate=no
Eg: netsh interface ipv4 delete dnsservers name="My VPN" address=all validate=no
If you run netsh interface ipv4 show dnsservers again, you will see that the DNS servers associated with the VPN have been removed; your non-VPN connection's DNS servers will be used to resolve hostnames.
Option 2: Supplement VPN DNS
If you need your VPN's DNS servers to resolve intranet hostnames, you can run the following in the command prompt:
netsh interface ipv4 add dnsservers name="" address= index=1 validate=no
Eg: netsh interface ipv4 add dnsservers name="My VPN" address=192.168.0.1 index=1 validate=no
In this case, netsh interface ipv4 show dnsservers will show that your non-VPN connection's first DNS server has been added to the top of the list of your VPN's DNS servers. It will be used to resolve hostnames first, and if unsuccessful, fall back to using your VPN's regular DNS servers.
Thanks a bunch! I've learned a lot so far. I think I eat.
I do hosting. And I access all of my web management through my public IP address. I use my DDNS to access all of my webadmins.. When I am using this method using the router's firmware. I can't use my DDNS name to access all of the devices on my network. If I disconnect from the VPN everything works like normal. While connected to the VPN I have to use all of my local ranges "192.168.x.x" and such.
I can access my network from outside using the DDNS. I just can't do it with a device on my network that is connected with the VPN. I can't use my DDNS to access my internal network locally. But I can without the VPN
I was just wondering. Is there a way to fix this loopback issue while connected to the VPN through the router?
This is more of an annoyance than it is a necessary fix. But it would be nice to know how to fix this because it's just one of those things I haven't figured out yet..
Thanks again everyone for all the help. Really.
Never used DDNS but maybe worth checking:
route PRINT
and
nslookup pi.hole
Is that information you want me to post or is that just a place you suggest I look?
Both.
I dont understand, looking at nslookup command, Pi-Hole working for you if your Windows DNS address is not pointing to that of the Pi-Hole DNS service?
EDIT: but obviously it does resolve via Pi or it wouldnt return IP 
Not sure but looks like you miss default route/gateway once connected.
To add a default route using the VPN interface:
route add 0.0.0.0 mask 0.0.0.0 172.21.22.203
Check with:
route print
To delete the default route again if not working:
route delete 0.0.0.0 mask 0.0.0.0
Sorry i see now, you already got default gw:
0.0.0.0 0.0.0.0 65.x.x.x ....
I'm still working out a few kinks. But I just wanted to thank you and everyone for all the pointers. They helped a lot.
Man this really sucks ..... This is way too much hassle to go through just to make a VPN work with Pi-hole
Who has the time for all this?
It kind of defeats the main purpose of computers, making your life easier ...... I'm sure that will get some panties in a twist but it's the truth none the less